[squid-users] Can Traffic Management Settings be configured for other TCP protocols?

J Green corpengineer at gmail.com
Mon May 9 22:40:29 UTC 2016


Sorry to derail off topic, though I appreciate the feedback.  Trying to get
this to work through a Cisco ASA.  If not, I probably have an old 2900
series router somewhere.

Thank you again.

On Mon, May 9, 2016 at 2:33 PM, Yuri Voinov <yvoinov at gmail.com> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> I mean this, for example:
>
> haribda(config)#policy-map Net_Limit
> haribda(config-pmap)#class alternate
> haribda(config-pmap-c)#?
> Policy-map class configuration commands:
>   admit            Admit the request for
>   bandwidth        Bandwidth
>   compression      Activate Compression
>   drop             Drop all packets
>   exit             Exit from class action configuration mode
>   fair-queue       Enable Flow-based Fair Queuing in this Class
>   flow             Flow subcommands
>   log              Log IPv4 and ARP packets
>   measure          Measure
>   netflow-sampler  NetFlow action
>   no               Negate or set default values of a command
>   police           Police
>   priority         Strict Scheduling Priority for this Class
>   queue-limit      Queue Max Threshold for Tail Drop
>   random-detect    Enable Random Early Detection as drop policy
>   service-policy   Configure QoS Service Policy
>   set              Set QoS values
>   shape            Traffic Shaping
>
> haribda(config-pmap-c)#bandwidth ?
>   <1-2000000>  Kilo Bits per second
>   percent      % of total Bandwidth
>   remaining    percent/ratio of the remaining bandwidth
>
> This is 2901, ISR G-2.
>
> 10.05.16 3:15, J Green пишет:
> > Here, re 'upload and download sizes', I meant the later 'dumb traffic
> limits'.
> >
> > We do have a Cisco firewall in place, and I have setup 'traffic
> policing'.  However, the results are inconsistent.  Sometimes it seems to
> work, other times it blocks everything, or it blocks nothing.
> >
> > Appreciate all the feedback, thank you all for your time.
> >
> > On Mon, May 9, 2016 at 12:27 PM, Yuri Voinov <yvoinov at gmail.com
> <mailto:yvoinov at gmail.com> <yvoinov at gmail.com>> wrote:
> >
> >
> > For such task enough put Cisco router with TCP traffic policies .....
> >
> > And please - any protocol, any speed limits, any ACL's, any SLA .....
> >
> >
> > 10.05.16 1:15, Alex Rousskov пишет:
> > > On 05/09/2016 12:53 PM, Yuri Voinov wrote:
> >
> > >> Just to clarify. For proxying anything (protocol or service), the
> proxy
> > >> server must be at the same time also act as the client of a protocol
> or
> > >> service - and as a server.
> >
> >
> > > It all depends on the definition of "upload and download sizes" in the
> > > OP question. If the intent is to understand and restrict individual
> > > protocol messages, then you are right. If the intent is just to limit
> > > the aggregate number of TCP bytes transferred, then protocol
> > > understanding (in a "transparent" setup) is not required.
> >
> > > Needless to say, Squid is unlikely to be the best solution for the
> > > latter "dumb traffic limits" problem, but if an "all-in-one executable"
> > > is a critical requirement, one can make modern Squids to limit tunneled
> > > TCP traffic that it does not understand.
> >
> > > Alex.
> >
> >
> > >> J Green:
> > >>>> Would like to limit maximum upload and download sizes for
> > >>>>       other TCP protocols:  SMB, NFS, FTP, and RDP.
> > > _______________________________________________
> > > squid-users mailing list
> > > squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
> <squid-users at lists.squid-cache.org>
> > > http://lists.squid-cache.org/listinfo/squid-users
> >
> >
> >
> >     _______________________________________________
> >     squid-users mailing list
> >     squid-users at lists.squid-cache.org
> <mailto:squid-users at lists.squid-cache.org>
> <squid-users at lists.squid-cache.org>
> >     http://lists.squid-cache.org/listinfo/squid-users
> >
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJXMQIjAAoJENNXIZxhPexGC9YIAIXbLAOqQMTNmawXVrSpK2rP
> zwW4RmwsmDOZzqFgldMlEJRkSH+H3UXiF6Zw994Ys3pYliB5o55qN3DYB2fGlu4H
> Me3bq71PoZo+qes15l9ePpWq+0jK9B06fMGgWdBeSuVjRwC72hq0k2cPCpg9Hcd3
> KqytNCaM6kb7CFfxhm8g5w0lSHwQkoKM8XDbtVzrKjT0VbFcYRXR6SP5tzRwDW9D
> ZHFQ8hX19RBof8JqWQo6UbhXZBZGtDjoOaGQ/EBMLjzl6guUdKt9Xi8pF+rkBgSk
> S0Y2JZypIxAeMuj9STfRs54ZCId9NtZfA76o5M7PH0OrCfz1oXA+m0kzCQfEZtY=
> =tSMD
> -----END PGP SIGNATURE-----
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160509/af263a65/attachment-0001.html>


More information about the squid-users mailing list