Re: Effectiveness of Proxies

Tim Brody wrote:

> Can anybody give me some _general_ information on the benefits of
> Proxies,

I can try..

> like do Proxies (squid1.2) slow down requests,

Yes, Proxies do slow down some requests. Squid tries to add as little
delay as possible..

No, cached requests are generally faster than going throught Internet.
The exceptions is when there is very high bandwidth to a fast server, or
when the proxy machine is overloaded (which should not happen).

No, DNS lookups are offloaded from the client to the proxy. The proxy is
generally quicker at resolving DNS queries (due to a larger populated
DNS cache and higher bandwidth) which speeds up initial requests to
sites.

A cache needs a number of users to build up the cache before a good
byte-hitratio is seen. If only a few users use it then their browser
caches gets the most cache hits and very few are proxy cache hits. The
proxy can still help to speed up things sinse it has more advanced
refresh checks than the clients, and is generally closer than the origin
server.

> how effective is a proxy on a low bandwidth connection, i.e. ISDN?

The lower outgoing the bandwidth is the higher is the throughput gained
from cache hits is in proportion to the delay added on cache misses.

The lower the bandwidth is between clients and proxy, the less gain is
seen by the client (except for the DNS part) as the bottleneck is the
connection between client and proxy/internet, and not the Internet.. I
do however beleive that you gain performance no matter how slow the
client connection is. The application level hop that the proxy is is a
effective guard TCP retransmissions due to a overloaded client
connection provided that the proxy-servers TCP stack is tuned for the
speed of the clients (see guidelines on how to tune TCP on a WWW server.
The same rules applies to a proxy with low-bandwidth clients).

> Do proxies pose any security risk, assuming that ACLs block external access to the proxy.

It is a additional piece of complex software. If security is very
important then you should use a good firewall. Squid does not replace a
firewall, althought we tries to keep it reasonably secure.

A related question is privacy. A proxy can log all requests made,
keeping a record of who as looked at what and when.

---
Henrik Nordström
Sparetime Squid Hacker