Reply To: QOS IP addresses

#51443

almoffit
Member

@atroposx wrote:

You can try a server that you know is consistent such as a webserver to test on. Since Youtube goes through Akamai and Limelight CDNs, it’s be hard to match all subnets that they would be on, since they could have more than your stated five.

Or, if you can, get a ip of a machine that is on your lan side, make sure it is not doing anything, check the firewall section, then connection Tracking section, put in their ip. Make sure it’s not doing much. Then load a youtube video, and see what connections are going through, get the ips of the source on the left, and go to http://www.arin.net, and put in the ip address, see if it goes to Akamai/Limelight, get the subnet, and make a classifier for that subnet.

Also, restricting speed to such a CDN subnet could result in slow downloads/uploads for other things as well, windows updates for example, or anything else that would reside on those subnets, anything legitimate to use. Limiting youtube, vimeo, google-video, etc., is hard to do by ip, it’s a pain. Try a known static webserver first to download from, to make sure the classes/classifiers are working correctly. And, if so, then more than likely the youtube stream is being fed by a different CDn that is not on your subnet list.

I thought about the implications of blocking such a massive amount of addresses. I am putting this in for a school. I will have all of our servers bypassed from the qos all together, along with the administration.

I also figured that *most* of the sites students go to for educational purposes probably wouldn’t be on those subnets.

I figured out why the classifier wasn’t working.
The proxy was proxying the bridge and didn’t play well with the classifier for some reason. I have yet to figure out why it was doing that.

Is there a way to create a L7 rule for FLV formats? I had tried to do an iptables variable that had -s youtube.com and another for -d youtube.com
but that seemed to resolve it one time only.

if I could write an L7 rule for FLV and MP4 I probably wouldn’t have to worry so much about addresses but as of now I have absolutely no idea how to do that.