Thx all for the info On May 10, 2015 5:35 PM, "Yuri Voinov" <yvoi...@gmail.com> wrote:
> > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Amos, > > independent proxies also supported by Cisco WCCP. For redundancy it can > group any numbers of transparent proxies. > > WBR, Yuri > > 10.05.15 12:57, Amos Jeffries пишет: > > On 10/05/2015 6:31 p.m., Ibrahim Lubis wrote: > >> Hi, > >> > >> Most of all know about tiered network > >> topology(access,aggregation/dist,core) from core than to firewall and > then > >> to router. For redundancy usually there 2 core and 2 firewall. I was > >> thinking adding a transparent caching layer between core and > firewall,just > >> adding squid box. It is okay just adding 2 independent squid box or I > need > >> some sync between squid box ? What if I add not 2 but 6 and doing > >> active-active on both core n firewall? Can anybody give me insight ? > Btw My > >> objective is to save some bandwidths from user for internet access. > > > > Go with independent Squid boxes until you are happy that they are > > operating properly and you know whats going on. Number of Squid does not > > matter much, so long as they each can handle the traffic load you put > > through. If you are new to this start with just one and put only a small > > amount of the traffic through, then increase gradually until you need 2, > > and so on. > > > > Sync'ing between the Squid caches, and interception proxying can each > > have unwanted side effects. Its best to deal with those in separately to > > avoid confusion and troubles. > > > > > > "active-active on both core n firewall" does not matter. You MUST NOT > > perform destination-NAT (or TPROXY) on any machine other than the Squid > > box receiving the TCP connection from client(s). The firewalls and core > > only perform *routing* (perhapse over a tunnel) to get the TCP packets > > to the right Squid box. This has the nice side effect of greatly > > reducing the amount of data the firewalls need to sync. > > > > > > Hints for beginners: > > > > Caching can make some traffic appear slower - all MISS and some REFRESH > > transactions. There is extra packet processing done by the proxy and > > latency getting the packets around. This is the tradeoff for bandwidth > > saving. Super-fast HITs and traffic optimization can make up for that, > > but not always. > > > > Amos > > > > _______________________________________________ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQEcBAEBCAAGBQJVTzRXAAoJENNXIZxhPexGXJYIAMtb90ri0hymGN7ZGTVH98cy > uZbNjQ2kYQqxXGCkkSFECpjM0wqkONF6pPGrL1YqcecZCkmGNS6ExE6r4FMuX8y1 > oBE2z9OfaN/4CfMq4+WvE0jwtyOSVyKIUSUKr+I2qTNCubg0kFgr9yWONOdLbUDJ > FJ06c1qqb1U8u8ZsYFTL7/hfTgVRr6QjnGQlnNcCwzU+/QIAtAP7GyRxJB0b0yxJ > i2M/LQ+d1LJMhCgX6ICgBas5x+GXXB3KHtH0jAn/xF854qciQhbOrMf0O/j/ac19 > 4XB8qfqsGkIvPe3TcPSYypyOJn1dXILpb7mmNogGzh+rE4nmdRG7cam6MX3En8c= > =SXkU > -----END PGP SIGNATURE----- > > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users