I'm looking for some info on the best method of implementation of Squid for
our site. We run a redundant configuration using two F5 Network BigIP's
controller pairs (one internal, one external) with multiple transparent
Gauntlet 5.5/6.0 firewalls sandwhiched between the BigIP's. This load
balances traffic in-bound and out-bound across the firewalls as well as
provides redundancy and higher throughput (100baseF) to our ISP mandated by
our customers. The firewalls are configured to run transparent to the users
and we use the BigIP's to forward port specific traffic over designated
firewalls. My plan is to insert 2 Squid boxes between the internal BigIP
pair and the firewalls and use the BigIP's to forward all port 80/443 to
Squid this will allow me to implement the cache transparently to the user
community as well as maintain the redundancy I need.
Here's a rough diagram:
ISP
^
/ \
router router
/ \
/ \
BigIp BigIP (Standby)
/ \
\ /
Firewall Pool
/ \
BigIp BigIP (Standby)
\ /
\ /
Backbone
I have Squid running with about 30 Help Desk folks pointing to it directly
(for testing) and we're noticing that it's keeping the http proxies on
Gauntlet open for a lot longer than we've got the proxies configured for (60
seconds) which is killing the proxies. Since we run the network frontend
transparently it doesn't make sense to set Squid to use the firewalls as a
parent proxy. Does anyone have any experience operating in a similar
environment? If not F5's BigIP anyone using Alteon or other load balancing
engines over multiple firewalls? What about anyone using Squid in
conjunction with Gauntlet? Do the guru's that watch this list have any
suggestions? Is there any information that delves deeper into
cache/firewall relationships (the user guide is slightly anemic in this
area)? Any info greatly appreciated!!
tia/
Brian
Received on Thu May 17 2001 - 07:52:01 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:09 MST