I redesigned the way we break down traffic in the shaper today. The short version is that we’re now splitting the traffic tree first by IP address (or host list) to get to student network, blocked hosts, and college owned network. Then within those (if needed) we differentiate by application service.
The college owned network is the only base class that is not set as an exception class. Others are exception so that they will sort higher than the college network, which is simply set to include our entire class B space.
Within the student and college networks, I then create several folder classes for basic services (web browsing, FTP, DNS, etc.), chat programs, streaming media, P2P, games, etc. Each folder class has a partition assigned to it, and each application class has a priority policy assigned to it (except in the basic services, where I have more complicated policies). There’s also a “blocked” folder, which has a number of classes that are blocked with never-admit policies.
Things seem to be working at the moment, and the layout is extensible. We can partition the student net or the college net to a certain bandwidth (possibly useful in the future if we go to heftier pipes), and we can make different policy settings for the same application at different points in the network.
All the setup is done with a command file that is generated by a set of unix shell scripts. I have these on my laptop.
Posted by Rowan Littell at September 28, 2005 05:20 PM