I am testing squid 3.0 on a ubuntu amd64 box. I am facing a problem with the delay pool classes when I set the delay_access parameters with multiple ACLs. Have been going through the squid wiki and nothing conclusive. Perhaps someone or a squid guru can share their experience using delay pools in squid 3.x, 2.x is slightly different i think. I am putting all into one question, since all is related to this interesting feature in squid.
A simple example:
acl workday time MTWHF
acl work_time time 9:00 - 18:00
acl work_day time MTWHF 9:00 - 18:00
acl streaming_site dstdomain youtube.com hulu.com
delay_pools 2
delay_class 1 2
delay_class 2 2
delay_access 1 work_day streaming_site
delay_parameters 1 500000/500000 100000/100000
delay_access 1 deny all
delay_access 2 !work_day
delay_parameters 2 1000000/1000000 500000/500000
delay_access 2 deny all
Question 1: How do squid evaluates multiple ACLs in delay_access, is it using OR rule or AND rule. If it is using AND rule to match two or more ACLs, what do we do to achieve OR for the multiple ACLS.
Question 2: Does the parameters below give the same effect?
delay_access 1 work_day streaming_site
or
delay_access 1 work_day
delay_access 1 streaming_site
Question 3: Once a delay pool is not being used. Will that pool affect the total bandwidth. For example delay_access 1 rule that has expired after work hours at 18:01++. Why the delay pool is not reset back to not used. Or how to reset it back to empty?
Thanks in advance for sharing your experience.
References that I have checked, read and read and test....but still interested to know some other people experience with multiple ACLs.
- The official wiki : still not enough explanation about multiple ACLs
- Visolve.com : Open source consultancy firm..with some work with squid
- Squid ACLs and delay pool article
- Howtoforge article on delay pools : This has been referred to in another question in serverfault
- From it toolbox site
You might want to check the "delay_pool" directive listed in your example-- shouldn't it be "delay_pools" (with an 's')? I tested it locally (well, with Squid 2.7 not 3) and it caused all the delay_pools to fail.
Regarding question 1, the ACLs are OR'ed. Here's an example of how I use it to not use delay pools for access to internal resources through our proxy:
Regarding question 2, you will want to put each acl directive on its own line.
For question 3, the simple answer is that based on your example, the "buckets" of bandwidth available to each client will always instantly refill. So they won't ever be empty.
The longer explanation is that the "buckets" will always refill at the rate you specify. A client will start out with delay_initial_bucket_level amount of bandwith. As the client downloads, data is removed from the bucket. So if you specify delay_initial_bucket_level 50, the buckets will start at 50% full. In your example above, the buckets always instantly refill (because they are specified as "100000/100000" for example) which means that the client is simply throttled to 100000. If you specified 5000/100000 then the buckets would "refill" at a rate of 5000. In that case, the bucket will refill at the normal rate even if the ACL isn't using it at the time.