From owner-freebsd-questions  Sat Nov 27 23:50:15 1999
Delivered-To: freebsd-questions@freebsd.org
Received: from mail.fil.net (mail.fil.net [202.57.102.7])
	by hub.freebsd.org (Postfix) with ESMTP id 854B115596
	for <questions@FreeBSD.ORG>; Sat, 27 Nov 1999 23:50:00 -0800 (PST)
	(envelope-from filnet@fil.net)
Received: from fil.net ([202.57.102.6]) by mail.fil.net
          (Netscape Messaging Server 3.62)  with ESMTP id 233
          for <questions@FreeBSD.ORG>; Sun, 28 Nov 1999 15:49:51 +0800
Message-ID: <3840DE9D.10F1B38@fil.net>
Date: Sun, 28 Nov 1999 15:49:49 +0800
From: "aLan @ FIL.NET" <filnet@fil.net>
X-Mailer: Mozilla 4.6 [en] (WinNT; I)
X-Accept-Language: en
MIME-Version: 1.0
To: FreeBSD Questions <questions@FreeBSD.ORG>
Subject: Re: After Proxy Bandwidth Management
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

What I am really trying to do is limit the border bandwidth
per subscriber (after the proxy).  Therefore, I am making
higher and lower quality connections (of course at different
prices!)  During our peak times, every circuit is over
loaded...  Some people are willing to pay for higher
quality...

If I put dummynet right behind the router, I can't see how
it will help me as it will limit the bandwidth based on the
Proxy's address, instead of the originator (mainly cafes
with 6-20 computers).  I want to limit EACH cafe based on
the bandwidth used AFTER (on the border side of) our proxy. 
Maybe I am just missing something...

This is what it looks like so far:

           128-Kbps
              |
            Router (this allows F/W filter, but not
redirect)
              |
          GW/IPFilter (to redirect port 80 to proxy)
              |
   Servers - HUB - Proxy
              |
         Portmaster
              |
            Cafe


What I am thinking of would look like this:

           128-Kbps
              |
            Router (w/ F/W filter)
              |
   Servers - HUB - FNS Proxy
              |
      IPFW/natd/dummynet
              |
         Portmaster
              |
            Cafe
            Proxy

Rules:
1) The cafe proxy (one global IP address) would do Nat
translation to RFC 1918 addresses.  All other addresses are
global.
2) The Cafe Proxy would address the FNS proxy as sibling on
UDP port 3128.
3) The Cafe Proxy would address the FNS proxy as a parent on
TCP port 3130.
4) Natd would redirect all port 80 request to the FNS Proxy.
5) dummynet would allow a 10Mbps pipe to the Servers IP
addresses.
6) dummynet would allow a 10Mbps pipe to the FNS Proxy UDP
port 3128.
7) dummynet would allow a 6Kbps pipe for all other requests.
8) "Servers" include local HTTP, FTP, DNS, Email and Radius.

Flow:
1) A cafe work station makes a request to the Cafe Proxy.
2) If available, cafe Proxy servers request.
3) If unavailable on Cafe Proxy AND available on FNS Proxy,
FNS Proxy servers request at max. speed as sibling on UDP
port 3128.
4) If unavailable on FNS Proxy (as UDP sibling), Cafe Proxy
makes requests to FNS proxy as parent on TCP port 3130. 
This is limited to the "assigned speed" of 6Kbps.  The
request is sent to the "outside" border while dummynet
restricts the bandwidth to 6Kbps.  The return is stored in
both the FNS Proxy and the Cafe Proxy.
5) The Cafe would have "unrestricted access" (up to 10Mbps)
to all Servers for downloading local DNS, FTP, web pages,
and email.

Questions...
Can I assign a proxy as both the parent and sibling of the
cafe proxy?


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message