RE: [squid-users] efficient IP ACLs

From: Michael Pophal <michael.pophal@dont-contact.us>
Date: 18 May 2004 08:11:27 +0200

I assumed, it is a matter of ACL number. I can have 10 ACLs or 1 ACL in
the squid. But I don't know, how squid does handle this internally, so
you may be right and it doesn't matter anyway.

Sure, I want to permit only the allowed IPs on the proxy, but it is also
a matter of performance. We have about 7600 IP ACLs, which could be
reduced by compacting them to lager subnets.

Michael

On Tue, 2004-05-18 at 07:51, Elsen Marc wrote:
>
> >
> > our squid has to handle more than 100.000 IP adresses.
> >
> > Is it more efficient to fill up subnets or doesn't it matter.
> >
> > E.g. 250 IPs of an C-IP Range have to have proxy access, but
> > I can also
> > allow all 255. Is there a difference in performance, when I give squid
> > maybe 10 subnets with 250 IPs or 1 C-Subnet with 255 IPs.
> >
>
> That part of networking stuff, happens a at a lower layer, and is probably
> more influenced by the performance/efficiency of the network stack of your box
> and not by SQUID.
> SQUID's limitations,if any are
> determined by finding out for instance the number of requests/sec
> it has to deal with e.d.
>
> M.

-- 
Mit freundlichen Grüssen / With kind regards
Michael Pophal
--------------------------------------------
Siemens AG, I&S IT PS 223 OP3
Telefon: +49(0)9131/7-25150
Fax:     +49(0)9131/7-43344
Email:   michael.pophal@siemens.com
--------------------------------------------
Received on Tue May 18 2004 - 00:11:46 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:01 MDT