On 5/01/2016 1:38 p.m., Alex Samad wrote: > So thought I would try it out > > # > # Delay Pools > # http://wiki.squid-cache.org/Features/DelayPools > # http://www.serverwatch.com/tutorials/article.php/3357241/Reining-in-Bandwidth-With-Squid-Proxying.htm > delay_pools 1 > delay_class 1 1 > > # 10Mb/s fille rate , 20Mb/s reserve > # 10485760/8 = 1310720 > # 20971520/8 = 2621440 > delay_parameters 1 1310720/2621440 > > # What to delay > acl Delay_ALL src all Might as well just use "all" instead of "Delay_ALL" in your rule lines. No need for this custom re-definition of a default ACL. > acl Delay_Domain dstdomain -i "/etc/squid/lists/delayDom.lst" > > delay_access 1 allow Delay_Domain > > > /etc/squid/lists/delayDom.lst > .windowsupdate.com > > > and I can just add domains to the file as needed > .. and then reconfigure Squid. Yes. What the above does is not limit any particular user. But limits the total server bandwidth to those domains (combined) to 10Mbps. It is a good solution, but still has a few problems. WU will now be very slow, proportional to how many users are downloading the updates as MISS rather than HIT. Remembering that until each update object is fully fetched once it will not HIT. > > On 5 January 2016 at 10:57, Alex Samad wrote: >> Hi >> >> Just wanted to confirm my understanding of delay pools and the ability >> to ratelimit inbound traffic. >> >> Today one of our W10 machines did it windows update .. New patch .. >> .MS SQL SP3 - 384M big patch >> >> So it contacts our squid proxy with then downloaded it from WSUS >> update ... which is geocached with out local ISP. >> >> This then flooded our 100Mb wan port. >> >> My understanding is that delay pools will not help me with rate >> limiting that to a cap of say 10Mb/s On the contrary. This is the exact case the old pools are designed to help with. >> >> The only thing that Squid or Linux can do is delay ACK's and thus rate >> limit that way. >> >> Delay pools are more for SQUID -> End user ... No they are for Server->Squid data flow. Done by delaying the read(2) Squid does from the TCP I/O buffer of server delivered data. That has the outward appearance of delaying ACKs the Squid machine sends to the server. HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
