Brad,
Have a look at ip route-cache policy under the interface config of your
router. This may help some but in the end doing transparent proxy on a
router does not scale all that well.
Have a look at some layer 4 switches - they are very impressive !
> Good evening all.
>
> I'm a new user to Squid and am having a problem with our Cisco 3640 router
> when running Squid. (Its killing the cpu)
>
> Have Squid installed and up and running on a FreBSD System.
> Pentium II-350, 128Meg, 4 Gig for OS and 2x9Gig drives for cache.
> That part seems to be running just fine
>
> Problem I am having is when I cause our Cisco 3640 (core) router to
> redirect HTTP traffic, the cpu load on the cisco goes from ~30% to 99%.
> ie. it just hammers our router!!!
>
> Router is connected to two upstreams
> one via a 100Meg full-duplex ethernet to UUNet
> second via 2 Full T1 loops to Sprint
> Running BGP4 and taking 2 full tables.
> Router has 128Meg ram, Version 11.2(11)P IOS
> Local traffic is delivered via another FastEther full-duplex to our Cisco
> 2924XL switch.
>
> I'm applying the "ip policy route-map proxy-redirect" to the local FastEther.
>
> FreeBSD Squid cache box is connected to same switch via full-duplex 100Meg
> Ether.
>
> Like I said, things seem to work along just fine. I tail the access.log
> file and squid seems to be doing everything it should. Just the wheels are
> going to fall off our poor little router. I would have thought a Cisco 3640
> would have been able to handle doing redirects at this level just fine.
>
> Oh, guess I should mention that when I do let squid run for a bit, I'm
> seeing about 1.5 - 1.8 Meg of traffic going to/from the Cache box. This
> being generated from approx 600 dial customers on line at the time.
> But during this time any traffic that goes through the router, is really
> throttled back. Things just seem to grind to a halt. (ie telnet to any
> local systems in the office is almost unusable).
>
> Any suggestions?
> Am I trying to do more that our router will handle?
> or do I maybe have a config problem somewhere?
>
> Some stuff from our cisco:
>
> access-list 110 deny tcp host 209.223.225.2 any eq www
> access-list 110 permit tcp any any eq www
>
> route-map proxy-redirect permit 10
> match ip address 110
> set ip next-hop 209.223.225.2
>
> int fast 0/0
> ip policy route-map proxy-redirect
>
> Thanks for any/all suggestions!
>
> _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
> _/ Regards: Brad Groshok (bgroshok@odyssey.on.ca) _/
> _/ President Odyssey Network Inc. http://www.odyssey.on.ca _/
> _/ London Ontario Canada PH:(519)660-8883 Fax:(519)660-6111 _/
> _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
>
>
--
Stephen Baxter CCNA SE Network Access/Big Networks Australia
CHECK OUT OZBYTES
http://www.ozbytes.net.au
Sound Bytes - 50 artists hosted and growing
phone : +61 8 8221 5221 222 Grote Street
fax : +61 8 8221 5220 Adelaide 5000, Australia
Received on Tue Jun 15 1999 - 01:14:56 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:52 MST