[squid-users] Maximum Bandwidth a squid server can Handle

Eliezer Croitoru eliezer at ngtech.co.il
Thu Dec 11 18:52:30 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/11/2014 05:41 PM, Siva Prakash wrote:
> Squid configuration - For authentication, it is integrated with AD
> and lots of ACLs(1000) to block sites.

Hey,

The acls should not be too much of an effect unless they are binded to
an external helper.
Every helper adds overhead and can cause some delay in the initiation
of a connection(needs a micro seconds tests in a lab).
In the squid 3.4 there were reports that clearly states about a bug
somewhere with AD authentication.
I am still not 100% convinced it's squid internals.
In any case it depends on what happens with the AD authentication.

Since you are using 3.4 and the bug do not exists on 3.3 I my first
suggestion is to make sure what are the options to narrow down the
options.

NTLM or kerberous authentication allow a higher level of encryption
which to my knowledge can be replaced with a radius server(in many
environments).
I do not suggest to replace AD or kerberous!!

Depends on your ACLs there might be a way to make it possible to lower
the usage of AD authentication when not needed.
One of the examples is windows updates or antivirus updates web-sites.

The hardware you are talking about without cache and access logs can
take care nicely 3k requests without sweat(unless the CPUs are very old).
So consider my suggestion about AD authentication and in any case
please do not use NTLM if possible.
If you can think of a way to use a radius server in your environment
it will help you lowering the need to rely on a feature which might
contain a bug.

All The Bests,
Eliezer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUiefuAAoJENxnfXtQ8ZQUnQ8H/jdvuq4C8CnUHwwKRkSBpKnC
CZCigPRw9bJyhxHia2ZF3f+UEXkWLzi6oGzhX9oHV6zm0/sT5bpY35axV77/Fzep
0Sm4cfDlv4yS1IERae68jRXaUMIa0vUO7V3HTF9Y7IeV35CD3Yg8k+OnrlY3Gzn8
CxbddEewvwQYvWE6b30tZsa7HLUi9a18yprwyvfqECUItU4jsxnUNUQaOA1yFYMg
zz5RB3mTolMhqGCdjHwCPqsufw7x0jV7GSea+SSJDb1HHjqwj9lGa6CiTEtzgQzJ
VCad7Nthf5XpNkQQRN4yRNVozobGtf7cpCKr0PO8uEZpTCM+WEZeKZ+ng+UKb9w=
=9apR
-----END PGP SIGNATURE-----


More information about the squid-users mailing list