Squid and the Limiter
I am using the latest version of pfSense and Squid3 version 3.1.20 installed via package. I have a bandwidth limiter for the lan but I would like to NOT limit traffic coming from the squid cache. I want it to go full speed. It seems that the Squid zero Penalty feature is what need (http://wiki.squid-cache.org/Features/QualityOfService).
I think if I use something like this qos_flows local-hit=0x30 to mark the cache hits and then use a lan rule with Diffserv Code Point to mark to allow traffic to pass with the rule being before the rule that limits the bandwidth that seems like it would do the trick. Problem is that the wiki says I need this "Requires –enable-zph-qos configure option". How do I set this? I tried putting --enable-zph-qos and enable-zph-qos (without the --) in custom options box on the proxy server general tab, but I get this
error:cache_cf.cc(381) parseOneConfigFile: squid.conf:100 unrecognized: 'enable-zph-qos'
when I do a squid -z from the command line.
I also tried just adding qos_flows local-hit=0x30 but then I get this cache_cf.cc(381) parseOneConfigFile: squid.conf:100 unrecognized: 'qos_flows'.
Anyone have any idea how to get this to work? Also does this qos_flows local-hit=0x30 need to be 0x30 or should it be something else and what I select for the diffserv code point for the LAN rule.
I downgraded to squid 2.7 and can now successfully mark packets with whatever hex code I select, but I cannot get pfsense to do anything with them. I verified the packets with tcpdump -nvi bge1 and see the tos hex value that I marked with. I tried setting rules with diffserve code that corresponds to the hex value and tried the shaper but it seems as thought pfsense ignores all of them. Checking the logs, they do not show any packets that were matched, blocked or passed that were marked by squid. Having squid deliver cached pages at full wire speed is very important. It is also a must to share bandwidth evenly.
I can get squid to deliver pages at full wire speed if I use no limiters. Does anyone have any clue how to do this while still using limiters for non cached pages? Or at the very least get pfsense to recognize the tos, dscp, diffserv (whatever you want to call them) values?
Have you tried custom delay pools? It's working for me, you should try it.
LUSCA r14850 patched by chudy.