LARTC - Nov 2002 - CBQ affected by squid?

Hi,
 
I am trying to develop a system to handle a simple enough scenario.
Essentially it is a gateway, on which HTTP and FTP will go through Squid
for caching and all that, and everything else (telnet, etc) will go
through the gateway but not squid. I want to divide the bandwidth up
evenly between the users on the system (i.e. 2 users on the system then
each gets half the total bandwidth, 4 then they get a quarter and so
on). I have one basic question:
 
The question is that if my http traffic goes through squid then when it
is seen by the Linux Traffic Controller (the TC is on the outgoing
Interface i.e. the Internet connection, so that it can see the actual
bandwidth usage of the outgoing link i.e. we have examined the cache to
see f we have it stored and found we need to fetch it) the http packets
are wrapped in TCP packets and the TC sees all the http traffic as
coming from squid i.e. a connection between Squid and say Yahoo.com, and
cannot distinguish which user sent what request as they all seem to be
packets with Squid as the source IP address. Is this understanding
correct? If not what am I seeing wrong? If this is the case how am I
going to share the bandwidth as I state above as all the users on the
LAN are being anonymised by Squid before they reach the TC?? 
 
At present my best solution seems to be to use a combination of Delay
Pools, the modified dynamic ones, and Class Based Queuing (CBQ). This
way delay pools will manage the bandwidth for Squid and I can use a CBQ
to allocate the delay pools a set amount of the total bandwidth and use
CBQs to share the remaining bandwidth out between the users. However the
delay pools and the CBQ are separate utilities and they do not talk to
each other so this is not efficient as the amount of bandwidth allocated
to Squid cannot easily be changed dynamically as the delay pool would
have to be reconfigured each time. As you can tell this is a bit of a
messy solution and does not make the best use of the limited resources
i.e. bandwidth can be left idle.
 
So in short, does Squid anonymise which user is generating which http
packets on the TC if the TC is on the Internet connection interface?? If
not, how come? If yes, is there a way around this and what is it?
 
Probably a newbie question but I have spent a good while trying to solve
this before asking the question. Any help greatly appreciated.
 
Cheers,
 
Shane

On Friday, 29 November 2002, at 13:54:17 -0000,
Shane Purtill wrote:
> The question is that if my http traffic goes through squid then when it
> is seen by the Linux Traffic Controller (the TC is on the outgoing
> Interface i.e. the Internet connection, so that it can see the actual
> bandwidth usage of the outgoing link i.e. we have examined the cache to
> see f we have it stored and found we need to fetch it) the http packets
> are wrapped in TCP packets and the TC sees all the http traffic as
> coming from squid i.e. a connection between Squid and say Yahoo.com, and
> cannot distinguish which user sent what request as they all seem to be
> packets with Squid as the source IP address. Is this understanding
> correct? If not what am I seeing wrong? If this is the case how am I
> going to share the bandwidth as I state above as all the users on the
> LAN are being anonymised by Squid before they reach the TC?? 
>  
Squid is a HTTP proxy, and the behaviour you describe is exactly what it
is supposed to do: to proxy client connections. Clients contact the
Squid box and ask it a page, and then Squid creates a new page request
based on the one from the client, that sends to the final web server.

The comunication is from the client to Squid, and from Squid to the real
web server. So all outgoing HTTP traffic in the Squid box itself is
coming from the squid process, and I don''t know if recent Squid
versions
have some way of "signalling" the operating system about a way to
distinguish traffic coming from one client or another.

Hope it helps.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Woody (Linux 2.4.19-pre6aa1)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/