Re: [squid-users] SQUID problem in a MAN

From: "Vladimir Burciaga Aguilar" <anakinv7@hotmail.com>
>The objectives are:
> - The optimal use of bandwith between users.
I would think that delay_pools should have have helped - see below.

> - Porn sites restriction.
acl's blocking dst or dstdomain's or using something like SquidGuard (no
experience, but others on the list use it, do a search or check
http://www.squidguard.org/). We don't currently block anything to our
users, so it might be some other acl might actually be a better match.

> - Downloads limited.
use the acl urlpath_regex to block .zip, .mov, .mp3, etc. type files

> - Allow Messenger without frequent disconnects.
No clue, I've never used or supported it.

> - Compile Squid with Delay Pools and port restriction (We had try it, but
it
> turns slower and the Messenger disconnects a lot).
If you tried it, try again. Without knowing what restore/max bandwidths you
restricted each IP to and what you set as the total aggregate network
bandwidth it would be hard to say why it slowed things down. What I would
do is try delay_pools again and if you are having problems, use
groups.google.com and the FAQ on delay_pools ( FAQ:
http://www.squid-cache.org/Doc/FAQ/FAQ-19.html#ss19.8 ) to make sure you got
it right. After you have consulted those two resources, if you still have
problems, post the exact problem and pertinent extracts of your cache.log
and/or access.log files.

> - Add other NICs to the machine for load reduction. How can do this
without
> change the client's configuration?
When I had the network guys sniff/trace the 100mb NIC in our squid server,
they saw it was 20% used and so it would have been a waste for us to add a
NIC. Only add a NIC if you have data that supports that that is your bottle
neck. Whether you add a 2nd NIC or just bind a second virtual IP, you can
still use tcp_outgoing_address (see below).

> - Setup the other machine as another proxy server and dynamically manage
the
> load between them, according to MAN traffic. Is that possible?
If the MAN routes packets diversely based on address, you could bind another
IP to the squid server and then route half your traffic out one MAN path and
the other half out another route in the MAN. That is what how are using
tcp_outgoing_address with our two T-1's. I've heard of "MAN's" but not sure
if it is one pipe or a collection but if it has multiple paths as your
statement above implies, and you can route one IP one place and the other to
another place.

That, combined with delay_pools/blocking particular sites/file types would
help solve the over-all problems.

By the way, in combination with tcp_outgoing_address you have to create
acl's that split your users into two groups. For our group we have about 20
subnets/VLANs and so it was easy to create an acl for each group and then
put 10 in each tcp_outgoing_address directive.

hope some of this helps,

Adam
Received on Mon Apr 21 2003 - 14:46:50 MDT