Re: [squid-users] Limiting user's bandwidth

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 25 Oct 2010 21:20:55 +0000

On Mon, 25 Oct 2010 08:11:05 -0700 (PDT), Landy Landy
<landysaccount_at_yahoo.com> wrote:
> Amos:
>
> I'm already using tc to do just that:
>
> This is the upload rules:
>
> $tc class add dev eth0 parent 1:3 classid 1:1226 htb rate 141kbit
> ceil 169kbit prio 4
> $tc filter add dev eth0 parent 1:0 protocol ip prio 4 handle 1226
fw
> classid 1:1236
> $tc qdisc add dev eth0 parent 1:1226 handle 1018: sfq perturb 2
>
> I've also tried marking the packets in the INPUT chain. But, haven't had
> any luck.
>

Just to confirm: you are using a recent snapshot tarball of 3.2 beta
releases to do this right? with the packet marking netfilter libraries
built in?

Amos

> --- On Mon, 10/25/10, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
>> From: Amos Jeffries <squid3_at_treenet.co.nz>
>> Subject: Re: [squid-users] Limiting user's bandwidth
>> To: squid-users_at_squid-cache.org
>> Date: Monday, October 25, 2010, 1:34 AM
>> On 25/10/10 03:22, Landy Landy
>> wrote:
>> > Hello everyone.
>> >
>> > A while back I posted here that I was trying to
>> control our user's
>> > bandwidth with iproute. I know it can be done with
>> squid but, didn't
>> > want squid to do more than block some domains and do
>> its caching
>> > which does pretty well. I have a script to control bw
>> and assign each
>> > user 512kbps/256kbps. When I have squid running the
>> control gets
>> > bypassed.
>> >
>> > I was marking packets on the FORWARD chain which
>> caused to the bypass
>> > since the pages are served from the gw by squid
>> instead of just doing
>> > the FORWARD. Now, I did some thinking, and changed the
>> chain marking
>> > the packet to look like this:
>> >
>> > $iptables -t mangle -A POSTROUTING -d 172.16.250.1 -j
>> MARK --set-mark
>> > 1053 $iptables -t mangle -A POSTROUTING -d
>> 172.16.250.1 -j RETURN
>> >
>> > This controls the download bandwidth the way I want
>> it. Works well.
>> > Now, for the upload speed I guess I'm having the same
>> problem as
>> > before. The upload speed does not get controlled. I
>> applied this
>> > chain:
>> >
>> > $iptables -t mangle -A POSTROUTING -s 172.16.250.1 -j
>> MARK --set-mark
>> > 1054 $iptables -t mangle -A POSTROUTING -s
>> 172.16.250.1 -j RETURN
>> >
>> > and the user can upload at full speed.
>> >
>> > Also tried PREROUTING and nothing.
>> >
>> > I need to control upload since I have some users
>> uploading videos,
>> > mp3, and other stuff that consume most of the upload
>> bw.
>> >
>> > Does anyone has an idea how can I control the upload
>> speed?
>>
>> Marking by itself does nothing but set a number on each
>> packets meta
>> data. You need other software which handles the marks and
>> delays packets
>> based on them. "tc" is one such.
>>
>> As you have notice packets which go to Squid are not
>> FORWARDed by the
>> OS. They are received as INPUT to Squid, and sometimes as
>> OUTPUT from
>> the Squid user and process.
>>
>> Amos
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE9 or
>> 3.1.8
>> Beta testers wanted for 3.2.0.2
>>
Received on Mon Oct 25 2010 - 21:21:04 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 26 2010 - 12:00:04 MDT