[squid-users] Delay Pools and HTTPS on Squid 3.x

Wed Feb 17 02:37:05 UTC 2016

Hey djch Thanks for your quick reply...

Anyway, I know that delay pools are implemented at software layer, but
maybe the error was just a simple mistake porting the old squid 2 project.
Even when these days we have tools to do this more efficiently like TC-CBQ,
in environments where squid works as no transparent proxy, the delay pools
are very useful, in my country I'm pretty sure that a lot of network
administrator will be thankful about a fix. I was trying to handle this
using TC-CBQ in my proxy server but I read in many articles that you have
to mark the traffic in squid to make it work.

So... Do you think that maybe some developers can take the task if the bug
is reported?

As a secondary thing (Do you know any possible implementation using squid
and TC-CBQ?)

Cheers

On Tue, Feb 16, 2016 at 8:26 PM, djch [via Squid Web Proxy Cache] <
ml-node+s1019090n4676045h86 at n4.nabble.com> wrote:

> It's been a while since I've looked at this—because the software we use to
> generate our squid.conf just works around now—but we found that Squid 3
> would only enforce exactly half the configured rate on HTTP requests but
> enforce the full rate on HTTPS requests.
>
> So we now make two delay pools for every "restriction": one for HTTP which
> is x2 the byte rate and one for HTTPS which is normal.
>
> I don't we looked much more into it or filed a bug 'cause none of the
> developers seem very keen on pushing delay_pools forward, due their being
> more robust network-level approaches these days.
>
> On Wed, 17 Feb 2016 at 12:37 Hery Martin <[hidden email]
> <http:///user/SendEmail.jtp?type=node&node=4676045&i=0>> wrote:
>
>> Hello everybody:
>>
>> Since a few months ago I'm using squid to provide a solution as small
>> business proxy in the network of my work place.
>>
>> I'm from Cuba, in our country the Internet is a very limited resource. I
>> have only one link of 2Mbps to share with 20 ~ 25 users (even with my
>> network have more than 60) this is the normal concurrent number.
>>
>> When I start the squid deployment in my network I started using
>> 2.7stable9 version, I made all arrangements to put it work with my AD to
>> match ACLs using AD Groups and everything works perfect.
>>
>> I defined 1 class 2 delay pools to to limits traffic to 12 KBytes/s per
>> user approx.
>>
>> delay_pool 1
>> delay_class 1 2
>> delay_parameters -1/-1 12228/12228
>>
>> The delay pool works perfect, I was checking with real-time tool sqstat
>> and with squidclient mgr:delay
>>
>> NOW.....
>>
>> I recently upgrade squid to 3.3.8 and I notice that delay pool started to
>> going wrong when the users surf or download using HTTPS protocol
>>
>> I checked in real-time and when the users browse HTTPS the pool goes in
>> negative numbers and start to grow and grow, its very easy to check, just
>> define a delay pool with 5KB and start a download from an HTTPS source and
>> you can check it with squidclient mgr:delay, the ip takes negative pool
>> value and keep growing until the download finish.
>>
>> Frustrated with this behavior I put different squid versions in a
>> Virtualization Server and definitely I saw that the problem occurs with
>> squid 3.x versions, today I made a final test and I think that the
>> implementation of HTTP v1.1 is maybe related with that problem (I'm not
>> sure but tomorow I will make a few tests with squid 3.1 where HTTP v1.1 was
>> not yet implemented)
>>
>> Please, if you have the opportunity, just test this in a Lab environment,
>> I decided to write to this email list because I asked to many people that
>> already have implemented squid as proxy in their networks and they didn't
>> believed to me until I demostrated the issue.
>>
>> Have anyone information about this bug? There is any hope to fix this
>> problem at code level?
>>
>> Anyway, I'm computer systems engineer, I use to write a lot C++ lines
>> every week... I'm not related with the squid development (never saw the
>> code in my life) but if somebody have any idea how to fix this and wants
>> help just count with me.
>>
>> Greetings from Cuba and sorry about my English :)
>> _______________________________________________
>> squid-users mailing list
>> [hidden email] <http:///user/SendEmail.jtp?type=node&node=4676045&i=1>
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
> _______________________________________________
> squid-users mailing list
> [hidden email] <http:///user/SendEmail.jtp?type=node&node=4676045&i=2>
> http://lists.squid-cache.org/listinfo/squid-users
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://squid-web-proxy-cache.1019090.n4.nabble.com/Delay-Pools-and-HTTPS-on-Squid-3-x-tp4676043p4676045.html
> To unsubscribe from Delay Pools and HTTPS on Squid 3.x, click here
> <http://squid-web-proxy-cache.1019090.n4.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=4676043&code=c2NvcnBpb254aWlAZ21haWwuY29tfDQ2NzYwNDN8MTE2NzYzMzM3NA==>
> .
> NAML
> <http://squid-web-proxy-cache.1019090.n4.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Delay-Pools-and-HTTPS-on-Squid-3-x-tp4676043p4676046.html
Sent from the Squid - Users mailing list archive at Nabble.com.