Re: Best way to transparent proxy?

From: Paul Gregg <>
Date: Tue, 15 Sep 1998 21:44:39 GMT

In article <> you wrote:
> Paul Gregg wrote:

>> My Question is: Having read the Squid Transparent Proxying FAQ -
>> What is the *best* and/or fastest way to provide transparent proxying.

> The best at this moment is probably to run Squid on your favorite
> server, and have a TCP switch redirect the traffic to your Squid
> server(s). The TCP switch is placed on the network path between your
> clients and the outgoing router. Using a TCP switch provides both good
> network performance and Squid fault tolerance (redirection is skipped if
> Squid fails), and it is easy to plug in another Squid if the first one
> gets overloaded.

Perhaps this is a rudimentary question - but what is a "TCP switch"?

>> What hardware is required? Cisco router, Linux box with single NIC?
>> or Dual-NIC Linux box configured as a router and just not use the
>> backbone router at all?

> Which one to use is a matter of taste, workload and wallet. Both share
> the property that if Squid or the Squid server fails then Internet
> access is blocked.

> =================================================================
> Problem | TCP switch | router + Linux | Linux router |
> --------------+-------------+----------------+------------------+
> Squid faiure | OK. Direct | HTTP blocked | HTTP blocked |
> --------------+-------------+----------------+------------------+
> OS failure + OK. Direct + HTTP blocked + Internet blocked |
> --------------+-------------+----------------+------------------+

> The cases marked as "HTTP blocked" can be eleminated by using monitoring
> that automatically disables the redirection if Squid or the OS fails.
> This is also true of the "Internet blocked" case of a failed linux
> router if there is a backup route (may need active route reprogramming
> since it may be possible that parts of Linux IP is working).

I think it comes down to "best" as in reliability and quality of service from
the proxy.



Email pgregg at | Email pgregg at    | Eight out of every
Technical Director        | System Administrator       | five people are math
The Internet Business Ltd | Nyx Public Access Internet | illiterates.      |         |             - Anon.
Received on Tue Sep 15 1998 - 13:46:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:02 MST