Chris -
Thanks again. Yes - it was a 24-bit mask. I knew what I meant(3 255's)
I just wasn't paying enough attention.
One more question - We have 2 T1's, aggregated together, so we have
around 3Mb of bandwidth. I have around 50 public computers and 10
staff computers browsing at any one time that share this pipe. The
staff machines are not on this proxy. Our ISP has the IP address that
goes to the public proxy rate-limited at the router to no more than
75% of total bandwidth, which we can change if we want.
What might be some good numbers to start with to keep the public from
sucking us dry but give each patron enough bandwidth to have a decent
browsing experience?
Also, in your opinion, do we have enough bandwidth, or should I be
researching more?
Thanks again so much,
Mark
Quoting Chris Robertson <crobertson@gci.net>:
> mark@ehle.homelinux.org wrote:
>> Chris -
>>
>> Thanks for the reply.
>>
>> Just so I understand, then, even though my network has an 8-bit
>> mask, I can specify a 16-bit mask when defining an ACL?
>
> Affirmative. Squid is completely unaware of your network layout.
>
>>
>> So - on my 10.0.0.0/8 network, I could do something like:
>>
>> src dept1 src 10.1.0.0/255.255.255.0
>
> This is a 24 bit netmask. But that's just being picky. :o)
>
>> src dept2 src 10.2.0.0/255.255.255.0
>> src dept3 src 10.3.0.0/255.255.255.0
>> src dept4 src 10.4.0.0/255.255.255.0
>>
>> delay_pools 4
>>
>> delay_class 1 2
>> delay_class 2 2
>> delay_class 3 2
>> delay_class 4 2
>>
>> delay_parameters 1 16348/2097152
>
> For a class 2 pool you need to specify aggregate and individual pools.
> If you don't want limits for the aggregate, use "-1/-1". Perhaps what
> you meant here was...
>
> delay_parameters 1 2097152/2097152 16348/16348
>
> ...which would give (for example) 10.1.0.143 around 128kbps* of
> bandwidth (max, with no allowance for bursting), and all computers
> 10.1.0.1 through 10.1.0.255 a combined pool of in the neighborhood of
> 16mbps of bandwidth (roughly equivalent to 10 T1s).
>
>> delay_parameters 2 16348/2097152
>> delay_parameters 3 16348/2097152
>> delay_parameters 4 16348/2097152
>>
>> delay_access 1 allow dept1
>> delay_access 2 allow dept2
>> delay_access 3 allow dept3
>> delay_access 4 allow dept4
>>
>> ???
>> .
>
> Other than that one issue, it looks fine to me.
>
> Chris
>
> * Delay pool parameters are specified in bytes. Most networks are
> provisioned in bits. If all four of the pools were maxing out their
> aggregate download speeds, you'd be nearly maxing a 100 Base-T ethernet
> connection. It would, however take almost 200 computers in each pool
> all maxing out their individual pools to hit this figure.
Received on Sat Nov 03 2007 - 06:54:58 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:01 MST