RE: [squid-users] satellite/using more that one outgoing IP

Hi Henrik,

Is there anyway for Squid to look at TOS/COS fields for incoming traffic and
then make delay pool decisions based on that ?
The reason I ask is: Our b/w provider marks our incoming international
traffic differently to local traffic (South Africa), we are then able to
sell off amounts of international or local traffic to our clients according
to how much they require of each type of b/w.
We are running Squid transparently here so it's really hard for us to limit
the amount of HTTP bandwidth a client actually uses then.
Anyways if it's not possible now, maybe it's a thought for the future ? ;-)

Regards
David Wilson
Technical Support Centre
The S.A Internet
0860 100 869
http://www.sai.co.za

-----Original Message-----
From: hno@hem.passagen.se [mailto:hno@hem.passagen.se]
Sent: 14 May 2001 01:35
To: Edward
Cc: squid
Subject: Re: [squid-users] satellite/using more that one outgoing IP

It is not yet part of Squid-2.5 but you are bringing it a lot closer by
testing the feature.

--
Henrik
Edward wrote:
>
> Is tos part of squid 2.5 now?
>
> Do we still have to patch it?
>
> Thank you very much.
>
> Best regards,
>
> Edward Millington
> (Network Administrator & Senior Technical Support Technician)
> Cariaccess Communications Ltd.
> Wildey
> St. Michael
> Barbados
> 1-246-430-7435
> Fax : 1-246-431-0170
> www.cariaccess.com
>
> ----- Original Message -----
> From: "Henrik Nordstrom" <hno@hem.passagen.se>
> To: "Edward" <edward@cariaccess.com>
> Sent: Monday, May 14, 2001 5:43 AM
> Subject: Re: [squid-users] satellite/using more that one outgoing IP
>
> > Have added your message to the tosaddracl web site so it doesn't get
> > lost ;-)
> >
> > --
> > Henrik
> >
> > > Edward wrote:
> > > >
> > > > Hi there!
> > > >
> > > > Would you like to have more that one out going IP address for better
> > > > network management or for some other reason?
> > > >
> > > > Here is how you can do it.
> > > >
> > > > In this demonstration, I will be using a Cisco router w/ policy
> > > > routing enable.
> > > >
> > > > 1.  Suppose that you need to have different outgoing IP's for
> > > > different subnets or a group of IP's.
> > > >
> > > > 2. Suppose that you have a lan and Satelite connection.
> > > >
> > > >     Suppose that your satellite is only downstream. ie, you use your
> > > > lan connection for upstream and come back down satellite. You do not
> > > > route. All of the router across the world already know to route that
> > > > Class of Address to your satellite provide.
> > > >
> > > > 3. I was made arrear that Squid 2.5 w/
> > > > http://squid.sourceforge.net/tosaddracl/ will have this
functionality.
> > > >
> > > > 4. Here is the info for using that parameter:
> > > >
> > > >
> > > > The tosaddracl branch on Sourceforge has now been cleaned up, and as
a
> > > > result the configuration directives have changed sligthly.
> > > >
> > > > TAG: tcp_outgoing_address
> > > >
> > > > Allows you to map requests to different outgoing IP addresses based
on
> > > > the username or sourceaddress of the user making the request.
> > > >
> > > >     tcp_outgoing_address ipaddr [[!]aclname] ...
> > > >
> > > > Example where requests from 10.0.0.0/24 will be forwareded with
source
> > > > address 10.1.0.1, 10.0.2.0/24 forwarded with source address 10.1.0.2
> > > > and
> > > > the rest will be forwarded with source address 10.1.0.3.
> > > >
> > > >     acl normal_service_net src 10.0.0.0/255.255.255.0
> > > >     acl good_service_net src 10.0.1.0/255.255.255.0
> > > >     tcp_outgoing_address 10.0.0.1 normal_service_net
> > > >     tcp_outgoing_address 10.0.0.2 good_service_net
> > > >     tcp_outgoing_address 10.0.0.3
> > > >
> > > > Processing proceeds in the order specified, and stops at first fully
> > > > matching line.
> > > >
> > > > Here is a part of my squid.conf:
> > > > # Redirect for LAN & SAT
> > > >
> > > > acl sat1_service_net src 64.110.11.0/255.255.255.0
> > > >
> > > > acl sat2_service_net src 209.198.221.160/255.255.255.240
> > > >
> > > > tcp_outgoing_address 64.110.11.2 sat1_service_net
> > > >
> > > > tcp_outgoing_address 64.110.11.2 sat2_service_net
> > > >
> > > > tcp_outgoing_address 200.50.68.7
> > > >
> > > > # End
> > > >
> > > >
> > > > 5. Please remember that the IP addresses that you use must also be
> > > > config on the machine.
> > > >
> > > > 6. To have those outgoing IP's past through the router, here is a
> > > > sample config for the router:
> > > >
> > > > !
> > > > access-list 110 deny   tcp any any neq www
> > > > access-list 110 deny   tcp host 200.50.68.7 any
> > > > access-list 110 deny   tcp host 64.110.11.2 any
> > > > access-list 110 permit tcp any any
> > > > access-list 120 deny   tcp any any neq ftp
> > > > access-list 120 deny   tcp host 200.50.68.7 any
> > > > access-list 120 deny   tcp host 64.110.11.2 any
> > > > access-list 120 deny   tcp host 200.50.68.10 any
> > > > access-list 120 permit tcp any any
> > > > route-map squidcaching permit 10
> > > >  match ip address 110
> > > >  set ip next-hop 200.50.68.7
> > > > !
> > > > route-map squidcaching permit 120
> > > >  match ip address 120
> > > >  set ip next-hop 200.50.68.7
> > > > Now if you do not allow those ip address in your access-list, you
will
>
> > > > not be able to browse since it would be loop back to the cache
machine
> > > >
> > > > Thank you very much.
> > > >
> > > > Best regards,
> > > >
> > > > Edward Millington
> > > > (Network Administrator & Senior Technical Support Technician)
> > > > Cariaccess Communications Ltd.
> > > > Wildey
> > > > St. Michael
> > > > Barbados
> > > > 1-246-430-7435
> > > > Fax : 1-246-431-0170
> > > > www.cariaccess.com
> >