When your work only has a single T-1 handling 50+ users Internet access, steaming video and music can slow the Internet down significantly. I spoke to management and they didn’t want me to outright block websites, so I determined that it would be good to allow access, just make it slow and painful to use during work hours.

I did some digging around and found that delay pools with Squid can slow downloads. A “pool” is thought of as a bucket. A bucket can only hold so much water (water = data). When users access information from the Internet they are pulling water out of the bucket. The bucket refills at a certain rate we specify. The size of the bucket (or amount of data it can hold) is specified in the squid config. Different classes of delay pools have a couple of different buckets associated with them. A class 1 delay pool only has a single aggregate bucket associated with it (All bandwidth is shared among users). A class 2 delay pool has 2 buckets associated with it, one aggregate bucket and an individual bucket for each user that feeds from the aggregate bucket (I believe this class may be limited to 256 individual buckets). Class 3 has 3 buckets associated with it. One aggregate bucket, network buckets (For individual subnets) which feed from the aggregate buckets, and individual buckets which feed from the network buckets. There are more classes of delay pools. If you are interested, I’d suggest reading more on Squid’s Configuration Options. Specifically look up “Delay Class” and “Delay Parameters”.

First things first, before we go off creating delay pools, we need a way to match websites and media that we want to slow down. So we have to write a few ACLs to match the needed items. I started by making a list of websites that I felt should run slower, I’ve saved a list of sites that should be slowed. I added the following ACLs to my squid config:

acl slowsites dstdomain “/etc/squid3/squid-slowsites.acl”
acl media_items url_regex -i .mp3 .mp4 .vqf .avi .mpeg .mpe .mpg .qt .ram .rm .raw .wav .mov .flv .f4v .wmv .m4v .m4p
acl workday time MTWHF 8:00-17:00
acl nonworktypes req_mime_type -i video/x-flv audio/mpeg audio/mp4 video/mp4 application/flv application/x-mms-framed application/x-fcs

Next, I added the following lines to my config:

delay_pools 2
delay_class 1 2
delay_class 2 1
delay_parameters 1 38400/38400 16000/20000
delay_parameters 2 128000/192000

These lines create the delay pools for us. The first line creates 2 pools. Line 2 & 3 define the pools. Line 2 defines the first pool as a class 2 pool and line 3 defines a class 1 pool. Be aware that the order pools are created in is very important. All rules for delay pool 1 are evaluated before the rules for delay pool 2 are evaluated. The next 2 lines tells squid how much bandwidth each pool gets and how big the bucket is. Line 4 tells squid that the aggregate bucket is 38.4 kbytes big and the bucket fills at a rate of 38.4 kbytes/s . Individual buckets are only 20 kbytes big and they fill at a rate of 16 kbytes/s. I defined my last delay pool with: delay_parameters 2 128000/192000 . This is a single aggregate bucket. The bucket fills at 128 kbytes /s and the bucket is 192 kbytes big.

Now that we have the necessary ACLs defined and we have a delay pools created, we need to tell squid when to match. We use the “delay_access” directive to do this. I added the following directives to slow Internet access (I added these before the http_access allow localnet line, but I’m not sure if that is needed):

delay_access 1 allow localnet slowsites workday
delay_access 1 allow localnet workday media_items
delay_access 1 allow localnet workday nonworktypes
delay_access 2 allow workday localnet

The “localnet” ACL should already be defined in your squid config. This is an ACL that matches all the sources of all requests (Which should be clients on your network). I added these because I didn’t want to allow outside access to our proxy server. The first line matches request from the localnet, during the workday, to one of the slowsites. The second line matches request from the localnet, during the workday that contain one of the mp3, mp4, flv, etc that I defined earlier. The third line matches and required mime-types that isn’t work related, during the workday, from the local network. The last line limits the bandwidth of all machines on the localnet during the workday. Note, I’ve slowed access for everyone, because I don’t want HTTP traffic overwhelming our connection. I’m reserving bandwidth for other applications (Such as HTTPS, SMTP, VPN access). There are no restrictions on speed outside of the 8-5, Monday-Friday workday.

These rules won’t get everything. I had to watch the squid logs to find other sites that people tend to browse that are non-work related, but I believe most are specific to people where I work. I wrote a tool that will print off any large downloads, to help me tweak my squid config. This script reads the squid log and prints requests larger than 3 MB. It won’t print files that were a cache hit, but only files that were a miss. If you pass the script the parameter “old” it will print results from the previous squid file (Usually yesterdays squid log).