traffic shaping question.

[S t i n g r a y]

I want to do traffic shaping as per protocol basis so
if i give a certian bandwith to HTTP protocole , isnt
there any way i can diffrenciate between HTTP webpages
& HTTP downloads of huge .iso files ?
i dont want users who are downloading huge files
effect userrs who are only checking their webmails.

is there any way ?

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: traffic shaping question.

[Lars Hansson]

On Tuesday 23 May 2006 18:56, S t i n g r a y wrote:
> I want to do traffic shaping as per protocol basis so
> if i give a certian bandwith to HTTP protocole , isnt
> there any way i can diffrenciate between HTTP webpages
> & HTTP downloads of huge .iso files ?

With pf? No.

---
Lars Hansson 

Re: traffic shaping question.

[Per-Olov Sjöholm]

On Tuesday 23 May 2006 12.56, S t i n g r a y wrote:
> I want to do traffic shaping as per protocol basis so
> if i give a certian bandwith to HTTP protocole , isnt
> there any way i can diffrenciate between HTTP webpages
> & HTTP downloads of huge .iso files ?
> i dont want users who are downloading huge files
> effect userrs who are only checking their webmails.
>
> is there any way ?
>
> *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com

Correct me if I am wrong.. But you can differentiate shaping of traffic of the 
same protocol if it has different Type Of Service. You can for example give 
higher priority to SSH shell and lower the priority of scp bulk file 
transfers as they have different TOS. Don't know if there exist anything like 
it for HTTP (don't think so). If it doesn't exist you probably have to find 
another way (not in PF).

Or you could have the ISO downloads from a different IP.


/Per-Olov
-- 
GPG keyID: 4DB283CE
GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE

Re: traffic shaping question.

[Peter Blair]

I haven't personally tested this, but give it a look:

http://www.whoopis.com/howtos/web-bandwidth-limit.html

Unfortunately it doesn't have the same kind of benefits that altq/pf
provide, but as stated in the previous messages, you'd have to place
your webmail and iso services on different IPs.

On 5/23/06, Per-Olov Sjvholm <[EMAIL PROTECTED]> wrote:

On Tuesday 23 May 2006 12.56, S t i n g r a y wrote:
> I want to do traffic shaping as per protocol basis so
> if i give a certian bandwith to HTTP protocole , isnt
> there any way i can diffrenciate between HTTP webpages
> & HTTP downloads of huge .iso files ?
> i dont want users who are downloading huge files
> effect userrs who are only checking their webmails.
>
> is there any way ?
>
> *:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
> Tired of spam?  Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com

Correct me if I am wrong.. But you can differentiate shaping of traffic of the
same protocol if it has different Type Of Service. You can for example give
higher priority to SSH shell and lower the priority of scp bulk file
transfers as they have different TOS. Don't know if there exist anything like
it for HTTP (don't think so). If it doesn't exist you probably have to find
another way (not in PF).

Or you could have the ISO downloads from a different IP.


/Per-Olov
--
GPG keyID: 4DB283CE
GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE

Re: traffic shaping question.

[Joachim Schipper]

On Tue, May 23, 2006 at 03:56:31AM -0700, S t i n g r a y wrote:
> I want to do traffic shaping as per protocol basis so
> if i give a certian bandwith to HTTP protocole , isnt
> there any way i can diffrenciate between HTTP webpages
> & HTTP downloads of huge .iso files ?
> i dont want users who are downloading huge files
> effect userrs who are only checking their webmails.
> 
> is there any way ?

The answer is, of course, yes. Now, are there any pre-written tools for
this? And can pf do it?

In the latter case, to some extent. You could get somewhere by defining
a queue with high priority but comparatively low bandwidth, which would
be decidedly suboptimal for downloading but pretty nice for surfing sane
web pages[1]. It looks like altq's hfsc could do this.

I can think of various schemes to detect 'a lot of traffic', but I
don't think it's possible to get pf(4)/altq(9) to shift a connection in
the table to another queue. So that isn't going to work.

What just might work, though, especially for a comparatively small
number of clients, is to assign each client its own queue. The cbq
scheduler would be the classical example of a scheduler to use here;
clients can be guaranteed a certain bandwidth, and any bandwidth left
over is fair game ('cbq(borrow)'). This gives the downloaders plenty of
bandwidth to play with, without unduly inconveniencing the surfers.

Joachim

[1] Of course, it's not all that clear whether or not a heavy web page
like Hotmail would benefit all that much from this.

Re: traffic shaping question.

[Peter Blair]

Another alternative is to use
http://httpd.apache.org/docs/1.3/mod/mod_proxy.html#proxypass to proxy
your iso directory to another httpd instance running on a private IP,
eg:

setup your webserver with the regular public IP address(es), and
additionally setup a number of private IP addresses.

Start a webserver (doesn't have to be apache) that binds solely to the
private IP address(es) and configure pf accordinly (only allow in
packets to the private address from whatever address that the public
apache will bind to)

Setup your main server's proxypass to proxy say "/iso" to
"http://10.11.12.13:8080/iso";

And configure altq to limit outgoing traffic on 10.11.12.13.

Mind you, this scheme is completely untested and may not be possible.

