I really need help with bandwidth control.
My office topology is :
ADSL----Modem------mikrotik ROS 2.9.27-----Switch ---- clients (10 ws)
Ubuntu 7.10 server
w/ squid 2.6
Modem : Ip address = 192.168.1.1
MIkrotik : Dell 600 MHZ, 256 + 128 MB (ram), 6 GB hdd
interfaces : ip address to modem : 192.168.1.2/30 (public)
ip address to switch : 192.168.10.254/24 (local)
ip address to squid : 192.168.2.1/24 (proxy)
Nat: masquerading applied to public interface
dst-nat to redirect the traffic to proxy interface
Squid : intel dual core 3,0 GHz, 256 + 512 MB ram, 40 gb hdd (30 gb allocated to /cache)
OS : Ubuntu server 7.10 (squid installed using command: apt-get install squid)
The only purpose i'm using the above topology is to efficiently use my 384 kbps connection. As from sources i read, caching can save my bandwidth. FIrst i tried using the built-in squid in mikrotik. It worked like magic.
After reading here and there, i found out that my dell box containing mikrotik isn't recomended to use squid due to less memory it has. Thats when i decided to add one more box only for squid and caching.
After some time using the squid box, i noticed that my bandwidth control using queue tree was not working as i wanted to. What i really wanted to is that what is cached in the squid box don't have to be limited, but each workstation that request not from squid is restricted to certain ammount of bandwidth. http connection should have the same restriction also.
what really happened is that all http request bound to port 80 (which is already dst-nated in mikrotik to squid) count for the queue tree for each workstation. even if its already cached in squid box.
here is my mangle for each workstation in my office :
50 ;;; Bozz chain=prerouting in-interface=Local protocol=!icmp src-address-list=Bozz action=mark-packet new-packet-mark=Bozz-UP passthrough=no 51 chain=forward protocol=!icmp dst-address-list=Bozz action=mark-connectio> new-connection-mark=Bozz-MCD passthrough=yes 52 chain=forward in-interface=Public protocol=!icmp connection-mark=Bozz-MC> dst-address-list=Bozz action=mark-packet new-packet-mark=Bozz-DDL passthrough=no 53 chain=forward in-interface=Proxy protocol=!icmp connection-mark=Bozz-MCD dst-address-list=Bozz action=mark-packet new-packet-mark=Bozz-PDL passthrough=no 54 chain=output out-interface=Local protocol=!icmp dst-address-list=Bozz action=mark-packet new-packet-mark=Bozz-LocSquid passthrough=no
Note that Bozz-Up is for upload traffic from bozz's pc, Bozz-MCD is for connection mark for Bozz's PC, Bozz-DDL is for bozz's direct download traffic, Bozz-PDL is for proxy download, Bozz-LocSquid is for local squid.
this mangles is made on trial and error. so there are still packet mark for local squid. that was used when i use the mikrotik's squid. then there is this proxy download that mark the packet from proxy, those DDL was suppose to mark for direct download that don't pass the squid/proxy.
i have about 60 mangle to address each pcs.
then there is the queue tree:
1 name="Download" parent=Local packet-mark="" limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s 6 name="Bozz-DOWN" parent=Download packet-mark=Bozz-LocSquid limit-at=48000 queue=ethernet-default priority=8 max-limit=64000 burst-limit=0 burst-threshold=128 burst-time=1m 7 name="Upload" parent=Public packet-mark="" limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s 13 name="Bozz-UP" parent=Upload packet-mark=Bozz-UP limit-at=30000 queue=default priority=8 max-limit=34000 burst-limit=0 burst-threshold=128 burst-time=1m 14 name="Direct" parent=Local packet-mark="" limit-at=0 queue=default priority=8 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s 37 name="Squid" parent=Local packet-mark="" limit-at=0 queue=default priority=1 max-limit=0 burst-limit=0 burst-threshold=0 burst-time=0s 39 name="Bozz-PDL" parent=Squid packet-mark=Bozz-PDL limit-at=96000 queue=default priority=8 max-limit=96000 burst-limit=0 burst-threshold=0 burst-time=0s
when using built-in squid in mikrotik, all that has already cached can reach client's pc in MBps bandwidth, while those that aren't cached, arrived in 192 kbps. this was achieved using the output chain. but NOw, all traffic arrive in 192 kbps to clients. Cached or not.
how can i make that kind of traffic using the external cache? so that when http traffic comes from inside squid don't have to be limited. and those that passing through the squid are limited.