LARTC - May 2002 - Limiting Citrix printing traffic, so ensure interactive sessions

LS,

Spent a lot of this weekend reading about shaping and traffic control.
The Howto is very extensive... :-) I hope to use this list to see if
what I want is possible.

The situation:
- A central (big) Citrix cluster located in Frankfurt (all servers in
one subnet)
- The office in Rotterdam connected to Franfurt with a 2Mbit line
- The office in Bergen (Norway) connected to *Rotterdam* with a 128 line

Normal citrix session uses max 20k/s, printing is not limited! The
problem is obvious, one user sent a big print job... Away is the
interactive performance..

What i''m thinking of:

[Citrix cluster] -- [Linux proxy-arp shaper]-- Router to RTD -- Router
to Brg

What is probably very easy to do is bring all the printers in a separate
subnet in Bergen and use iptables to mark the packets for this subnet (I
build a proxy-arp firewall before, so these are familiair techniques).
It seems that Citrix traffic uses dynamic port numbers so identifying
them this way seems impossible. If someone knows a way to use the u32
filter to select Citrix normal and Citrix printing traffic???

The behaviour that I would like to get:
- If no other traffic, printing or interactive get 100%
- If other traffic, printing gets the rest

I don''t know if this is possible, acceptable would also be, let
printing
never exceed 30% of the total bandwidth

Thank you very much for your help!
Bas Rijniersce

On Monday 20 May 2002 11:23, Bas Rijniersce wrote:
> LS,
>
> Spent a lot of this weekend reading about shaping and traffic control.
> The Howto is very extensive... :-) I hope to use this list to see if
> what I want is possible.
>
> The situation:
> - A central (big) Citrix cluster located in Frankfurt (all servers in
> one subnet)
> - The office in Rotterdam connected to Franfurt with a 2Mbit line
> - The office in Bergen (Norway) connected to *Rotterdam* with a 128 line
>
> Normal citrix session uses max 20k/s, printing is not limited! The
> problem is obvious, one user sent a big print job... Away is the
> interactive performance..
>
> What i''m thinking of:
>
> [Citrix cluster] -- [Linux proxy-arp shaper]-- Router to RTD -- Router
> to Brg
>
> What is probably very easy to do is bring all the printers in a separate
> subnet in Bergen and use iptables to mark the packets for this subnet (I
> build a proxy-arp firewall before, so these are familiair techniques).
Why proxy arping?  You can enable briding so the network don''t know you
are
shaping.  If there is a problem with the brdige, just remove it and you can 
work again.
> It seems that Citrix traffic uses dynamic port numbers so identifying
> them this way seems impossible. If someone knows a way to use the u32
> filter to select Citrix normal and Citrix printing traffic???
How do you print?  To dedicated print-servers or to printers attached to 
windows boxes?
> The behaviour that I would like to get:
> - If no other traffic, printing or interactive get 100%
> - If other traffic, printing gets the rest
>
> I don''t know if this is possible, acceptable would also be, let
printing
> never exceed 30% of the total bandwidth
Very easy to implement it in CBQ or HTB.  The most difficult part is 
separating the printing traffic and the citrix traffic.

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.openprojects.net

Hi,
> From: Stef Coene [mailto:stef.coene@docum.org] 
Very good page by the way! Your page was the first I found when
searching for linux and QoS.. Side note, do you have any other links to
graphing tools for the "controlled" traffic. For us it will be very
helpful to see how much traffic was passed/limited etc..
> Why proxy arping?  You can enable briding so the network 
> don''t know you are 
> shaping.  If there is a problem with the brdige, just remove 
> it and you can 
> work again.
Because I don''t know exactly how a bridge is build :-) But
I''ll read up
on that..
 
> > It seems that Citrix traffic uses dynamic port numbers so 
> identifying 
> > them this way seems impossible. If someone knows a way to 
> use the u32 
> > filter to select Citrix normal and Citrix printing traffic???
> How do you print?  To dedicated print-servers or to printers 
> attached to 
> windows boxes?
Queue lives on a local NT server, printer itself is JetDirect''ed.
Workstation (and thus the ICA client) spool to the server
 
> > The behaviour that I would like to get:
> > - If no other traffic, printing or interactive get 100%
> > - If other traffic, printing gets the rest
> >
> > I don''t know if this is possible, acceptable would also be,
let
> > printing never exceed 30% of the total bandwidth
> Very easy to implement it in CBQ or HTB.  The most difficult part is 
> separating the printing traffic and the citrix traffic.
But I think we have the IP space in the office to split a small subnet
of for printers, that would solve this problem I guess
 
> Stef
Bas

> Very good page by the way! Your page was the first I found when
> searching for linux and QoS.. Side note, do you have any other links to
> graphing tools for the "controlled" traffic. For us it will be
very
> helpful to see how much traffic was passed/limited etc..
Not really.  There are some other scripts, but none of them uses the output 
of tc.  Most of them are based on iptables counters.  I''m still
thinking
about rewriting my script so you can see the output of tc and also graphs 
from iptables counters.  And I need a better interface.
> > Why proxy arping?  You can enable briding so the network
> > don''t know you are
> > shaping.  If there is a problem with the brdige, just remove
> > it and you can
> > work again.
> Because I don''t know exactly how a bridge is build :-) But
I''ll read up
> on that..
You have to enable it in the kernel.  And you need to install the bridge 
tools (I think it''s called brcfg).  After enabling the bridge, you have
a
bridge device that forwards all traffic like a bidge and you''r done.  
Filtering traffic can be done with the u32 filter.
> Queue lives on a local NT server, printer itself is JetDirect''ed.
> Workstation (and thus the ICA client) spool to the server
Can''t you print directly to the JetDirect boxes from the ICA server? 
That
way you can easy mark the print traffic.
> > Very easy to implement it in CBQ or HTB.  The most difficult part is
> > separating the printing traffic and the citrix traffic.
> But I think we have the IP space in the office to split a small subnet
> of for printers, that would solve this problem I guess
Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.openprojects.net

hi

* bas@brijn.nu wrote:
> Very good page by the way! Your page was the first I found when
> searching for linux and QoS.. Side note, do you have any other links to
> graphing tools for the "controlled" traffic. For us it will be
very
> helpful to see how much traffic was passed/limited etc..
http://reeler.org/software/tcstat/ (SCNR)
http://tcng.sf.net/

-- 
Thomas Graf

On Monday 20 May 2002 14:29, Thomas Graf wrote:
> hi
>
> * bas@brijn.nu wrote:
> > Very good page by the way! Your page was the first I found when
> > searching for linux and QoS.. Side note, do you have any other links
to
> > graphing tools for the "controlled" traffic. For us it will
be very
> > helpful to see how much traffic was passed/limited etc..
>
> http://reeler.org/software/tcstat/ (SCNR)
Finally I found the URL of tcstat :)  (typo on your site : "Stef''s
Tariff
Control Page").

Stef

-- 

stef.coene@docum.org
 "Using Linux as bandwidth manager"
     http://www.docum.org/
     #lartc @ irc.openprojects.net