Amos,
Thank you very much for your answer, that's explain why the same
configuration was OK in our lab with a /24 but not in our client
architecture which is in /8.
However, you suggest "tcp_outgoing_tos", do you confirm that is gonna
use the kernel to proceed of limiting bandwith?
best regards,
Romain
2011/10/7 Amos Jeffries <squid3_at_treenet.co.nz>:
> On 07/10/11 22:35, Romain wrote:
>>
>> Hi,
>>
>> We'd like to limit our bandwith / file type with using ACL and delay
>> pool. Our Squid (2.6e21) is configured as a reverse proxy, in front of
>> a apache server (2.2.3)
>>
>> - We don't have any error starting Squid but the delay pool seams not
>> working.
>> - If you use acl with http_deny directive, there no problem and files
>> are not allowed to be download.
>> - We also tried to use delay_class 1 with ACL all and it's not working.
>>
>
> Problem #1: You said "reverse proxy"
>
> Squid delay pools are designed for forward proxy. They work with a pool
> resolution of /16 through to /32. Larger networks /8 or in reverse-proxy
> case of /0 get lots of overlapping and people sharing bandwidth counters.
>
> You would be better using tcp_outgoing_tos and the ACL to send a
> TOS/DiffServ marker for some OS rules to do rate-limiting with.
>
>
>> Here you have the delay pool configuration:
>>
>> #ACL identifiant les fichiers hebdomadaires, mensuels et complets
>> acl fichiers url_regex -i \^*ful25.m25$ \^*m25.m25$ \^*cur25.m25$
>
> So....
> acl fichiers url_regex -i (ful|m|cur)25.m25$
>
>>
>> #Declaration des pools de gestion de bande passante
>> delay_pools 2
>>
>> #definition du pool concernant les fichiers volumineux.
>> #Chaque poste d'un réseau dispose de 30Ko/s de bande passante,
>> #un sous réseau de classe C dispose de 50 Ko/s
>> #et la totalité des postes demandant ce type de fichiers disposent de
>> 1Mo/s
>> delay_class 1 3
>> delay_access 1 allow fichiers
>> delay_access 1 deny all
>> delay_parameters 1 1048576/1048576 50200/50200 30720/50200
>>
>> #definition du pool pour les autres fichiers
>> #Aucune limite n'est positionnée pour le moment
>> delay_class 2 3
>> delay_access 2 deny fichiers
>> delay_access 2 allow all
>> delay_parameters 2 -1/-1 -1/-1 -1/-1
>
> This #2 pool is useless. "-1/-1" means no-limit.
>
> BUT, not limiting the !fichiers group is what the delay_access lists for
> pool #1 already said.
>
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.15
> Beta testers wanted for 3.2.0.12
>
Received on Fri Oct 07 2011 - 11:44:49 MDT
This archive was generated by hypermail 2.2.0 : Sat Oct 08 2011 - 12:00:02 MDT