Re: [squid-users] reloading settings on a regular basis

From: E.S. Rosenberg <esr_at_g.jct.ac.il>
Date: Sun, 30 Sep 2012 16:39:13 +0200

2012/9/30 Amos Jeffries <squid3_at_treenet.co.nz>:
> On 30/09/2012 12:43 p.m., Eliezer Croitoru wrote:
>>
>> On 9/29/2012 9:38 PM, E.S. Rosenberg wrote:
>>>
>>> I have A, B and C with a potential for quite a few more (not
>>> necisarily ISPs but also browsing restrictions or lack thereof).
>>> I guess I over-simplified things a bit, but we have lots of user based
>>> stuff going on, in addition we also want to start capping bandwidth
>>> usage on a per user basis so that resources are shared more fairly
>>> etc.
>>> Regards,
>>> Eli
>>
>>
>> Well still the only difference is that you will need to design the acls
>> you are going to use.
>> are you using tproxy or intercept?
>> you can try by listing a of the things you want to implement and then plan
>> the network design by that.
>>
>> if you have 6 ISP's for example you can put one proxy not cache at all for
>> the interception and accounting stuff which is basically acls and other
>> stuff.
>> then use cache_peers with 6 incoming ports that will decide the outgoing
>> port by the incoming port.(just something in my mind).
>
>
> or a "OK tag=ISP-1" from the external ACL helper and a tag type ACL in
> tcp_outgoing_* to determine either outgoing IP or TOS marking.
>
> I recommend 3.2.1 or later for this type of thing though we did a lot of bug
> fixing and performance polishing of this type of config in 3.2.
>
>
>
>>
>> if you have some ICAP service then put it somewhere in the infrastructure
>> in a place that wont effect you delay pools etc.
>>
>> I dont remember about resources consumption by a no cache at all squid but
>> it should be low.
>
>
> Squid uses a few MB base footprint and up to (usually under) 256KB per
> concurrent transaction. The rest is cached data.
>
>
>> I do remember you wanted somewhere to cache youtube etc..
>> I have a working solution for that and I'm working on store_url_rewrite
>> which can benefit from this two.
>>
>> you can also add some captive portal that has user validation in it for
>> wireless places ( I was working on a way to do it for transparent proxy like
>> in wifi-coffe shops that has agreement and other stuff like "prepaid cap"
>> that is being used in cellular providers.
>>
>> just make a list of things you need\want to get from the network and from
>> there the only question is how to put the whole puzzle together.
>>
>> Regards,
>> Elizer
>>
>
> Amos

Great.
So just to summarize:
- Reloading often is bad, use smartly structured ext_acls instead.

As far as how we do it, we don't use tproxy, we have a class B for
ourselves so internally, so the user facing proxy that needs to handof
information about a forced plan because of some location does that
through the IP it presents to the parent.
The parent in turn is connected to all ISPs/plans so that it can get
better caching results and limit the total traffic of a user (ie.
wireless and lab stations).

Youtube is something I hope to optimize for in the future but fist
this general architecture needs to become active and then we'll start
caching optimizations.

Thanks,
Eli
Received on Sun Sep 30 2012 - 14:39:19 MDT

This archive was generated by hypermail 2.2.0 : Mon Oct 01 2012 - 12:00:06 MDT