Re: [squid-users] Squid as transparent in 'caching layer'
On 10/05/2015 6:31 p.m., Ibrahim Lubis wrote: > Hi, > > Most of all know about tiered network > topology(access,aggregation/dist,core) from core than to firewall and then > to router. For redundancy usually there 2 core and 2 firewall. I was > thinking adding a transparent caching layer between core and firewall,just > adding squid box. It is okay just adding 2 independent squid box or I need > some sync between squid box ? What if I add not 2 but 6 and doing > active-active on both core n firewall? Can anybody give me insight ? Btw My > objective is to save some bandwidths from user for internet access. Go with independent Squid boxes until you are happy that they are operating properly and you know whats going on. Number of Squid does not matter much, so long as they each can handle the traffic load you put through. If you are new to this start with just one and put only a small amount of the traffic through, then increase gradually until you need 2, and so on. Sync'ing between the Squid caches, and interception proxying can each have unwanted side effects. Its best to deal with those in separately to avoid confusion and troubles. "active-active on both core n firewall" does not matter. You MUST NOT perform destination-NAT (or TPROXY) on any machine other than the Squid box receiving the TCP connection from client(s). The firewalls and core only perform *routing* (perhapse over a tunnel) to get the TCP packets to the right Squid box. This has the nice side effect of greatly reducing the amount of data the firewalls need to sync. Hints for beginners: Caching can make some traffic appear slower - all MISS and some REFRESH transactions. There is extra packet processing done by the proxy and latency getting the packets around. This is the tradeoff for bandwidth saving. Super-fast HITs and traffic optimization can make up for that, but not always. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid as transparent in 'caching layer'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Amos, independent proxies also supported by Cisco WCCP. For redundancy it can group any numbers of transparent proxies. WBR, Yuri 10.05.15 12:57, Amos Jeffries пишет: > On 10/05/2015 6:31 p.m., Ibrahim Lubis wrote: >> Hi, >> >> Most of all know about tiered network >> topology(access,aggregation/dist,core) from core than to firewall and then >> to router. For redundancy usually there 2 core and 2 firewall. I was >> thinking adding a transparent caching layer between core and firewall,just >> adding squid box. It is okay just adding 2 independent squid box or I need >> some sync between squid box ? What if I add not 2 but 6 and doing >> active-active on both core n firewall? Can anybody give me insight ? Btw My >> objective is to save some bandwidths from user for internet access. > > Go with independent Squid boxes until you are happy that they are > operating properly and you know whats going on. Number of Squid does not > matter much, so long as they each can handle the traffic load you put > through. If you are new to this start with just one and put only a small > amount of the traffic through, then increase gradually until you need 2, > and so on. > > Sync'ing between the Squid caches, and interception proxying can each > have unwanted side effects. Its best to deal with those in separately to > avoid confusion and troubles. > > > "active-active on both core n firewall" does not matter. You MUST NOT > perform destination-NAT (or TPROXY) on any machine other than the Squid > box receiving the TCP connection from client(s). The firewalls and core > only perform *routing* (perhapse over a tunnel) to get the TCP packets > to the right Squid box. This has the nice side effect of greatly > reducing the amount of data the firewalls need to sync. > > > Hints for beginners: > > Caching can make some traffic appear slower - all MISS and some REFRESH > transactions. There is extra packet processing done by the proxy and > latency getting the packets around. This is the tradeoff for bandwidth > saving. Super-fast HITs and traffic optimization can make up for that, > but not always. > > Amos > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJVTzRXAAoJENNXIZxhPexGXJYIAMtb90ri0hymGN7ZGTVH98cy uZbNjQ2kYQqxXGCkkSFECpjM0wqkONF6pPGrL1YqcecZCkmGNS6ExE6r4FMuX8y1 oBE2z9OfaN/4CfMq4+WvE0jwtyOSVyKIUSUKr+I2qTNCubg0kFgr9yWONOdLbUDJ FJ06c1qqb1U8u8ZsYFTL7/hfTgVRr6QjnGQlnNcCwzU+/QIAtAP7GyRxJB0b0yxJ i2M/LQ+d1LJMhCgX6ICgBas5x+GXXB3KHtH0jAn/xF854qciQhbOrMf0O/j/ac19 4XB8qfqsGkIvPe3TcPSYypyOJn1dXILpb7mmNogGzh+rE4nmdRG7cam6MX3En8c= =SXkU -END PGP SIGNATURE- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] Squid as transparent in 'caching layer'
Thx all for the info On May 10, 2015 5:35 PM, "Yuri Voinov" wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Amos, > > independent proxies also supported by Cisco WCCP. For redundancy it can > group any numbers of transparent proxies. > > WBR, Yuri > > 10.05.15 12:57, Amos Jeffries пишет: > > On 10/05/2015 6:31 p.m., Ibrahim Lubis wrote: > >> Hi, > >> > >> Most of all know about tiered network > >> topology(access,aggregation/dist,core) from core than to firewall and > then > >> to router. For redundancy usually there 2 core and 2 firewall. I was > >> thinking adding a transparent caching layer between core and > firewall,just > >> adding squid box. It is okay just adding 2 independent squid box or I > need > >> some sync between squid box ? What if I add not 2 but 6 and doing > >> active-active on both core n firewall? Can anybody give me insight ? > Btw My > >> objective is to save some bandwidths from user for internet access. > > > > Go with independent Squid boxes until you are happy that they are > > operating properly and you know whats going on. Number of Squid does not > > matter much, so long as they each can handle the traffic load you put > > through. If you are new to this start with just one and put only a small > > amount of the traffic through, then increase gradually until you need 2, > > and so on. > > > > Sync'ing between the Squid caches, and interception proxying can each > > have unwanted side effects. Its best to deal with those in separately to > > avoid confusion and troubles. > > > > > > "active-active on both core n firewall" does not matter. You MUST NOT > > perform destination-NAT (or TPROXY) on any machine other than the Squid > > box receiving the TCP connection from client(s). The firewalls and core > > only perform *routing* (perhapse over a tunnel) to get the TCP packets > > to the right Squid box. This has the nice side effect of greatly > > reducing the amount of data the firewalls need to sync. > > > > > > Hints for beginners: > > > > Caching can make some traffic appear slower - all MISS and some REFRESH > > transactions. There is extra packet processing done by the proxy and > > latency getting the packets around. This is the tradeoff for bandwidth > > saving. Super-fast HITs and traffic optimization can make up for that, > > but not always. > > > > Amos > > > > ___ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJVTzRXAAoJENNXIZxhPexGXJYIAMtb90ri0hymGN7ZGTVH98cy > uZbNjQ2kYQqxXGCkkSFECpjM0wqkONF6pPGrL1YqcecZCkmGNS6ExE6r4FMuX8y1 > oBE2z9OfaN/4CfMq4+WvE0jwtyOSVyKIUSUKr+I2qTNCubg0kFgr9yWONOdLbUDJ > FJ06c1qqb1U8u8ZsYFTL7/hfTgVRr6QjnGQlnNcCwzU+/QIAtAP7GyRxJB0b0yxJ > i2M/LQ+d1LJMhCgX6ICgBas5x+GXXB3KHtH0jAn/xF854qciQhbOrMf0O/j/ac19 > 4XB8qfqsGkIvPe3TcPSYypyOJn1dXILpb7mmNogGzh+rE4nmdRG7cam6MX3En8c= > =SXkU > -END PGP SIGNATURE- > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
