... Please don't say "throttle.clent and throttle.server" are the answers.
What I want to do is proper QoS - like Bluecoat and Squid have been able to do effortlessly for years. Proper buckets, QoS for different types of traffic, the works.
TC is included with MWG but as it isn't enabled in the kernel, its use generates the expected:
RTNETLINK answers: Operation not supported
Some modules are loadable (nfnetlink, nfnetlink_queue, nfnetlink_log) but Net_sched and the rest aren't available...
Support confirmed that TC was part of the MWG distro but not supported.
. So, has anyone been able to actually do real QoS on an MWG proxy? If so, how?
Thanks! I'm not quite going crazy yet, but there's still time in the day!
What version are you running? 7.3.2 added the ability to set the DSCP byte (proper QoS) like BC and squid.
The header field that is known as DSCP header field can be set by a new event in IP data packets when they are sent from Web Gateway to a web server in the request cycle of processing web traffic.
The field can be evaluated by network devices supporting the DSCP (Differentiated Services Code Point) protocol.
A second event is provided for setting the same field in IP data packets that are processed in the response cycle.
Basically you can have a rule that has criteria of url.categories = social networking (or whatever) and an event that sets the DSCP header. Request vs Response depends on where you are going to actually do the priortization.
Thanks for the reply.
We're running 7.4.0
I looked into DSCP - and yep, it'd do exactly what I want to do IF we had network devices that a)would consume DSCP and prioritize traffic and b) provide QoS - We don't, I'm afraid.
Our Network team tell me (rightly, I think) that if we were managing QoS on Bluecoat and Squid and not killing bandwidth, why can't we do the same with MWG...
The only answer I can think of is using Linux's TC - which is there but unusable. I was hoping someone in McAfee-world had either recompiled the kernel with this support enabled or managed to enable it another way (maybe a module I'm missing)..
The really tempting thing is that McAfee provide the source code (under the Open source download bit) so we can toy with the idea of recompiling it (and kissing any notion of support good-bye)
I am surprised that this hasn't been discussed more on the forums and it seems most people are happy with the throttle options - but this really isn't what we want to do. We need to ensure that a proxy won't use more than 150mbps bandwidth while prioritizing business traffic over streaming.