Re: Extremely Transparent Proxy

WCCP Support and bind the squid with Both Interfaces.

With Regards
Ahsan Khan
Sr. System Admin
Internet Division (OneNet)
Sun Communication Pvt. Ltd.
Pakistan
http://www.one.net.pk

----- Original Message -----
From: "Diegmueller, Jason (I.T. Dept)" <diegmuej@stifel.com>
To: <squid-users@ircache.net>
Sent: Thursday, June 01, 2000 12:39 AM
Subject: Extremely Transparent Proxy

> Squid Users--
>
> I have searched the archives, and can't seem to find anyone else who has
> looked at doing thing.
>
> I'm reasonably familiar with squid, and extremely familiar with Linux.
> The other day, I spent a few minutes setting up a Transparent Proxy. It
> worked great in testing, I'm now looking at things from a network design
> aspect.
>
> Our company is looking in to putting a squid machine in front of a HEAVILY
> loaded web server ("Intranet Server"). The web server connects directly
> to a Cisco Catalyst 5505 switch with both NICs utilizing HP's EtherChannel
> implementation ("EtherTeaming"). This effectively doubles bandwidth and
> provides hardware fault tolerance in a way on both the Catalyst (should a
> port go) and on the server (should a NIC go).
>
> My original plan (before I started really looking to squid as a
transparent
> proxy) was to utilize Linux's bonding driver to achieve 200Mb to the Linux
> box, and 200Mb to the HP Server (thus, 4 NICs). Unfortunately, I'm
limited
> to only one instance of the bonding.o driver. So I'll just do 200Mb to
the
> switch, and 100Mb to the server. Not too big of a deal. If someone knows
a
> workaround, let me know.
>
> The question comes in here:
> If I'm using a two-interface solution, obviously I'm going to have to
route
> between the "outside" and the "inside" interface. If I do this, I'm
> seriously
> messing with addressing scheme of things here. I'd have to create a whole
> new IP network for this Intranet server, and somehow advetise it to the
rest
> of my network (we use EIGRP, so I'd probably have to use zebra and
> redistribute RIPv2 in to EIGRP) .. it would be ugly.
>
> Another option I thought was that I could renumber the Intranet box, do
> ipmasq, and simply forward every single port to the Intranet machine. But
> again, that's reasonably "ugly".
>
> So is there any "clean" way to implement an almost INVISIBLE proxy server?
> Perhaps do bridging between the "outisde" and "inside" iterfaces, but
still
> have the ability to hijack requests to TCP port 80 and deliver them to
> squid?
> Has anyone done anything like this before? If so, do share. If not,
think
> I'm on the right path? Does this sound feasible?
>
> I'd just like to implement a squid proxy WITHOUT having to redesign a lot
> of things (and in the process piss of the systems team). I considered
doing
> a route-map on the Cat5505's RSM but when I was playing around with that
> yesterday load went through the roof (this is an awfully busy Catalyst).
>
> Insight, thoughts, and expertise is appreciated. Thanks!
>
Received on Wed May 31 2000 - 15:10:39 MDT