Using Mikrotik, we can redirect HTTP traffic to SQUID proxy Server, We can also control user bandwidth, but its a good idea to deliver the already cached content to user at full lan speed, that’s why we setup cache server for, to save bandwidth and have fast browsing experience , right :p , So how can we do it in mikrotik that cache content should be delivered to users at unlimited speed, no queue on cache content. Here we go.
By using ZPH directives , we will mark cache content, so that it can later pick by Mikrotik.
Basic requirement is that Squid must be running in transparent mode, can be done via iptables and squid.conf directives.
I am using UBUNTU squid 2.7 , (in ubuntu , apt-get install squid will install squid 2.7 by default which is gr8 for our work)
Add these lines in SQUID.CONF
#============== #ZPH Syed Jahanzaib email@example.com #======================= tcp_outgoing_tos 0x30 lanuser zph_mode tos zph_local 0x30 zph_parent 0 zph_option 136 #[lanuser is ACL for local network]
That’s it for SQUID, Now moving on to Mikrotik box ,
Add following rules,
# Marking packets with DSCP (for MT 3+) for cache hit content coming from SQUID Proxy
/ip firewall mangle add action=mark-packet chain=prerouting disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no comment="Mark Cache Hit Packets / firstname.lastname@example.org" /queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=pmark packet-mark=proxy-hit parent=global-out priority=8 queue=default
Now every packet which is marked by SQUID CACHE_HIT, will be delivered to user at Full lan speed, rest of traffic will be restricted by user Queue.
the above config is fully tested with UBUNTU SQUID 2.7 and FEDORA 10 with LUSCA
Make sure your squid is marking TOS for cache hit packets. You can check it via TCPDUMP
tcpdump -vni eth0 | grep ‘tos 0×30′
(eht0 = LAN connected interface)
Can you see something like
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
20:25:07.961722 IP (tos 0×30, ttl 64, id 45167, offset 0, flags [DF], proto TCP (6), length 409)
20:25:07.962059 IP (tos 0×30, ttl 64, id 45168, offset 0, flags [DF], proto TCP (6), length 1480)
192 packets captured
195 packets received by filter
0 packets dropped by kernel