This follows on from a previous post where I was trying to work out how to do bandwidth limits per user that changed over time.
I’ve now come to the conclusion that that would probably be too complicated, so I’m thinking that some system that prioritised traffic depending on the user’s hotspot profile would be easier.
All of our users (wired or wireless) have to log in through hotspot.
If I add profile packet marks for different user profiles I should then be able to build a queue tree where some of the packet marks are given higher priority, right?
I’m thinking we’ll need two ‘root’ queues, one for incoming traffic and one for outgoing traffic.
Each of those would then have several child queues, one for each packet mark, decreasing in priority.
So assuming I have the following user profiles:
0 * name="default" address-pool=pool1 idle-timeout=30m keepalive-timeout=2m
status-autorefresh=1m shared-users=unlimited transparent-proxy=yes
open-status-page=always advertise=no
1 name="staff" address-pool=pool1 idle-timeout=1h keepalive-timeout=2m
status-autorefresh=15s shared-users=1 transparent-proxy=yes
open-status-page=http-login advertise=no
2 name="customer" address-pool=pool1 idle-timeout=30m keepalive-timeout=2m
status-autorefresh=2m shared-users=1 transparent-proxy=yes
open-status-page=http-login advertise=no
3 name="Temp" address-pool=pool1 idle-timeout=30m keepalive-timeout=30m
status-autorefresh=2m shared-users=1 transparent-proxy=yes
open-status-page=http-login advertise=no
4 name="Library" address-pool=pool1 idle-timeout=30m keepalive-timeout=2m
status-autorefresh=1m shared-users=1 transparent-proxy=yes
open-status-page=http-login advertise=no
5 name="SuperUser" address-pool=pool1 idle-timeout=1h keepalive-timeout=2m
status-autorefresh=1m shared-users=unlimited transparent-proxy=no
6 name="WIRELESS" idle-timeout=none keepalive-timeout=2m
status-autorefresh=1m shared-users=1 transparent-proxy=no
7 name="Residence" idle-timeout=none keepalive-timeout=2m
status-autorefresh=1m shared-users=1 transparent-proxy=yes
open-status-page=always advertise=no
8 name="Lap-Tops" idle-timeout=none keepalive-timeout=2m
status-autorefresh=1m shared-users=1 transparent-proxy=no
9 name="uprof1" idle-timeout=none keepalive-timeout=2m status-autorefresh=1m
shared-users=1 transparent-proxy=no
10 name="Cafe" idle-timeout=none keepalive-timeout=2m status-autorefresh=1m
shared-users=1 transparent-proxy=yes open-status-page=always
advertise=no
I would then have a queue tree (download side only, upload would be similar) something like this (assuming the profile names are used for packet marks and queue names):
Download (attached to local interface)
- work (priority 1)
- SuperUser (priority 1)
- staff (priority 2)
- Lap-Tops (priority 3)
- public (priority 2)
- Cafe (priority 1)
- Library (priority 2)
- WIRELESS (priority 3)
- other (priority 3)
- customer (priority 1)
- Residence (priority 2)
- default (priority 3)
- uprof1 (priority 4)
- Temp (priority 5)
- unauth (not logged in, walled garden traffic, priority 8)
How will proxies (web-proxy and the walled garden proxy) affect my cunning plan? I’m worried that proxied traffic will appear to come from the router itself and so bypass the queues.
It also look like we need to tidy up the user profiles, some of them have few or no users. I inherited this setup when I started working here.