mark@ehle.homelinux.org wrote:
> Chris -
>
> Thanks for the reply.
>
> Just so I understand, then, even though my network has an 8-bit mask,
> I can specify a 16-bit mask when defining an ACL?
Affirmative. Squid is completely unaware of your network layout.
>
> So - on my 10.0.0.0/8 network, I could do something like:
>
> src dept1 src 10.1.0.0/255.255.255.0
This is a 24 bit netmask. But that's just being picky. :o)
> src dept2 src 10.2.0.0/255.255.255.0
> src dept3 src 10.3.0.0/255.255.255.0
> src dept4 src 10.4.0.0/255.255.255.0
>
> delay_pools 4
>
> delay_class 1 2
> delay_class 2 2
> delay_class 3 2
> delay_class 4 2
>
> delay_parameters 1 16348/2097152
For a class 2 pool you need to specify aggregate and individual pools.
If you don't want limits for the aggregate, use "-1/-1". Perhaps what
you meant here was...
delay_parameters 1 2097152/2097152 16348/16348
...which would give (for example) 10.1.0.143 around 128kbps* of
bandwidth (max, with no allowance for bursting), and all computers
10.1.0.1 through 10.1.0.255 a combined pool of in the neighborhood of
16mbps of bandwidth (roughly equivalent to 10 T1s).
> delay_parameters 2 16348/2097152
> delay_parameters 3 16348/2097152
> delay_parameters 4 16348/2097152
>
> delay_access 1 allow dept1
> delay_access 2 allow dept2
> delay_access 3 allow dept3
> delay_access 4 allow dept4
>
> ???
> .
Other than that one issue, it looks fine to me.
Chris
* Delay pool parameters are specified in bytes. Most networks are
provisioned in bits. If all four of the pools were maxing out their
aggregate download speeds, you'd be nearly maxing a 100 Base-T ethernet
connection. It would, however take almost 200 computers in each pool
all maxing out their individual pools to hit this figure.
Received on Fri Nov 02 2007 - 18:33:32 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:01 MST