Page 1 of 1

LIMIT FACEBOOK SPEED

Posted: Tue Jul 02, 2019 4:36 pm
by eldoncito2019
Hello friends, I want to limit the speed of facebook, what do you recommend to do ?, I have seen many videos that do it by layer 7, but I would like to do it in another way, someone to guide me. Thank you for your answers.

Re: LIMIT FACEBOOK SPEED

Posted: Tue Jul 02, 2019 5:23 pm
by eldoncito2019
Nobody limits facebook on your network?

Re: LIMIT FACEBOOK SPEED

Posted: Tue Jul 02, 2019 5:41 pm
by cdiedrich
No :-)
Facebook traffic is not really high and not so bandwidth-consuming as it's a lot of GET requests with little transfer per request.
I made the experience that limiting sites like this is more labor than you would gain out of it. Limiting sites with big transfers is much more suitable so that a decent amount of your backhaul b/w is still available for other stuff.

If you still feel like limiting facebook traffic, get their current address space with
whois -h whois.radb.net '!gAS32934'
Add all this to an address list.
Mark packets to/from these addresses.
Use the packet marks for your queues.
No Layer7 involved.
Make sure you update the address list on a regular basis.

-Chris

Re: LIMIT FACEBOOK SPEED

Posted: Tue Jul 02, 2019 6:34 pm
by eldoncito2019
I understand friend, so what traffic do you recommend me to limit or what traffic do you limit?

Re: LIMIT FACEBOOK SPEED

Posted: Tue Jul 02, 2019 6:53 pm
by cdiedrich
It strongly depends on your organizational structure and what services your staff is supposed to use.
Everything that syncs back to a cloud (Like Dropbox, iCloud, Google Drive, etc) is a good start to limit - especially as those syncs happen in background, nobody would really notice that the task is taking slightly longer. When using DFS in a distributed Active Directory, that is something that shouldn't be limited.

If you have a guest WiFi network, that could be rate-limited as well.
I usually schedule Queues - limit at daytime, more b/w during off-office-hours, but strictly limited during the windows we sync our backups against AWS.
When using VoIP, reserving a small amount MBps for SIP traffic makes sense.

With all this - always bare in mind that you could turn a good user experience into a really bad one, so don't overdo it.
You ideally enabled interface graphing a long time ago - have a look at your WAN graphs, match it against the bandwidth you booked and then consider again if you really have th eneed to limit.
If your overall link saturation is below 75%, I don't see a reason to limit anything. What is worse? A short period of saturation or a longer period of almost-saturated uplinks?
The sooner a transfer ends, the sooner bandwidth is available to others again.

-Chris

Re: LIMIT FACEBOOK SPEED

Posted: Tue Jul 02, 2019 7:31 pm
by eldoncito2019
Thanks Chris, I have a CYBER CAFE and this is my connection markup and my package marking in mangle, I want to limit the navigation WEB, facebook, youtube, check it to see and tell me

add action=mark-connection chain=prerouting comment="-----ICMP (PING)-----" \
new-connection-mark=ICMP_C passthrough=yes protocol=icmp
add action=mark-packet chain=prerouting connection-mark=ICMP_C new-packet-mark=\
ICMP passthrough=no
add action=mark-connection chain=prerouting comment=-----DNS----- \
new-connection-mark=DNS_C passthrough=yes port=53 protocol=udp
add action=mark-packet chain=prerouting connection-mark=DNS_C new-packet-mark=DNS \
passthrough=no
add action=mark-connection chain=prerouting comment=-----YOUTUBE----- \
new-connection-mark=YOUTUBE_C passthrough=yes port=80,443 protocol=tcp \
src-address-list="YOUTUBE LIST"
add action=mark-connection chain=prerouting new-connection-mark=YOUTUBE_C \
passthrough=yes port=80,443 protocol=udp src-address-list="YOUTUBE LIST"
add action=mark-packet chain=prerouting connection-mark=YOUTUBE_C \
new-packet-mark=YOUTUBE passthrough=no
add action=mark-connection chain=prerouting comment=-----FACEBOOK----- \
layer7-protocol=FACEBOOK new-connection-mark=FACEBOOK_C passthrough=yes
add action=mark-packet chain=prerouting connection-mark=FACEBOOK_C \
new-packet-mark=FACEBOOK passthrough=no
add action=mark-connection chain=prerouting comment=-----WEB----- \
connection-mark=!WEB_BIG new-connection-mark=WEB_C passthrough=yes port=\
80,443,8000-9000 protocol=tcp
add action=mark-connection chain=prerouting comment=-----WEB-BIG----- \
connection-bytes=2496000-0 connection-mark=WEB_C connection-rate=2112k-10240
new-connection-mark=WEB_BIG passthrough=yes src-address-list="BLOQUEO CYBER"
add action=mark-packet chain=prerouting connection-mark=WEB_BIG new-packet-mark=
WEB-BIG passthrough=no
add action=mark-packet chain=prerouting connection-mark=WEB_C new-packet-mark=WE
passthrough=no
add action=mark-connection chain=prerouting comment=-----REST----- \
new-connection-mark=REST_C passthrough=yes
add action=mark-packet chain=prerouting connection-mark=REST_C new-packet-mark=\
REST passthrough=no