I seem to keep getting internal hosts that are either downloading large files, or games or something, and that packet size is huge, somewhere around 120-185 pkt/s, measured using ntop.
Is there a way to use tcp window shaping to delay these packets? Or perhaps if not, any plans to implement tcp window shaping in the future?
I think it would be beneficial to shape these large packets to prevent congestion, especially on lines that also contain voice/voip.
Using iptraf -> statistical breakdowns -> by packet size, with a host filter on, the host has most of its packets on the top end, towards the, 1351 to 1425, and 1426 to 1500 ranges. If there was a way to delay these packets, or classify them to be a lower priority amongst the other traffic on the same subnet.
The TCP section, –mss, or the tcpmss, can control the size of the packet in each connection. So if a host is streaming some thing, that would be one constant connection from a remote host, and can be contained to a certain spacket size, i.e
Src: “Streaming Server” dst: Internal Host: –mss, state no more than (FW rule) x-size of packet for this conection, if too large, then DROP, or in the QoS section, if large than this, it gets this bandwidth, etc.