> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Friday, January 14, 2005 1:50 AM > To: squid-users@squid-cache.org > Subject: [squid-users] advice for proxy architecture > > > Hello to all, > > Here is my squid architecture : > I am using Squid Version 2.5.STABLE7 and Samba 3.0.9 on Red Hat ES3.0. > I've got two internal proxies on which are performed the NLTM authentication of > the users. There are configured to forward request to some remote proxies (in > other sites of the company), or to two redundant external proxies used for > internet access. > > I am studying how to optimise my proxy architecture, and am looking for advices. > > Based on your own experience, is it better to keep the architecture 1 : > > Client <--> internal proxies <--> FW <--> External proxies <--> Internet > > or the architecture 2 > > Client <--> internal proxies <--> FW <--> Internet > > > Do find some particular advantages to have additionnal external proxies (in term > of performances, security, ......) > > or do you think that having only two internal proxies for all trafic (remote > site, internet traffic) is sufficient and not risky ? > > Thanks by advance for your help. > > Lionel
>From my experience, parent proxies give diminishing returns. The customer premise proxies are achieving ~50% hit rates (both byte and request), but the central parent proxies struggle to achieve 15% hit and almost never rise above 5% byte. OTOH, the central servers would not be hurt (and would likely be greatly helped) by increasing their cache space. YMMV. As for security, the more boxes you have, the more targets you have for attack, and dependant on your firewall setup, putting boxes outside the firewall just makes them more vulnerable. Without knowing the exact details of your situation, I would advise keeping it simple (go with architecture 2). Chris
