Limit transfer on blue network

Adam_S · February 5, 2016, 10:45am

Hello i have proxy with 3 interfaces - red (wan), green (lan), and blue (guests + wifi).
I must limit transfer for guests about - 70 % for green / 30 % for blue.
Is it possible ? I try do it with traffic shapping on interface rules but i only see one interface (red) dont see blue and green .

Adam_S · February 5, 2016, 2:21pm

I mean speed transfer - no limit

Nas · February 6, 2016, 12:43pm

yes in Code there is only RED

github.com

NethServer/nethserver-firewall-base/blob/7e4d950722d05747312ee1b67d0c6a573405d83d/root/usr/share/nethesis/NethServer/Module/TrafficShaping/Interfaces/Modify.php#L70


    );
    $view->setTemplate($templates[$this->getIdentifier()]);
    
    if ($this->getIdentifier() == 'create') {
        $interfaces = iterator_to_array($this->getPlatform()->getTableAdapter('networks', array('ethernet', 'xdsl')));
        $configured = $this->getPlatform()->getDatabase('tc')->getAll('device');
        $tmp = array();
        foreach($interfaces as $interface => $props) {
            if (!in_array($interface, array_keys($configured))) {
                # add only not configured interface with role red (for now)
                if (isset($props['role']) && strpos($props['role'],'red') !== false ) { 
                    $tmp[] = array($interface,$interface);
                }
            }
        }
        $view['deviceDatasource'] = $tmp;
    }
}




/**

Jim · February 6, 2016, 4:49pm

This feature could be a real good killing feature

Make traffic shapping for all interface, to prioritized the green over the blue lan.
And for type of traffic download, streaming, and so on.

Nas · February 6, 2016, 8:39pm

@Adam_S I have made little patch that would show not only RED but also it would show VLAN and BLUE:

Nas · February 6, 2016, 9:17pm

[root@nethserver Interfaces]# db tc show
eth3=device
    Description=
    In=80
    Out=80
eth3.999=device
    Description=
    In=90
    Out=90
host;nas=ip
    Description=
    Priority=1

giacomo · February 8, 2016, 8:36am

Sorry to disagree, but I think you are misunderstanding how traffic shaping works.
It can be handled only on red interfaces.
From shorewall manual ( http://shorewall.net/simple_traffic_shaping.html ):

Simple Traffic Shaping is only appropriate on interfaces where output queuing occurs. As a consequence, you usually only use it on extermal interfaces.

Still, we can implement what you are asking for, but it should be done in a different way. We can extended the “Address rules” tab inside the “Traffic shaping” page by allowing the creation of rules based on CIDR objects.

Regarding the pull request by @Nas, probably the part about VLAN can be accepted (but it should be tested if Shorewall complains about it); sadly, the blue part should be removed.

Adam_S · February 8, 2016, 9:21am

Ok thanks for help. Thats bad Then can i make something to limit download speed for this interface (blue) in proxy or firewall ?

giacomo · February 8, 2016, 11:19am

Proxy still doesn’t have such a feature, but squid already supports it.
If you want, I can post a template-custom to lower the priority of the blue network.

alefattorini · February 8, 2016, 1:42pm

No template-custom is needed, just a little workaround:

create a cidr firewall object called “bluenet”

execute this command

db tc set "cidr;bluenet" ip Description "Low priority blue net" Priority 3
  signal-event firewall-adjust

Now you should see a new rule called “Low priority blue net” in the Traffic shaping page

It would be definitely nice since it’s a very requested feature as @davide_marini can confirm

Adam_S · February 9, 2016, 6:18am

Ok thanks. I only ask.

When i execute this command, on my traffic shapping appear new rule “Low priority blue net” and blue interface at the moment will be working with prioryty 3 ? right?
Default priority on all interfaces is 10 (without this command) ?
when something do wrong with this command How can I undo this operation?

Thanks for reply

Nas · February 9, 2016, 6:49am

Kindly use :

db tc delete "cidr;bluenet" ip Description "Low priority blue net" Priority 3

alefattorini · February 9, 2016, 8:19am

Yes it’s right.
Yes it’s right
You can delete the rule by the UI as well

Adam_S · February 9, 2016, 9:01am

Okey thanks for help.

alefattorini · February 9, 2016, 9:45am

Let me know it works or not marking the thread as resolved

Adam_S · February 9, 2016, 9:58am

Okey
I make on “firewall objects” on tab “CIDR subnets” new rule called “bluenet” , network “192.168.0.1/24”.
Next i open ssh and execute: db tc set "cidr;bluenet" ip Description "Low priority blue net" Priority 3 signal-event firewall-adjust
When i go to “traffic shapping” to “address rules” tab i see:
Address: CIDR network bluenet
Priority: Low
Description: Low priority bluenet
and i can now manually change prioryty by EDIT button: Low, Medium, High

Nice work
but i dont know how to check if it works?

alefattorini · February 11, 2016, 12:01pm

I think you should start a download from the green and from the blue seeing the different priority and bandwidth