Bandwidth Management with SQUID

WIKI: https://wiki.squid-cache.org/Features/DelayPools

There are different ways to limit the bandwidth of certain requests originating from end user (internal network) based on any list of criteria. You can do this mainly with Sofware-Based Firewall, Hardware-Based Firewalls, Routers, Proxy Servers etc…

In this tutorial, we will learn how to limit the bandwidth based on IP Address in Squid Proxy Server. It is assumed that currently all your HTTP traffic is being forwarded to proxy server. So, we do not have to make any changes on the client-side, all has to be done on the proxy server-side only.

Current Scenario:

A company is having 30Mbps internet link. Application TESTA (www.testa.com) is very crucial to the company which is being accessed by specific people and its availability is very important 24/7. Now some group of users are given full access to the internet i.e downloading, streaming, etc… without any filtering, because of there extreme level of browsing, bandwidth chokes sometimes, and that results in stopping TESTA users to access it over 30Mbps internet link. We dont want the bandwidth to be fully used.

Goal:

We will divide out current 30 Mbps link bandwidth into pools, so certain users do not exceed a defined bandwidth. It is can be done in 3 different ways with squid delay_pools.

1. Class 1 pool allows to restrict the rate of bandwidth for large downloads. This makes the restriction of rate of download of a large file. In below example we have decided to assign 3 users with 15Mbps of the bandwidth which will be shared among them. They cant exceed this threshold. So we will be having half of the other BW available for other apps and users for seamless experience.

Steps:

  1. Define the ACL for the delay pool
  2. Defines the number of delay pools (delay_pools 1)
  3. Define the class of delay pool (delay_calss 1 1)
  4. Set the parameters for the pool number (delay_parameres 1 restore_rate/max_size). Once the request exceds the max_size then the squid will make the bandwidth to the given restore_rate for a user/source(The mesurement is taken in “bytes”)
  5. Enable the delay_access to include the feature (delay_access)
# vim squid.conf

Example 1:

acl only15mbpsusers src 172.25.21.29       # user1 IP 
acl only15mbpsusers src 172.25.21.30       # user2 IP 
acl only15mbpsusers src 172.25.21.26       # user3 IP
delay_pools 1
delay_class 1 3
delay_access 1 allow only15mbpsusers
delay_access 1 deny all
delay_parameters 1 1544000/1544000 -1/-1 1544000/1544000

Example 2:

acl bw_users src 172.25.21.0/24   # The acl defined for the Network    
delay_pools 1                     # This will tell the delay pool number
delay_class  1 1                  # This defines the delay pool number 1 is #a class1 type delay pool
delay_parameters 1 20000/15000    #This is delay parameter for pool number 1 #which has the restore rate of 20000 when the usage hits 15000 bytes
delay_access 1 allow bw_users     # This is the access tag which tie to the #acl bw_users

#This will make the bandwidth usage for any one of the src when execeds the #download limit of 15K, restores the rate of download to 20K/s.

# reload the squid

Limitations of class pool1: If we have a bandwidth of 1500000 Bytes and if we configure a rate of 20000 bytes per sec then the max simultaneous connections will be 1500000/20000 = 75. This will max out the connection if we have a large number of connections from the src.

2. Class 2 pool allows to set the bandwidth usage to a sustained rate.

Using the class 2 pool we can overcome the Limitation of max out in class1. So here we can implement the Bandwidth in aggregate rate.

Configure the class 2 pool:

If we have a Link with bandwidth of (1.5Mb/s) 1544000 bytes/s of bandwidth. If we need to limit or set ceiling of 62500 bytes/s (500k/s) as bandwidth for the netusage and 10% of the ceiling for each user

acl bw_users src 172.25.21.0/24 # The acl defined for the Network
delay_pools 1      # Number of Pool
delay_class 1 2    # Defines the class of pool for the Pool Number 1
delay_parameters    1 62500/62500 6250/6250 # This tells to create a ceiling of 500K (62500) for our bandwidth having (1.5M) with a individual ceiling of  #10% of the ceiling (Any given time the users will be restricted to the 10% of the ceiling bandwidth 500k)
delay_access 1 allow bw_users    # This is the access tag which tie to the acl bw_users
# reload squid

Test the rate of bandwidth using wget. Here we can see that all the rate will be restricted to 10% of the cieling from the beginning for all the src. This makes the rest of the bandwidth free for usage of other purpose i.e, Out of 1.5M we have taken a cieling of .5M for internel network and we have told to squid that each request from src should get a 10% of .5M of bandwidth.

In the class1 pool the restriction of the bandwidth was started only after meeting the max size of download. But in class 2 instead of the max download size here we defined a ceiling and user is restricted to it from the beginning.

Test the rate of bandwidth using wget. Here we can see that all the rate will be restricted to 10% of the cieling from the beginning for all the src. This makes the rest of the bandwidth free for usage of other purpose i.e, Out of 1.5M we have taken a cieling of .5M for internel network and we have told to squid that each request from src should get a 10% of .5M of bandwidth.

3. Class3 pool allows to restrict the bandwidth usage for subnets.

This will implement the bandwidth management with aggregate rate per subnets. i.e, the class2 pool with subnet-based ceiling.

acl bw_users src 172.25.21.0/24 # The acl defined for the Network
delay_pools 1    # Number of Pool
delay_class 1 3  # Defines the class of pool for the Pool Number 1
delay_parameters 1 62500/62500 31250/31250 6250/6250 # This tells to create a ceiling of 500K (62500) for our bandwidth having (1.5M) with a subnets ceiling of 50% of the ceiling (Any given time the request from the each subnets will be restricted to the 50% of the ceiling bandwidth 500k and each users in subnet will have 20% of the bandwidth rate of subnet ceiling)
delay_access  1  allow  bw_users       # This is the access tag which tie to the acl bw_users

# reload squid

This makes the squid to make the bandwidth usage 50% per subnet(Incase if we have 2 subnets in our network) and each user will get 20% of the subnet cieling. (i.e, out of 1.5M we have taken a cieling of .5M. the subnet cieling will share 50% of this .5M clieing(.25M). In each subnet the users will get 20%(.05M) of bandwidth of the subnet ceiling (.25M)).

Delay Pool class2 with Time based ACL:

acl bw_users src 192.168.1.0/24       # The acl defined for the Network
acl work_time time MTWHF 09:00-18:00
delay_pools    1                      # Number of Pool
delay_class    1 2                    # Defines the class of pool for the Pool Number 1
delay_parametes    1 62500/62500 25000/25000 # each user has given an average of 25000 bytes of bandwidth
delay_access  1  allow work_time      # This is the access tag which tie to the acl all and work_time.

# reload squid

This will make the class 2 pool to be activated only while the office hours. Test by changing the time in the squid servers after configuring the class 2 pool with time period.

Unknown's avatar

Published by Anwer Ali

Leave a comment