On 5/23/06, S t i n g r a y <[EMAIL PROTECTED]> wrote:

I want to do traffic shaping as per protocol basis so
if i give a certian bandwith to HTTP protocole , isnt
there any way i can diffrenciate between HTTP webpages
& HTTP downloads of huge .iso files ?
i dont want users who are downloading huge files
effect userrs who are only checking their webmails.

is there any way ?

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Re: traffic shaping question.

[Christopher Snell]

On 5/23/06, S t i n g r a y <[EMAIL PROTECTED]> wrote:


I want to do traffic shaping as per protocol basis so
if i give a certian bandwith to HTTP protocole , isnt
there any way i can diffrenciate between HTTP webpages
& HTTP downloads of huge .iso files ?


Sure, set your HTTP daemon to listen on two ports (say, ports 80 and
81).  Make the ISO images available through port 81 only and use
traffic shaping to limit bandwidth from that port.

Chris

Re: traffic shaping question.

[Planck]

S t i n g r a y napisaE(a):
> I want to do traffic shaping as per protocol basis so
> if i give a certian bandwith to HTTP protocole , isnt
> there any way i can diffrenciate between HTTP webpages
> & HTTP downloads of huge .iso files ?
> i dont want users who are downloading huge files
> effect userrs who are only checking their webmails.
> 
> is there any way ?

Use hfsc. Define upperlimit for queue, set higher initial bandwidth
assignment and decrease that after some miliseconds. Something like that:
queue http_q hfsc( ecn upperlimit($initial_bw $time_in_ms_d $w_after_time)
br,
Darek

Re: traffic shaping question.

[Jim Capozzoli]

Per-Olov Sjvholm wrote:

On Tuesday 23 May 2006 12.56, S t i n g r a y wrote:

I want to do traffic shaping as per protocol basis so
if i give a certian bandwith to HTTP protocole , isnt
there any way i can diffrenciate between HTTP webpages
& HTTP downloads of huge .iso files ?
i dont want users who are downloading huge files
effect userrs who are only checking their webmails.

is there any way ?

*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around
http://mail.yahoo.com


Correct me if I am wrong.. But you can differentiate shaping of traffic of the 
same protocol if it has different Type Of Service. You can for example give 
higher priority to SSH shell and lower the priority of scp bulk file 
transfers as they have different TOS. Don't know if there exist anything like 
it for HTTP (don't think so). If it doesn't exist you probably have to find 
another way (not in PF).


Or you could have the ISO downloads from a different IP.
Maybe you should give ip aliasing a try (nice howto in the openbsd faq). 
 You could then have servers bind to these aliases, and then control 
how much bandwidth these aliases can use with pf or something.





/Per-Olov


-Jim

Re: traffic shaping question.

[Giancarlo Razzolini]

Planck wrote:
> S t i n g r a y napisaE(a):
>> I want to do traffic shaping as per protocol basis so
>> if i give a certian bandwith to HTTP protocole , isnt
>> there any way i can diffrenciate between HTTP webpages
>> & HTTP downloads of huge .iso files ?
>> i dont want users who are downloading huge files
>> effect userrs who are only checking their webmails.
>>
>> is there any way ?
>
> Use hfsc. Define upperlimit for queue, set higher initial bandwidth
> assignment and decrease that after some miliseconds. Something like that:
> queue http_q hfsc( ecn upperlimit($initial_bw $time_in_ms_d $w_after_time)
> br,
> Darek
>
>
You could use squid to transparently shape the traffic. You can, for
example, redirect all http or https traffic to it, then use delay pools
inside squid. Squid can filter file extensions, urls, and other sorts of
things. I didn't knew about the hfsc solution, i will test it latter. I
use delay pools, and they work greatly.

My 2 cents,

--
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
OpenBSD Stable
Snike Tecnologia em InformC!tica
4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: traffic shaping question.

[S t i n g r a y]

Planck, can you shed some more light here ? or maybe
provide me a link with examples ?


regards
Faisal


--- Planck <[EMAIL PROTECTED]> wrote:

> S t i n g r a y napisaE(a):
> > I want to do traffic shaping as per protocol basis
> so
> > if i give a certian bandwith to HTTP protocole ,
> isnt
> > there any way i can diffrenciate between HTTP
> webpages
> > & HTTP downloads of huge .iso files ?
> > i dont want users who are downloading huge files
> > effect userrs who are only checking their
> webmails.
> > 
> > is there any way ?
> 
> Use hfsc. Define upperlimit for queue, set higher
> initial bandwidth
> assignment and decrease that after some miliseconds.
> Something like that:
> queue http_q hfsc( ecn upperlimit($initial_bw
> $time_in_ms_d $w_after_time)
> br,
> Darek
> 
> 


*:$., 88,.$:*(((*$ Stingray *:$., 88,.$:*((*$
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Re: traffic shaping question.

[Planck]

> Planck, can you shed some more light here ? or maybe
> provide me a link with examples ?

1. man pf.conf (hint hfsc)
2. http://www.openbsd.org/faq/pf/queueing.html (hint HFSC)
3. http://www.cs.cmu.edu/~hzhang/HFSC/main.html

Darek