Jeff Gregor wrote:
I have a site that connects to the internet via satellite. Squid 3.0
sits on the firewall as a transparent proxy to reduce the amount of
data downloaded (we have a daily threshold) and to speed up access
(since satellite latency sucks). The satellite serves two groups of
users, each on their own subnet. There's public access on
192.168.20.0/24, and office access on 192.168.10.0/24. Usable
bandwidth is about 1 Mbps. Right now it seems like one or two users
(generally on the public subnet) suck up all the bandwidth and the
rest of the network slows to a crawl. I'd like to accomplish the
following:
* Split usable bandwidth in half, 512 kbps for each subnet
This you can do.
* Idle bandwidth should be available for the office subnet
(ie, if no one is using public access, full bandwidth should
be available for office use )
Delay pools do not allow for this.
* Establish per-user (by IP) limits on each net so that one user
can't suck up all available bandwidth from their subnet
This you can do.
(and again, if network is idle users should get more bandwidth.)
Again, delay pools do not really allow for this. You'd have to look
into a fair queuing algorithm for your firewall to do this properly.
Generally there is a max of about 10 users on each subnet at a time,
and usually far fewer.
I already have existing acls for the two subnets:
acl publicusers src 192.168.20.0/24
acl officeusers src 192.168.10.0/24
I'm really struggling with what combination of delay pool types and
bandwidth settings would accomplish this - figuring out what per-user
settings should be really has me stumped. Math is not among my
strengths. :-) I've read the documentation in the conf file and
googled extensively, but I just can't seem to wrap my brain around this.
Any help would be greatly appreciated!
Something like...
# Declare two pools
delay_pools 2
# Define the first pool type
delay_class 1 2
# Define the second pool type
delay_class 2 2
# Define the limits of the first pool (512kbit.sec aggregate,
128kbit/sec individual)
delay_parameters 1 64000/64000 16000/16000
# Same thing for the second pool
delay_parameters 2 64000/64000 16000/16000
# Shove the public users in pool 1...
delay_access 1 allow publicusers
# ...and the office workers into pool 2
delay_access 2 allow officeusers
...would (as the commenting suggests) create two equal pools of
512kbit.sec max, and give each IP in the subnet a max of 128kbit.sec
(one quarter of the aggregate). Alternatively, you could choose to
define only one pool and only apply it to the public access. This would
keep the public access from taking more than their "fair share" but
would allow the office workers free reign. Additionally, you might make
a time-based ACL such that the public access delay pool only applies
during "office hours". Just be aware that delay pools are only assigned
at the initiation of a request.
Chris