Wiki

User Tools

Site Tools

Trace:
pfsense:squid:refresh_patterns:squid_refresh_patterns_-_microsoft

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
pfsense:squid:refresh_patterns:squid_refresh_patterns_-_microsoft [2020/03/15 11:31] – created peterpfsense:squid:refresh_patterns:squid_refresh_patterns_-_microsoft [2020/07/15 09:30] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== PFSense - Squid - Refresh Patterns - Squid Refresh Patterns - Microsoft ====== ====== PFSense - Squid - Refresh Patterns - Squid Refresh Patterns - Microsoft ======
 +
 +
 +<code>
 +# Updates: Windows
 +refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
 +refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
 +refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
 +refresh_pattern -i microsoft.com.akadns.net/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
 +refresh_pattern -i deploy.akamaitechnologies.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
 +</code>
 +
 +----
 +
 +Sites like Microsoft’s windowsupdate.com, which virtually all Windows PCs update their OS from, are among the most bandwidth-intensive sites on some networks.
 +
 +Unfortunately, they are not cacheable because they offer partial responses (http return code 206), which Squid presently does not cache.
 +
 +Where you have control over the client machines, you can install Microsoft’s Update Server to handle caching for windowsupdate.
 +
 +If you cannot use the Update Server, you can use Squid’s delay pools — a bandwidth management technique — to limit the portion of bandwidth that windowsupdate consumes during your peak periods.
 +
 +The clients will then have to be online during off-peak periods to complete their updates.
 +
 +Below, we configure one global delay pool at 64Kbps (8KBps).
 +
 +Traffic for which the ACL of destination domain is windowsupdate.com during the peak period of 10:00-16:00 will be limited to 64Kbps.
 +
 +<code>
 +acl winupdate dstdomain .windowsupdate.com
 +acl peakperiod time 10:00-16:00
 +delay_pools 1
 +delay_class 1 1
 +# 64 Kbit/s
 +delay_parameters 1 8000/8000
 +delay_access 1 allow winupdate peakperiod
 +</code>
 +
 +After making changes like the ones above, Squid’s byte hit rate increased from about 8% to between 26-37%.  If you are doing 33%, it means a third of all traffic is coming from your cache, and not from slower links across the Internet.
 +
 +----
 +
  
pfsense/squid/refresh_patterns/squid_refresh_patterns_-_microsoft.1584271887.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki