Re: Policy routing to two proxies

Hi Randy,

If you've got the Xstop users in their own IP address block then policy
routing will work fine. With policy routing you just send those IP's to
the Xstop proxy, while everything else goes to your Squid box. Easy but
no caching of Xstop users data.

So how does Xstop work? Is it a proxy box on your site? If so then you
could use policy routing to send that IP block to the Xstop and then
have the Xstop go through the cache as it's internet gateway. Blocking
will still work, and you'll still get to cache those users.

Unless Xstop is a Squid compliant redirector program (or a redirector
version is available) then Squid can't redirect to it using the
redirector interface. Squid also can't (as far as I know) choose a
route based on IP, but it might be able to choose a parent proxy based
on IP.

Looking at the squid.conf doesn't really tell me anything in that
regard, and the users guide seems to be offline for the moment
(Sourceforge, where it is hosted, is not resolving for me at the
moment). But it's probably possible to construct a couple of
never_direct and always_direct ACL's that will never_direct-->send all
of your Xstop IP's to a parent proxy (Xstop) while all the others will
be always_direct-->to the origin server. But then...something would
have to be done to prevent cache hits from bypassing the Xstop. So, I
think Xstop needs to come before or be routed to separately from the
cache.

Hope this helps. Let me know if this needs clarification. I'm sure
others probably have some more experience in this area that would help.

Randy Cosby wrote:
>
> We're about ready to implement a squid caching solution using policy-based
> routing on a cisco. Please don't mention WCCP. I have scripts to check for
> live caches, shut off the redirect, etc.
>
> I would like to add a twist.
>
> We currently use an XStop filter for certain users. I would like to have
> the XStop users automatically pointed to the xstop server through policy
> routing, while the other users are pointed to the proxy. I can assign the
> xstop users a particular set of IP's.
>
> Would this be best done at the cisco policy routing level, or should I point
> everyone to the squid and have it redirect the xstop users traffic to the
> xstop box? Examples on how to do this?
>
> Also, does the proxy have to be right on the router network for the policy
> routing to work? Can I point the users to cache that may be on some other
> network far away?
>
> Thanks for any help/examples/experiences you can share.
>
> Randy Cosby
> nGenuity, Inc./InfoWest, Inc.
> 435-674-0165 x11
> Fax: 435-674-9654

                                  --
                     Joe Cooper <joe@swelltech.com>
                 Affordable Web Caching Proxy Appliances
                        http://www.swelltech.com
Received on Tue Aug 01 2000 - 13:25:11 MDT