Dear all

Recently I put in place some queuing rules in order to shape and better manage the traffic over my network (in particular for bandwidth eater services like Netflix & co.). A set of mangling rules together with marking actions have been put in place to accomplish this objective. The high-level flow is the following:

Create a list of IP named "Netlfix-list" when a packet transits within the router and its content is "netflix.com" (other domains are also present). Then, if a connection is made towards one of the "Netflix-list" IP, mark it. Moreover, mark all the packets belonging to the Netflix connection for proper management.

However, I noticed that sometimes Netflix traffic (for instance) is not properly captured in the mangling scheme. I figured out that the reason why is mainly due to the fact that local ISPs act as CDN for Netflix. As a result, the requests are not anymore sent to a Netflix related IP and - moreover - do not contain the content keyword in their request. What they contain, is one of the Netflix-list IP in the HTTP request that is made (as a part of the request URL and not as an information in the headers). The final outcome is that this traffic is not captured and properly shaped. A possible solution would be to create an adaptive set of L7 rules to match the presence of one out of many Netflix-list addresses inside the URL. This might be accomplished using a script that every X minnutes/hours/seconds creates or updates the filtering rule.

Is there a better way to deal with this situation?

Thanks