Hi all,
I have several virtualhost on same webserver (single IP).
Question: How can I shape a specific bandwidth to each of them?
I tried with mangle and content field in this way:
chain=forward in-interface=External dst-address=192.168.1.1 protocol=tcp dst-port=80 content=domain1.com action=mark-connection new-connection-mark=domain1-conn passthrough=yes
chain=forward in-interface=External connection-mark=domain1-conn action=mark-packet new-packet-mark=domain1 passthrough=yes
Then a simple rule shapes the bandwith related to packet-mark=domain1 according to the SLA associated to that customer.
Unfortunately it works just partially, because in this way not all the traffic is captured by mangle rules so the actual bandwidth available to the customer is somehow higher than the allowed.
Basically this feature is very useful for ISPs, where layer 4 data is not enough to discriminate services hosted on the server farm; that can be extended from HTTP to FTP, SMTP, POP3, IMAP4, <streaming>, Terminal Services, VoIP, SQL.....
Did anybody solve this problem using MT?
I think the way you are doing it is the only way since you can only identify that domain in the GET/POST requests...
Is this in a shared hosting environment? Maybe you can add headers to their site that identify it easier for MT to find.
The way you are doing it should mark all connections to that site correct? Which traffic is not getting mangled? Also, I was also curious about passthru=yes, doesn't this mean that its just ignored, or just that its not the last rule to stop at?
Is this in a shared hosting environment? Maybe you can add headers to their site that identify it easier for MT to find.
The way you are doing it should mark all connections to that site correct? Which traffic is not getting mangled? Also, I was also curious about passthru=yes, doesn't this mean that its just ignored, or just that its not the last rule to stop at?
Yep.Is this in a shared hosting environment?
Nop. We have no control over the content put by our customers on their services...Maybe you can add headers to their site that identify it easier for MT to find.
I wanted to, but something is wrong because on a server hosting just a single customer, the total traffic directed to the server (captured by mangle without content field) is higher than the one captured by mangle with it.The way you are doing it should mark all connections to that site correct?
Good question, I would know that, too!Which traffic is not getting mangled?
It's not the last rule to stop at.Also, I was also curious about passthru=yes, doesn't this mean that its just ignored, or just that its not the last rule to stop at?
What I meant was Server Headers, not in the body of the response... so if it's IIS you can add headers to the responses in the MMC for each site. i believe you can do that same with apache.Nop. We have no control over the content put by our customers on their services...
If you mark a connection with one mark you cannot give it another mark - so maybe you are marking it and then remarking it? Just a thought.
Sam
Great! It works!What I meant was Server Headers, not in the body of the response...
That means the way is right, ant I only have to choose the right string to use as content selector...
Correct. I do the whole job in 3 steps:If you mark a connection with one mark you cannot give it another mark - so maybe you are marking it and then remarking it?
1) mark the whole traffic to the webserver based on layer3 data (ip) (A)
2) re-mark based on layer4 data (ip+port). That shows the total amount of "unshaped" HTTP traffic (B)
3) re-mark the traffic by extending previous rule with layer7 content info (C)
[Multiple virtualhosts can be marked using cascading "C" rules.]
In my tests A=B+C, so when all is OK and the only virtualserver accessed is the one selected by content field, A should equal C and B should be 0.
Without Server Header A was about 50% from B and 50% from C... with it B is near 0 and A is near C.
Now I have to do additional checks, but the whole thing seems to be working...
Thank you again for your good hint!
Riccardo
I think because hostname could be many things - including many different host header names... whereas something you add to the site headers is specific and you know exactly what to look for on each site - just make sure to use something very unique like a GUID so you don't accidentally trigger based on content of other packets. Glad that helped.
Sam
Sam