Adeptus-Mechanicus

Main
Codex
Librarium Whitehat
Advisories
Blog Pics
"Inveniam viam aut faciam" : I will either find a way, or I shall make one


SQUID BANDWIDTH - DELAY POOLS

The open-source proxy called squid is a tremendously useful server application. We have previously discussed using it with authentication or transparent proxying (see here). Now lets take a look at how you can use it to manage your web bandwidth usage.

What is used?
Squid has a feature called delay pools. Now with delay pools you can specify a bandwidth pool and how it is used. The basic options just create one big pool and allow indiscriminate usage of it, let try to be a bit more fair. Lets work with the following block of squid.conf configuration..
acl legit src 10.1.1.0/255.255.255.0
delay_pools 1
delay_class 1 3
delay_access 1 allow legit
delay_access 1 deny all
delay_parameters 1 64000/64000 -1/-1 16000/64000

Lets go through each line in detail..

acl legit src 10.1.1.0/255.255.255.0
This line setups the acl for your users by specifying the source network,

delay_pools 1
Here we say that we only have 1 delay pool,

delay_class 1 3
This says that delay pool 1 is a class 3 delay pool. A class 3 is when you can use network and individual ip address to control usage of your aggregate pool,

delay_access 1 allow legit
Here we only allow our "legit" users access to the delay pool,

delay_access 1 deny all
And here we don't allow anyone else access to it,

delay_parameters 1 12500/12500 -1/-1 1000/8000
Lastly we setup the parameters for delay pools 1. The first set of numbers is your pool size and is in bytes, so the 12500/12500 is indicative of a 100kbps line. The first number is the number of bytes allowed into the pool and the second number is how big the pool can get, so by specifying 12500/12500, we have strictly limited the pool to fit a 100kbps line. The second set of numbers is if you want to limit how a network as a whole can use the pool, since we want to limit users and not networks, we specify -1/-1 as a -1 represents unlimited, so this means a network has full access to the pool. The third set of numbers is used for users. What squid does it allocates the specified limit to each unique ip address it sees, and the 1000/8000 limits means that a person can use 8kbps a seconds and can use a maximum bucket size of 64kbps. This should slow down downloaders.

Final Words
We know that squid is useful, but using the "delay pools" feature allows us to leverage it a bit more and help keep our networks under control. As always have fun and learn.