mark@xxxxxxxxxxxxxxxxxx wrote:
Folks -
I work at a public library.
I would like to implement squid delay pools to accomplish a little
throttling of the kiddies who come in after school and completely
clobber our bandwidth in the afternoon. I would like to kill the folks
who came up with youtube and myspace!
Anyway, we have 4 departments with public internet access computers.
The public network is 10.0.0.0/8. I have made department one computers
IP addresses 10.1.0.X, department 2 10.2.0.X, and so on. I did this
only to make VNC easier for my boss and I.
My question is: can delay pools work on a class A network like I have
set up here, or do I need to redo my IP scheme first?
It depends on how you'd like to go about limiting the traffic. A class
1 delay pool will put all the hosts subject to the pool into a limited
pipe. You could cap the whole 10.0.0.0/8 network's HTTP usage to some
figure. Bandwidth hogs would slow down all other HTTP traffic, but SSH,
SMTP etc could be given some "dedicated" space.
Or you could create class 3 delay pools (up to four, one for each of
10.0.0.0/16 10.1.0.0/16 10.2.0.0/16 and 10.3.0.0/16) which would give a
overall limit (to each subnet), as well as give each computer in each of
those pools a limit.
Or you could do both. Have a class 1 delay pool that limits all HTTP
traffic, and separate class 3 pools to limit each /16 subnet.
Then if you want to get really fancy, you could set the delay pools up
with a time-based ACL, so throttling only happens when the "kiddies" are
likely to be around.
Hopefully that's more helpful than confusing...
Thanks -
Mark
Chris
