[squid-users] Squid as transparent in 'caching layer'

Yuri Voinov yvoinov at gmail.com
Sun May 10 10:35:03 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
Amos,

independent proxies also supported by Cisco WCCP. For redundancy it can
group any numbers of transparent proxies.

WBR, Yuri

10.05.15 12:57, Amos Jeffries пишет:
> On 10/05/2015 6:31 p.m., Ibrahim Lubis wrote:
>> Hi,
>>
>> Most of all know about tiered network
>> topology(access,aggregation/dist,core) from core than to firewall and
then
>> to router. For redundancy usually there 2 core and 2 firewall. I was
>> thinking adding a transparent caching layer between core and
firewall,just
>> adding squid box. It is okay just adding 2 independent squid box or I
need
>> some sync between squid box ? What if I add not 2 but 6 and doing
>> active-active on both core n firewall? Can anybody give me insight ?
Btw My
>> objective is to save some bandwidths from user for internet access.
>
> Go with independent Squid boxes until you are happy that they are
> operating properly and you know whats going on. Number of Squid does not
> matter much, so long as they each can handle the traffic load you put
> through. If you are new to this start with just one and put only a small
> amount of the traffic through, then increase gradually until you need 2,
> and so on.
>
> Sync'ing between the Squid caches, and interception proxying can each
> have unwanted side effects. Its best to deal with those in separately to
> avoid confusion and troubles.
>
>
> "active-active on both core n firewall" does not matter. You MUST NOT
> perform destination-NAT (or TPROXY) on any machine other than the Squid
> box receiving the TCP connection from client(s). The firewalls and core
> only perform *routing* (perhapse over a tunnel) to get the TCP packets
> to the right Squid box. This has the nice side effect of greatly
> reducing the amount of data the firewalls need to sync.
>
>
> Hints for beginners:
>
>  Caching can make some traffic appear slower - all MISS and some REFRESH
> transactions. There is extra packet processing done by the proxy and
> latency getting the packets around. This is the tradeoff for bandwidth
> saving. Super-fast HITs and traffic optimization can make up for that,
> but not always.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJVTzRXAAoJENNXIZxhPexGXJYIAMtb90ri0hymGN7ZGTVH98cy
uZbNjQ2kYQqxXGCkkSFECpjM0wqkONF6pPGrL1YqcecZCkmGNS6ExE6r4FMuX8y1
oBE2z9OfaN/4CfMq4+WvE0jwtyOSVyKIUSUKr+I2qTNCubg0kFgr9yWONOdLbUDJ
FJ06c1qqb1U8u8ZsYFTL7/hfTgVRr6QjnGQlnNcCwzU+/QIAtAP7GyRxJB0b0yxJ
i2M/LQ+d1LJMhCgX6ICgBas5x+GXXB3KHtH0jAn/xF854qciQhbOrMf0O/j/ac19
4XB8qfqsGkIvPe3TcPSYypyOJn1dXILpb7mmNogGzh+rE4nmdRG7cam6MX3En8c=
=SXkU
-----END PGP SIGNATURE-----

More information about the squid-users mailing list