Re: [squid-users] Limiting per Host/Stream from Amos Jeffries on 2009-05-07 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 08 May 2009 01:47:50 +1200

Marc Hansen wrote:
> Hi,
> I need to limit the traffic based on the stream, the way I unterstood the
> delaypools, that I'm only abel to limit per IP or Network.

Depends on your Squid version. That is true for Squid-2. But not for
Squid-3 which has additional username-based and external_acl_type tag
based pools.

>
> Now in short two questions.
>
> - Is it possible to limit based on the stream
>
> - In my conifg, attached, I try to limit the host do 64000Byte. Is the Limit
> "Per Host" based on a special net?

No. It's based on the IP which is contacting Squid. a 0.0.255.255 mask
is applied for per-host to convert the IP into a bucket ID.

The per-net basis is done likewise, with a 0.0.255.0 mask instead,
exactly which mask is depends and is documented for each particular
delay_class.
http://www.squid-cache.org/Doc/config/delay_class/

From your configuration below, I do not think you will encounter
clashes. But if you go over the 10.209.2.* into 10.210.2.* for example
you might encounter clashes then.

For that case you simply create a separate but identical delay pool for
the 10.210/16 subnet. An ACL to enforce the pool separation keeps it
nice and non-clashing.

> Maybe the subnet from the proxy?
> We use more than one subnet and I will not run in a Networkproblem.
>
> Regards
> Marc
> ------------------------------------------------------------------------
> acl delay500kbit dst 192.168.0.0/255.255.0.0
> acl delay500kbit1 dst 10.209.31.0/24
> acl delay500kbit2 dst 10.209.2.0/24
>
> http_access allow SSL_ports
> http_access allow Safe_ports
> http_access allow CONNECT
> http_access allow all
> #never_direct allow direct
> always_direct allow SSL_ports
> always_direct allow direct
> never_direct allow all
> # always_direct deny local-external
> # always_direct allow local-intranet
> # never_direct allow all
>
> ###################
> #192.168.0.0/16
> #10.209.31.0/24
> #10.209.2.0/24
> #acl only128kusers src 192.168.1.0/255.255.192.0
> delay_pools 1
> delay_class 1 2
> delay_access 1 allow !delay500kbit !delay500kbit1 !delay500kbit2
> delay_access 1 deny all

Hmm, I'd merge the delay500kbit* ACL all together into one ACL:
   acl delay500kbit dst 192.168.0.0/16
   acl delay500kbit dst 10.209.31.0/24
   acl delay500kbit dst 10.209.2.0/24

delay_access 1 allow !delay500kbit

you only need different ACL for the different classifications.

> delay_parameters 1 9600000/15000000 64000/15000000
>

That pool means:
each /16 network is capped at ~9.6MB/sec with an initial peak of up to
~15MB/sec.
each /32 host inside the network is capped at ~64KB/sec with an
initial download of up to 15MB/sec

By initial download, I mean the pool starts with that much available.
They can download files under that size at full speed. But once the
bucket is emptied they get capped at the restore rate.

To do a full data cap you set N/N to the same number. So they start with
up to their full N rate, and every second they get another capped N to use.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE14
   Current Beta Squid 3.1.0.7

Received on Thu May 07 2009 - 13:48:05 MDT

This archive was generated by hypermail 2.2.0 : Thu May 07 2009 - 12:00:02 MDT