Re: Best way to transparent proxy?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Sat, 12 Sep 1998 17:19:47 +0200

Paul Gregg wrote:

> My Question is: Having read the Squid Transparent Proxying FAQ -
> What is the *best* and/or fastest way to provide transparent proxying.

The best at this moment is probably to run Squid on your favorite
server, and have a TCP switch redirect the traffic to your Squid
server(s). The TCP switch is placed on the network path between your
clients and the outgoing router. Using a TCP switch provides both good
network performance and Squid fault tolerance (redirection is skipped if
Squid fails), and it is easy to plug in another Squid if the first one
gets overloaded.

> What hardware is required? Cisco router, Linux box with single NIC?
> or Dual-NIC Linux box configured as a router and just not use the
> backbone router at all?

Which one to use is a matter of taste, workload and wallet. Both share
the property that if Squid or the Squid server fails then Internet
access is blocked.

=================================================================
Problem | TCP switch | router + Linux | Linux router |
--------------+-------------+----------------+------------------+
Squid faiure | OK. Direct | HTTP blocked | HTTP blocked |
--------------+-------------+----------------+------------------+
OS failure + OK. Direct + HTTP blocked + Internet blocked |
--------------+-------------+----------------+------------------+

The cases marked as "HTTP blocked" can be eleminated by using monitoring
that automatically disables the redirection if Squid or the OS fails.
This is also true of the "Internet blocked" case of a failed linux
router if there is a backup route (may need active route reprogramming
since it may be possible that parts of Linux IP is working).

---
Henrik Nordström
Sparetime Squid Hacker
Received on Sat Sep 12 1998 - 17:29:05 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:41:58 MST