mark@xxxxxxxxxxxxxxxxxx wrote:
Chris -
Thanks again. Yes - it was a 24-bit mask. I knew what I meant(3 255's) I
just wasn't paying enough attention.
One more question - We have 2 T1's, aggregated together, so we have
around 3Mb of bandwidth. I have around 50 public computers and 10 staff
computers browsing at any one time that share this pipe. The staff
machines are not on this proxy. Our ISP has the IP address that goes to
the public proxy rate-limited at the router to no more than 75% of total
bandwidth, which we can change if we want.
If you are paying for the lot, take the 100% for your usage. But if its
a per-byte cost then you will have to judge ourself whether its
cost-effective.
What might be some good numbers to start with to keep the public from
sucking us dry but give each patron enough bandwidth to have a decent
browsing experience?
I find for most people a 256K peak access rate is enough to give a
great-seeming speed. It depends on where in the world you are though and
what your user base are used to from their homes. I've heard of places
where anything less than the full T1 per person is considered slow to
others where 128kpbs was fast.
You could also use ACLs as said earlier to make the delays only apply to
certain times or types.
You can exempt the text/html mime type so people can retrieve pages fast
for genuine research, but other items like videos, flash movies, music
etc get slowed down.
Also, in your opinion, do we have enough bandwidth, or should I be
researching more?
Thats a cost-benefit calculation you need to make yourself. It's always
worth knowing your alternatives, even if only to know whats too
expensive or too much trouble to be worth it.
Amos
Thanks again so much,
Mark
Quoting Chris Robertson <crobertson@xxxxxxx>:
mark@xxxxxxxxxxxxxxxxxx wrote:
Chris -
Thanks for the reply.
Just so I understand, then, even though my network has an 8-bit
mask, I can specify a 16-bit mask when defining an ACL?
Affirmative. Squid is completely unaware of your network layout.
So - on my 10.0.0.0/8 network, I could do something like:
src dept1 src 10.1.0.0/255.255.255.0
This is a 24 bit netmask. But that's just being picky. :o)
src dept2 src 10.2.0.0/255.255.255.0
src dept3 src 10.3.0.0/255.255.255.0
src dept4 src 10.4.0.0/255.255.255.0
delay_pools 4
delay_class 1 2
delay_class 2 2
delay_class 3 2
delay_class 4 2
delay_parameters 1 16348/2097152
For a class 2 pool you need to specify aggregate and individual pools.
If you don't want limits for the aggregate, use "-1/-1". Perhaps what
you meant here was...
delay_parameters 1 2097152/2097152 16348/16348
...which would give (for example) 10.1.0.143 around 128kbps* of
bandwidth (max, with no allowance for bursting), and all computers
10.1.0.1 through 10.1.0.255 a combined pool of in the neighborhood of
16mbps of bandwidth (roughly equivalent to 10 T1s).
delay_parameters 2 16348/2097152
delay_parameters 3 16348/2097152
delay_parameters 4 16348/2097152
delay_access 1 allow dept1
delay_access 2 allow dept2
delay_access 3 allow dept3
delay_access 4 allow dept4
???
.
Other than that one issue, it looks fine to me.
Chris
* Delay pool parameters are specified in bytes. Most networks are
provisioned in bits. If all four of the pools were maxing out their
aggregate download speeds, you'd be nearly maxing a 100 Base-T ethernet
connection. It would, however take almost 200 computers in each pool
all maxing out their individual pools to hit this figure.