Re: [squid-users] Delay Pools on Class A Network

From: <mark@dont-contact.us>
Date: Fri, 2 Nov 2007 19:31:47 -0400

Chris -

Thanks for the reply.

Just so I understand, then, even though my network has an 8-bit mask,
I can specify a 16-bit mask when defining an ACL?

So - on my 10.0.0.0/8 network, I could do something like:

src dept1 src 10.1.0.0/255.255.255.0
src dept2 src 10.2.0.0/255.255.255.0
src dept3 src 10.3.0.0/255.255.255.0
src dept4 src 10.4.0.0/255.255.255.0

delay_pools 4

delay_class 1 2
delay_class 2 2
delay_class 3 2
delay_class 4 2

delay_parameters 1 16348/2097152
delay_parameters 2 16348/2097152
delay_parameters 3 16348/2097152
delay_parameters 4 16348/2097152

delay_access 1 allow dept1
delay_access 2 allow dept2
delay_access 3 allow dept3
delay_access 4 allow dept4

???

Quoting Chris Robertson <crobertson@gci.net>:

> mark@ehle.homelinux.org wrote:
>> Folks -
>>
>> I work at a public library.
>>
>> I would like to implement squid delay pools to accomplish a little
>> throttling of the kiddies who come in after school and completely
>> clobber our bandwidth in the afternoon. I would like to kill the
>> folks who came up with youtube and myspace!
>>
>> Anyway, we have 4 departments with public internet access
>> computers. The public network is 10.0.0.0/8. I have made department
>> one computers IP addresses 10.1.0.X, department 2 10.2.0.X, and so
>> on. I did this only to make VNC easier for my boss and I.
>>
>> My question is: can delay pools work on a class A network like I
>> have set up here, or do I need to redo my IP scheme first?
>
> It depends on how you'd like to go about limiting the traffic. A class
> 1 delay pool will put all the hosts subject to the pool into a limited
> pipe. You could cap the whole 10.0.0.0/8 network's HTTP usage to some
> figure. Bandwidth hogs would slow down all other HTTP traffic, but
> SSH, SMTP etc could be given some "dedicated" space.
>
> Or you could create class 3 delay pools (up to four, one for each of
> 10.0.0.0/16 10.1.0.0/16 10.2.0.0/16 and 10.3.0.0/16) which would give a
> overall limit (to each subnet), as well as give each computer in each
> of those pools a limit.
>
> Or you could do both. Have a class 1 delay pool that limits all HTTP
> traffic, and separate class 3 pools to limit each /16 subnet.
>
> Then if you want to get really fancy, you could set the delay pools up
> with a time-based ACL, so throttling only happens when the "kiddies"
> are likely to be around.
>
> Hopefully that's more helpful than confusing...
>
>>
>> Thanks -
>>
>> Mark
>
> Chris
Received on Fri Nov 02 2007 - 17:31:54 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:01 MST