[squid-users] Squid as transparent in 'caching layer'

Ibrahim Lubis baim.lubis at gmail.com
Sun May 10 16:09:59 UTC 2015


Thx all for the info
On May 10, 2015 5:35 PM, "Yuri Voinov" <yvoinov at gmail.com> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Amos,
>
> independent proxies also supported by Cisco WCCP. For redundancy it can
> group any numbers of transparent proxies.
>
> WBR, Yuri
>
> 10.05.15 12:57, Amos Jeffries пишет:
> > On 10/05/2015 6:31 p.m., Ibrahim Lubis wrote:
> >> Hi,
> >>
> >> Most of all know about tiered network
> >> topology(access,aggregation/dist,core) from core than to firewall and
> then
> >> to router. For redundancy usually there 2 core and 2 firewall. I was
> >> thinking adding a transparent caching layer between core and
> firewall,just
> >> adding squid box. It is okay just adding 2 independent squid box or I
> need
> >> some sync between squid box ? What if I add not 2 but 6 and doing
> >> active-active on both core n firewall? Can anybody give me insight ?
> Btw My
> >> objective is to save some bandwidths from user for internet access.
> >
> > Go with independent Squid boxes until you are happy that they are
> > operating properly and you know whats going on. Number of Squid does not
> > matter much, so long as they each can handle the traffic load you put
> > through. If you are new to this start with just one and put only a small
> > amount of the traffic through, then increase gradually until you need 2,
> > and so on.
> >
> > Sync'ing between the Squid caches, and interception proxying can each
> > have unwanted side effects. Its best to deal with those in separately to
> > avoid confusion and troubles.
> >
> >
> > "active-active on both core n firewall" does not matter. You MUST NOT
> > perform destination-NAT (or TPROXY) on any machine other than the Squid
> > box receiving the TCP connection from client(s). The firewalls and core
> > only perform *routing* (perhapse over a tunnel) to get the TCP packets
> > to the right Squid box. This has the nice side effect of greatly
> > reducing the amount of data the firewalls need to sync.
> >
> >
> > Hints for beginners:
> >
> >  Caching can make some traffic appear slower - all MISS and some REFRESH
> > transactions. There is extra packet processing done by the proxy and
> > latency getting the packets around. This is the tradeoff for bandwidth
> > saving. Super-fast HITs and traffic optimization can make up for that,
> > but not always.
> >
> > Amos
> >
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJVTzRXAAoJENNXIZxhPexGXJYIAMtb90ri0hymGN7ZGTVH98cy
> uZbNjQ2kYQqxXGCkkSFECpjM0wqkONF6pPGrL1YqcecZCkmGNS6ExE6r4FMuX8y1
> oBE2z9OfaN/4CfMq4+WvE0jwtyOSVyKIUSUKr+I2qTNCubg0kFgr9yWONOdLbUDJ
> FJ06c1qqb1U8u8ZsYFTL7/hfTgVRr6QjnGQlnNcCwzU+/QIAtAP7GyRxJB0b0yxJ
> i2M/LQ+d1LJMhCgX6ICgBas5x+GXXB3KHtH0jAn/xF854qciQhbOrMf0O/j/ac19
> 4XB8qfqsGkIvPe3TcPSYypyOJn1dXILpb7mmNogGzh+rE4nmdRG7cam6MX3En8c=
> =SXkU
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150510/6799ab4c/attachment.html>


More information about the squid-users mailing list