[squid-users] Question about delay pools again

Amos Jeffries squid3 at treenet.co.nz
Tue Jan 5 01:40:05 UTC 2016 

On 5/01/2016 1:38 p.m., Alex Samad wrote:
> So thought I would try it out
> 
> #
> # Delay Pools
> # http://wiki.squid-cache.org/Features/DelayPools
> # http://www.serverwatch.com/tutorials/article.php/3357241/Reining-in-Bandwidth-With-Squid-Proxying.htm
> delay_pools 1
> delay_class 1 1
> 
> # 10Mb/s fille rate , 20Mb/s reserve
> # 10485760/8 = 1310720
> # 20971520/8 = 2621440
> delay_parameters 1 1310720/2621440
> 
> # What to delay
> acl Delay_ALL src all

Might as well just use "all" instead of "Delay_ALL" in your rule lines.
No need for this custom re-definition of a default ACL.

> acl Delay_Domain dstdomain -i "/etc/squid/lists/delayDom.lst"
> 
> delay_access 1 allow Delay_Domain
> 
> 
> /etc/squid/lists/delayDom.lst
> .windowsupdate.com
> 
> 
> and I can just add domains to the file as needed
> 

.. and then reconfigure Squid. Yes.

What the above does is not limit any particular user. But limits the
total server bandwidth to those domains (combined) to 10Mbps. It is a
good solution, but still has a few problems.

WU will now be very slow, proportional to how many users are downloading
the updates as MISS rather than HIT. Remembering that until each update
object is fully fetched once it will not HIT.


> 
> On 5 January 2016 at 10:57, Alex Samad wrote:
>> Hi
>>
>> Just wanted to confirm my understanding of delay pools and the ability
>> to ratelimit inbound traffic.
>>
>> Today one of our W10 machines did it windows update .. New patch ..
>> .MS SQL SP3 - 384M big patch
>>
>> So it contacts our squid proxy with then downloaded it from WSUS
>> update ... which is geocached with out local ISP.
>>
>> This then flooded our 100Mb wan port.
>>
>> My understanding is that delay pools will not help me with rate
>> limiting that to a cap of say 10Mb/s

On the contrary. This is the exact case the old pools are designed to
help with.

>>
>> The only thing that Squid or Linux can do is delay ACK's and thus rate
>> limit that way.
>>
>> Delay pools are more for SQUID -> End user ...

No they are for Server->Squid data flow. Done by delaying the read(2)
Squid does from the TCP I/O buffer of server delivered data. That has
the outward appearance of delaying ACKs the Squid machine sends to the
server.

HTH
Amos

More information about the squid-users mailing list