Volume quota management availablity

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Volume quota management availablity

Anoop Sreedharan
Dear Team,
We have an IT environment catering to educational institute wherein we have approx more than 1000 users accessing the internet.

having a volume based internet subscription, we are in need to have a solution wherein i need to restrict users to a certain volume of quota per month and upon crossing that threshold, need to either stop their access or throttle their bandwidth speed.

following is the scenario. having an internet link of 50Mbps in my campus

1. users have to be authenticated via Active Directory  -- i.e. users in a certain AD group should only get access to internet
2. should be able to define a volume threshold ( e.g 100GB per group/per user)
3. upon exhaustion of the volume the user bandwidth should b throttled to, say, 256Kbps. OR block internet access to that user completely.
4. this volume calculation should be done for both HTTP and HTTPS based session.
5. should be able to generate a monthly report showcasing the volume consumed by specific user during a specific time-frame by showing the spread of the volume distributed within websites visited/downloaded from.
 
Kindly help to suggest this could be possible with Squid. 
I am open to using some log analytics mechanism like sarg or anything similar for reporting.

--
Regards,
T Anoop Sreedharan
+91-9022078298

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Volume quota management availablity

Amos Jeffries
Administrator
On 19/03/18 23:03, Anoop Sreedharan wrote:

> Dear Team,
> We have an IT environment catering to educational institute wherein we
> have approx more than 1000 users accessing the internet.
>
> having a volume based internet subscription, we are in need to have a
> solution wherein i need to restrict users to a certain volume of quota
> per month and upon crossing that threshold, need to either stop their
> access or throttle their bandwidth speed.
>
> following is the scenario. having an internet link of 50Mbps in my campus
>
> 1. users have to be authenticated via Active Directory  -- i.e. users in
> a certain AD group should only get access to internet
> 2. should be able to define a volume threshold ( e.g 100GB per group/per
> user)
> 3. upon exhaustion of the volume the user bandwidth should b throttled
> to, say, 256Kbps. OR block internet access to that user completely.
> 4. this volume calculation should be done for both HTTP and HTTPS based
> session.
> 5. should be able to generate a monthly report showcasing the volume
> consumed by specific user during a specific time-frame by showing the
> spread of the volume distributed within websites visited/downloaded from.
>  
> Kindly help to suggest this could be possible with Squid. 
> I am open to using some log analytics mechanism like sarg or anything
> similar for reporting.

Quota is not a concept easily applied to HTTP messaging since it is a
stateless protocol and operates in terms of entire messages - not
packets or bytes. As such there is intentionally no mechanism to
maintain statefulness between transactions for quota controls to use in
Squid.

There is also a rather lot of traffic details outside of HTTP an unknown
to Squid which greatly affect the relationship between what Squid sees
as bandwidth and what actually occurs "on wire". That all makes the OS
networking stack a much better place to do such management.

Most OS these days provide very capable tools for QoS bandwidth
management. Squid provides configuration features to integrate with
those, delivering packet TOS markings per-transaction or per-message for
the machines OS systems to utilize in their QoS flow identification and
accounting.



Log analysis (eg SARG) and helpers are other possibilities that worked
in the past ...

 BUT these methods have always suffered from the problem of only
accounting for traffic usage at the end of a completed HTTP transaction
and authorizing users only at the beginning. The difference can see
large amounts of over-usage and CONNECT tunnels are the worst-case
scenario there as they may last for days/weeks with "infinite" amount of
traffic usage meanwhile.

 Added to those problems we now face most traffic being HTTPS ... which
goes through proxies via CONNECT tunnels. So much for those ways of
doing quotas.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Volume quota management availablity

Yoinier Hernandez Nieves
2018-03-20 10:25 GMT-04:00, Amos Jeffries <[hidden email]>:

> On 19/03/18 23:03, Anoop Sreedharan wrote:
>> Dear Team,
>> We have an IT environment catering to educational institute wherein we
>> have approx more than 1000 users accessing the internet.
>>
>> having a volume based internet subscription, we are in need to have a
>> solution wherein i need to restrict users to a certain volume of quota
>> per month and upon crossing that threshold, need to either stop their
>> access or throttle their bandwidth speed.
>>
>> following is the scenario. having an internet link of 50Mbps in my campus
>>
>> 1. users have to be authenticated via Active Directory  -- i.e. users in
>> a certain AD group should only get access to internet
>> 2. should be able to define a volume threshold ( e.g 100GB per group/per
>> user)
>> 3. upon exhaustion of the volume the user bandwidth should b throttled
>> to, say, 256Kbps. OR block internet access to that user completely.
>> 4. this volume calculation should be done for both HTTP and HTTPS based
>> session.
>> 5. should be able to generate a monthly report showcasing the volume
>> consumed by specific user during a specific time-frame by showing the
>> spread of the volume distributed within websites visited/downloaded from.
>>
>> Kindly help to suggest this could be possible with Squid.
>> I am open to using some log analytics mechanism like sarg or anything
>> similar for reporting.
>
> Quota is not a concept easily applied to HTTP messaging since it is a
> stateless protocol and operates in terms of entire messages - not
> packets or bytes. As such there is intentionally no mechanism to
> maintain statefulness between transactions for quota controls to use in
> Squid.
>
> There is also a rather lot of traffic details outside of HTTP an unknown
> to Squid which greatly affect the relationship between what Squid sees
> as bandwidth and what actually occurs "on wire". That all makes the OS
> networking stack a much better place to do such management.
>
> Most OS these days provide very capable tools for QoS bandwidth
> management. Squid provides configuration features to integrate with
> those, delivering packet TOS markings per-transaction or per-message for
> the machines OS systems to utilize in their QoS flow identification and
> accounting.
>
>
>
> Log analysis (eg SARG) and helpers are other possibilities that worked
> in the past ...
>
>  BUT these methods have always suffered from the problem of only
> accounting for traffic usage at the end of a completed HTTP transaction
> and authorizing users only at the beginning. The difference can see
> large amounts of over-usage and CONNECT tunnels are the worst-case
> scenario there as they may last for days/weeks with "infinite" amount of
> traffic usage meanwhile.
>
>  Added to those problems we now face most traffic being HTTPS ... which
> goes through proxies via CONNECT tunnels. So much for those ways of
> doing quotas.
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>

You can use Squish, and project to count the squid quote navigation,
reading the log file.

Here the URL

www.mcgill.org.za/software/squish/

YnievesDotNet
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users