RE: Squid / Transparent cache killing Cisco cpu

Hi...

I have transparent proxy working using a Cisco (RSM from the Catalyst 5500)
for handling the redirects.
On this scenario I can only use 1 squid server (with is running over Linux
2.2 configured with some ipchains policies)

Now I bought an Alteon AceSwitch, but I'm still trying to figure out how can
I plug it on my net and increase the number of squids load balancing each
other.

My questions:

Can I do load balancing and redirection at the same time on the Alteon?
Do I need to keep my ipchains rules on the linuxes?

Here's a draft of my proposed setup:

        ----------- ------------
        |C5500+RSM |------| Alteon |
      ------------ ------------
                          | |
                                ----- ------
                             |Squid| |Squid|
                                ----- ------
Regards,
_______________________
Joao Paulo N. Firmeza
DID/CET Portugal Telecom
Rua Eng. Jose' F. P. Basto
3810 Aveiro PORTUGAL
Phone: +351 34 403343
E-Mail: pfirmeza@cet.pt

-----Original Message-----
From: Dancer [mailto:dancer@zeor.simegen.com]
Sent: terça-feira, 15 de Junho de 1999 11:00
To: Stephen Baxter
Cc: Brad Groshok; squid-users@ircache.net
Subject: Re: Squid / Transparent cache killing Cisco cpu

Agreed. We have some alteon layer-4 switches. A nice piece of kit, though
they don't really scale beyond 256 servers very well.

D

Stephen Baxter wrote:
>
> Brad,
>
> Have a look at ip route-cache policy under the interface config of your
> router. This may help some but in the end doing transparent proxy on a
> router does not scale all that well.
>
> Have a look at some layer 4 switches - they are very impressive !
>
> > Good evening all.
> >
> > I'm a new user to Squid and am having a problem with our Cisco 3640
router
> > when running Squid. (Its killing the cpu)
> >
> > Have Squid installed and up and running on a FreBSD System.
> > Pentium II-350, 128Meg, 4 Gig for OS and 2x9Gig drives for cache.
> > That part seems to be running just fine
> >
> > Problem I am having is when I cause our Cisco 3640 (core) router to
> > redirect HTTP traffic, the cpu load on the cisco goes from ~30% to 99%.
> > ie. it just hammers our router!!!
> >
> > Router is connected to two upstreams
> > one via a 100Meg full-duplex ethernet to UUNet
> > second via 2 Full T1 loops to Sprint
> > Running BGP4 and taking 2 full tables.
> > Router has 128Meg ram, Version 11.2(11)P IOS
> > Local traffic is delivered via another FastEther full-duplex to our
Cisco
> > 2924XL switch.
> >
> > I'm applying the "ip policy route-map proxy-redirect" to the local
FastEther.
> >
> > FreeBSD Squid cache box is connected to same switch via full-duplex
100Meg
> > Ether.
> >
> > Like I said, things seem to work along just fine. I tail the access.log
> > file and squid seems to be doing everything it should. Just the wheels
are
> > going to fall off our poor little router. I would have thought a Cisco
3640
> > would have been able to handle doing redirects at this level just fine.
> >
> > Oh, guess I should mention that when I do let squid run for a bit, I'm
> > seeing about 1.5 - 1.8 Meg of traffic going to/from the Cache box. This
> > being generated from approx 600 dial customers on line at the time.
> > But during this time any traffic that goes through the router, is really
> > throttled back. Things just seem to grind to a halt. (ie telnet to any
> > local systems in the office is almost unusable).
> >
> > Any suggestions?
> > Am I trying to do more that our router will handle?
> > or do I maybe have a config problem somewhere?
> >
> > Some stuff from our cisco:
> >
> > access-list 110 deny tcp host 209.223.225.2 any eq www
> > access-list 110 permit tcp any any eq www
> >
> > route-map proxy-redirect permit 10
> > match ip address 110
> > set ip next-hop 209.223.225.2
> >
> > int fast 0/0
> > ip policy route-map proxy-redirect
> >
> > Thanks for any/all suggestions!
> >
> > _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
> > _/ Regards: Brad Groshok (bgroshok@odyssey.on.ca) _/
> > _/ President Odyssey Network Inc. http://www.odyssey.on.ca _/
> > _/ London Ontario Canada PH:(519)660-8883 Fax:(519)660-6111 _/
> > _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
> >
> >
>
> --
> Stephen Baxter CCNA SE Network Access/Big Networks Australia
>
> CHECK OUT OZBYTES
> http://www.ozbytes.net.au
> Sound Bytes - 50 artists hosted and growing
>
> phone : +61 8 8221 5221 222 Grote Street
> fax : +61 8 8221 5220 Adelaide 5000, Australia
Received on Wed Jun 16 1999 - 05:15:24 MDT