Author Topic: [SOLVED] bandwith management and fiters: what to use firewall or proxy  (Read 10367 times)

astana

  • Zen Warrior
  • ***
  • Posts: 128
  • Karma: +10/-0
    • View Profile
Re: [SOLVED] bandwith management and fiters: what to use firewall or proxy
« Reply #30 on: October 21, 2013, 09:12:06 am »
Astana,

I'm sorry but the more we discuss and the more I'm lost. Reading one post, I feel like "OK, I understand now what he means" and the next post makes me feel something different.

To summarize my current understanding of what you mean, as this discussion very confusing for me:
- you don't face any problem and you are very happy with pfSense as gateway and Zentyal as HTTP proxy Yes!
- you think Zentyal should propose something else than proxy only in order to provide QoS.No, I don't think Zentyal should provide any more, but I do think the squid method should be a bit clearer as I feel it's a trap for the unsuspecting

Am I correct ? Pretty much!

Assuming I am (although at this stage I'm totally lost), debate is somewhat truncated:
- Zentyal does provide QoS service that is not linked to proxy. Such service obviously works only when Zentyal is used as gateway because it works, as I explained previously, like other QoS implementations, at protocol level. This is why I explained I have never used Zentyal as a gateway, therefore I could not comment on that.
- I don't know any implementation of "QoS per user" Agreed, it does not exist!
- I don't understand what you want to achieve (more) with Squid and I don't think we can have efficient discussion if we endlessly mix up everything That is the whole point of this discussion. It is impossible to do more with squid (and following that with the Zentyal bandwidth tab in the proxy), which can lead to really poor results.

Answers in red

christian

  • Guest
Re: [SOLVED] bandwith management and fiters: what to use firewall or proxy
« Reply #31 on: October 21, 2013, 09:32:28 am »
So what's your proposal and your point  ???
To remove HTTP proxy bandwidth throttling so that you (and other people) don't get confused ?

astana

  • Zen Warrior
  • ***
  • Posts: 128
  • Karma: +10/-0
    • View Profile
Re: [SOLVED] bandwith management and fiters: what to use firewall or proxy
« Reply #32 on: October 21, 2013, 09:39:30 am »
I was never making a proposal for changing the technology, I was giving the OP some information about the balancing that can be done outside of simple squid throttling.
And no, I wouldn't recommend removing the throttling as I'm sure there are legitimate reasons for implementing on a network, however if the reason is hogging/starvation then it's far too blunt a technology to use in a real world network.

I think if you re-read what I wrote carefully (I realise English may not be your first language), then you'll see the question is was asking is WHY and not that I was unhappy with any current options or technologies.

christian

  • Guest
Re: [SOLVED] bandwith management and fiters: what to use firewall or proxy
« Reply #33 on: October 21, 2013, 10:06:22 am »
No matter which way you slice it, squid hasn't got the tools to manage bandwidth allocation in an intelligent way.

I ended up dropping squid management of bandwidth and using a better gateway to divide usage. Result: No more complaints about slow internet, usage almost doubled.

Indeed English is not my mother thong.
I'm reacting to above statement where you explain that Squid can't achieve something fitting your needs and ended up using better gateway, which I (perhaps poorly) understand as "doing it with another gateway [than Zentyal] worked better"

Therefore our confused (to me) and useless (for other) debate.

TTFN.


astana

  • Zen Warrior
  • ***
  • Posts: 128
  • Karma: +10/-0
    • View Profile
Re: [SOLVED] bandwith management and fiters: what to use firewall or proxy
« Reply #34 on: October 21, 2013, 10:12:06 am »
I can see where the confusion came in, but in fact Zentyal has never been my gateway (as explained), and the gateway I had was dumb as a rock, and couldn't divide the bandwidth from my zentyal proxy. I thought I had explained that clearly, so apologies if that wasn't the case!

highjo

  • Zen Apprentice
  • *
  • Posts: 48
  • Karma: +1/-0
    • View Profile
Re: [SOLVED] bandwith management and fiters: what to use firewall or proxy
« Reply #35 on: October 21, 2013, 06:55:17 pm »
OK fellas, I have been reading all your inputs which has been very constructive to me but got a little lost with all the back and forth but was a little looking like a kind of challenge.

Now let's me give you a scenario for you to explain to me how best I can do my QoS. I have 2 connections:
connection 1: shared ,up to 4 M/s but very unstable
connection 2: dedicated , 1M/s a little more stable.

Connection 1 has weight 6 and connection has weight 1 on the gateways section.

I still have internet complains . Even though I applied the bandwidth throttling to 30k/s and set the Maximum unlimited size per client to 1000MB(1GB) to the "all_users" network group which is every IP from 192.168.0.5 to 192.168.0.254. I was surprised this morning to see that i could download via scp a db file of 2GB with speed doing to 200K/s .

It's obvious that I haven't done something right. I will also want to block torrents during office hours. With all that information how do you advise on a better QoS implementation on Zentyal.

I am totally unable to see from zentyal what is wrong with each connection when they are fooling.


Thanks very much

christian

  • Guest
Re: [SOLVED] bandwith management and fiters: what to use firewall or proxy
« Reply #36 on: October 21, 2013, 07:18:18 pm »
Even though I applied the bandwidth throttling to 30k/s and set the Maximum unlimited size per client to 1000MB(1GB) to the "all_users" network group which is every IP from 192.168.0.5 to 192.168.0.254.

Can you confirm (or not) taht such setting has been applied at HTTP proxy level ?

Quote
I was surprised this morning to see that i could download via scp a db file of 2GB with speed doing to 200K/s .

Is this download done using HTTP proxy  ???  ;)

Quote
I will also want to block torrents during office hours.


Layer 7 filter should help you here.