Re: [squid-users] Squid delay pool question

From: Chris Robertson <crobertson_at_gci.net>
Date: Mon, 07 Dec 2009 15:35:41 -0900

mikewest09 wrote:
> Hi Amos,
>
> Thanks a lot for your detailed explanation, I believe that I had big
> misunderstanding of how Classes work.
>
> Having said that, I am not sure if class 4 will be the best one for me
> because of two important reasons:
>
> A. All of our users login with the 'same' exact login name/ password as it
> is embedded in the desktop application exe file. So what we have here is
> same login name/ password and different IP for each user
>

Then Class 4 is out. You would have one pool per username (so one pool
for the aggregate, one per-subnet, one per-ip and one username pool,
acting the same as the aggregate). Keep reading for a description of
bucket types.

> B. As mentioned before the server have 100 Mbps, my thoughts ('at first')
> was that I wanted each user to get 'for example' maximum speed then 'all of
> them' will have the same 10 MBps. But I never imagined that the connection
> speed 100 or 10 will be (divided) on the number of users logged in, meaning
> I couldn't imagine that when I drop the speed to 10 MBPs for user A then all
> users will have this speed divided on the number of users logged into the
> server (and this is of course due to my network basics ignorance :( )
>

With a Class 2 pool, there are two "types" of bucket. One type is an
aggregate bucket (there is only one instance of this bucket, and
everyone's traffic is withdrawn from it). The recommendation in your
case is to leave that bucket at "unlimited". The other type is
"individual". There will be one instance of this type of bucket for how
ever many distinct IPs Squid sees connecting to it (192.168.32.18 is
assigned one instance, 192.168.32.83 is assigned another, etc*). Each
"IP" will be able to try to saturate the 100mbit link until their
individual bucket is empty, at which point, they will not be allowed to
transfer any more data until their bucket refills some. With the
recommendations above, the bucket is 15MB. If I download a 14MB file, I
will not be rate-limited at all. If I download a 20 MB file, the first
15 MB** will not be rate limited, but the next 5 will (this limit will
just affect my traffic, you have your own bucket to deplete (or not) at
your leisure).

> So my question now is...is it possible in the first place that 'each user'
> will get the same 10Mbps despite of the number of users connected to the
> server (please excuse my network ignorance here if what I say seems
> impossible)?
>

If you set the bucket size to a fairly small size (say 1024) then the
rate limiting will take effect almost immediately (the initial value of
the bucket gets depleted at up to 100mbit/sec, then the refill rate is
the max (per-IP) download speed, with an overall limit of your 100mbit
connection).

>
> Now if this will not be possible, is it possible that I simply limit the
> usage of the server for browsing html / html files only and exclude any
> downloads exe, mp3, ...etc?

You can make ACLs that matches file extensions, and ACLs that match
MimeType responses, but it's hard to get right (and fairly easy to
circumvent, with cooperation on the far end).

See http://www.squid-cache.org/mail-archive/squid-users/200904/0307.html
and http://www.squid-cache.org/mail-archive/squid-users/200904/0432.html
for one example. The mailing list archives have other examples.

> without putting any limitation on speed? If I
> can do this then there might be no need to do the delay pools limitation in
> the first place!
>
>
> Thanks in advance for your time and efforts

Chris

* For what it's worth, A Class 2 individual pool only accounts for the
final octet of the IP: 192.168.42.118 would draw from the same pool as
1.2.3.118. Class 3 (and 4) individual pools use the final 2 octets:
192.168.42.118 would use a different pool from 1.2.3.118, but
192.168.42.118 would share a pool with 1.2.42.118.

* Not technically accurate, as the bucket would be filling (at
10mbit/sec) while the download runs, so if the download is limited on
the far end to less than 10mbit/sec, Squid's delay pool will never come
into effect. If the download is only running at 12mbit/sec it likely
won't come into effect either (I'm too tired to do the math, but
hopefully you get the idea). If I'm downloading other objects at the
same time, they will all count against my individual bucket.
Received on Tue Dec 08 2009 - 00:36:20 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 08 2009 - 12:00:02 MST