4. Traffic Shaping HaProxy on WAN

Traffic Shaping HaProxy on WAN


  • Hello, I have a Emby server running on my network, and I have a HaProxy making the connection from the WAN side to my network, to have a simpler url, I just use https://emby.myserver.com insted of https://myserver.com:8920.

    The problem is that I what to control the emby stream bandwith (Upload), and for that I tried to a floating rule, quickly I realised that I cant't make the rule only for the emby url, because all traffic (emby and other services) arrive to my server on the port 443.

    On the wan interface I added:
    Action: Match
    Quick: Disabled
    Interface: WAN
    Direction: any
    Protocol: TCP
    Source: any
    Destination: Wan Address
    Port: 443
    Ackqueue / Queue: qACK/qStream

    This works marking the traffic to go to the qStream Queue, the problem is that all the other traffic that is going to my WAN 443 also is on qStream queue, and I would like to separate them. Is it possible to do this when I'm using the HaProxy allways on the same port?

    I tried to map the rule on the LAN Inerface, but no success, I can't tag the traffic

    Is this possible?
    Thank You

    0

  • I tried to make a floating rule with:

    Action: Reject
    Interface: LAN
    Direction: Out
    Address Family: IPv4
    Protocol: TCP/UDP
    Source: any
    Destination: EmbyServer

    This actions successfully blocks all traffic to the EmbyServer

    Then I tried to change the "block" to "match" and added the queues qACK/qStream.

    The traffic now flows to the server, but not the correct queue, it falls back to the default queue. So, the floating rule can block the traffic, but not assign the queue. Can any one clarify on this?

    Thank You

    0

  • I also tried to make this work with the tag and tagged fields, the original rule that I have working:

    Action: match
    Interface: WAN
    Direction: in
    Address Family: IPv4
    Protocol: TCP
    Source: any
    Destination: Wan Address
    Destination Port Range: 443

    this is working ok tagging the traffic going to the HaProxy, not my finnal intente (I only what to filter the traffic going to the emby server) and now I tried to add:

    Tag: fromwan
    Queue none/none

    Then I used the rule that I stated above:

    Action: Match
    Interface: LAN
    Direction: Out
    Address Family: IPv4
    Protocol: TCP/UDP
    Source: any
    Destination: EmbyServer
    queues qACK/qStream
    Tagged: fromwan

    Nothing, the traffic keeps not being assign to any queue. Just out of curiosity I tried to block the traffic from the wan to the emby server. I used the rule above

    Action: Block
    Interface: LAN
    Direction: Out
    Address Family: IPv4
    Protocol: TCP/UDP
    Source: any
    Destination: EmbyServer
    queues qACK/qStream

    This rule was working blocking the traffinc, but now I added Tagged fromwan. The result was no blocking at all.

    Floating rules are so hard to predict and test, but I need them to shape my traffic.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy