mark@ehle.homelinux.org wrote:
> Chris -
>
> Thanks again. Yes - it was a 24-bit mask. I knew what I meant(3 255's) I
> just wasn't paying enough attention.
>
> One more question - We have 2 T1's, aggregated together, so we have
> around 3Mb of bandwidth. I have around 50 public computers and 10 staff
> computers browsing at any one time that share this pipe. The staff
> machines are not on this proxy. Our ISP has the IP address that goes to
> the public proxy rate-limited at the router to no more than 75% of total
> bandwidth, which we can change if we want.
If you are paying for the lot, take the 100% for your usage. But if its
a per-byte cost then you will have to judge ourself whether its
cost-effective.
>
> What might be some good numbers to start with to keep the public from
> sucking us dry but give each patron enough bandwidth to have a decent
> browsing experience?
I find for most people a 256K peak access rate is enough to give a
great-seeming speed. It depends on where in the world you are though and
what your user base are used to from their homes. I've heard of places
where anything less than the full T1 per person is considered slow to
others where 128kpbs was fast.
You could also use ACLs as said earlier to make the delays only apply to
certain times or types.
You can exempt the text/html mime type so people can retrieve pages fast
for genuine research, but other items like videos, flash movies, music
etc get slowed down.
> Also, in your opinion, do we have enough bandwidth, or should I be
> researching more?
Thats a cost-benefit calculation you need to make yourself. It's always
worth knowing your alternatives, even if only to know whats too
expensive or too much trouble to be worth it.
Amos
>
> Thanks again so much,
>
> Mark
>
>
> Quoting Chris Robertson <crobertson@gci.net>:
>
>> mark@ehle.homelinux.org wrote:
>>> Chris -
>>>
>>> Thanks for the reply.
>>>
>>> Just so I understand, then, even though my network has an 8-bit
>>> mask, I can specify a 16-bit mask when defining an ACL?
>>
>> Affirmative. Squid is completely unaware of your network layout.
>>
>>>
>>> So - on my 10.0.0.0/8 network, I could do something like:
>>>
>>> src dept1 src 10.1.0.0/255.255.255.0
>>
>> This is a 24 bit netmask. But that's just being picky. :o)
>>
>>> src dept2 src 10.2.0.0/255.255.255.0
>>> src dept3 src 10.3.0.0/255.255.255.0
>>> src dept4 src 10.4.0.0/255.255.255.0
>>>
>>> delay_pools 4
>>>
>>> delay_class 1 2
>>> delay_class 2 2
>>> delay_class 3 2
>>> delay_class 4 2
>>>
>>> delay_parameters 1 16348/2097152
>>
>> For a class 2 pool you need to specify aggregate and individual pools.
>> If you don't want limits for the aggregate, use "-1/-1". Perhaps what
>> you meant here was...
>>
>> delay_parameters 1 2097152/2097152 16348/16348
>>
>> ...which would give (for example) 10.1.0.143 around 128kbps* of
>> bandwidth (max, with no allowance for bursting), and all computers
>> 10.1.0.1 through 10.1.0.255 a combined pool of in the neighborhood of
>> 16mbps of bandwidth (roughly equivalent to 10 T1s).
>>
>>> delay_parameters 2 16348/2097152
>>> delay_parameters 3 16348/2097152
>>> delay_parameters 4 16348/2097152
>>>
>>> delay_access 1 allow dept1
>>> delay_access 2 allow dept2
>>> delay_access 3 allow dept3
>>> delay_access 4 allow dept4
>>>
>>> ???
>>> .
>>
>> Other than that one issue, it looks fine to me.
>>
>> Chris
>>
>> * Delay pool parameters are specified in bytes. Most networks are
>> provisioned in bits. If all four of the pools were maxing out their
>> aggregate download speeds, you'd be nearly maxing a 100 Base-T ethernet
>> connection. It would, however take almost 200 computers in each pool
>> all maxing out their individual pools to hit this figure.
>
>
>
>
Received on Sun Nov 04 2007 - 23:38:11 MST
This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:01 MST