[CentOS] Traffic shaping on CentOS
Mark Milhollan
mlm at pixelgate.net
Sat Dec 16 18:12:55 UTC 2017
On Fri, 15 Dec 2017, Kenneth Porter wrote:
> The gateway is for a small business and I don't want shell and remote desktop
> sessions to come to a crawl because someone's uploading/downloading/mailing a
> big CAD file to a customer/vendor, or because several are watching Youtube
> videos.
Slowdown is probably going to happen since these days much file/bulk
transfer and certainly all Google (YouTube) services use HTTPS and thus
seem the same to any but the most intrusive inspection and dynamic
shaping, i.e., SSL bump or peek'n'splice would be needed wherein at
least the beginning of a session can be inspected so that the real
purpose can be inferred and used to set the shaping on that single
session -- though usually they decrypt everything which has many
concerns. Static shaping of HTTP(S) can help but certainly can't assure
that "interactive" sessions won't be impacted by "heavy" sessions. If
only SSH and RDP need more priority than anything else that should be
easily handled by static policy (firehol, wondershaper, etc) though it
fails when RDP is used for bulk file transfer (you can check TOS/DSCP on
SSH sessions to de-prioritize SCP/SFTP transfers, provided such hasn't
been defeated by the sender).
/mark
More information about the CentOS
mailing list