[squid-users] Delay Pools and HTTPS on Squid 3.x
Eliezer Croitoru
eliezer at ngtech.co.il
Wed Feb 17 05:51:05 UTC 2016
Hey Martin,
I was wondering if you had the chance of trying to enforce some QOS
policy on the OS level?
Also what OS and distribution are you using?
Eliezer
On 17/02/2016 03:37, Hery Martin wrote:
> Hello everybody:
>
> Since a few months ago I'm using squid to provide a solution as small
> business proxy in the network of my work place.
>
> I'm from Cuba, in our country the Internet is a very limited resource. I
> have only one link of 2Mbps to share with 20 ~ 25 users (even with my
> network have more than 60) this is the normal concurrent number.
>
> When I start the squid deployment in my network I started using
> 2.7stable9 version, I made all arrangements to put it work with my AD to
> match ACLs using AD Groups and everything works perfect.
>
> I defined 1 class 2 delay pools to to limits traffic to 12 KBytes/s per
> user approx.
>
> delay_pool 1
> delay_class 1 2
> delay_parameters -1/-1 12228/12228
>
> The delay pool works perfect, I was checking with real-time tool sqstat
> and with squidclient mgr:delay
>
> NOW.....
>
> I recently upgrade squid to 3.3.8 and I notice that delay pool started
> to going wrong when the users surf or download using HTTPS protocol
>
> I checked in real-time and when the users browse HTTPS the pool goes in
> negative numbers and start to grow and grow, its very easy to check,
> just define a delay pool with 5KB and start a download from an HTTPS
> source and you can check it with squidclient mgr:delay, the ip takes
> negative pool value and keep growing until the download finish.
>
> Frustrated with this behavior I put different squid versions in a
> Virtualization Server and definitely I saw that the problem occurs with
> squid 3.x versions, today I made a final test and I think that the
> implementation of HTTP v1.1 is maybe related with that problem (I'm not
> sure but tomorow I will make a few tests with squid 3.1 where HTTP v1.1
> was not yet implemented)
>
> Please, if you have the opportunity, just test this in a Lab
> environment, I decided to write to this email list because I asked to
> many people that already have implemented squid as proxy in their
> networks and they didn't believed to me until I demostrated the issue.
>
> Have anyone information about this bug? There is any hope to fix this
> problem at code level?
>
> Anyway, I'm computer systems engineer, I use to write a lot C++ lines
> every week... I'm not related with the squid development (never saw the
> code in my life) but if somebody have any idea how to fix this and wants
> help just count with me.
>
> Greetings from Cuba and sorry about my English :)
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
More information about the squid-users
mailing list