On Sun, 20 May 2001, Adrian de los Santos wrote:
> I have a very large intrantet with more than 5000 users, all
> locations connect in a star fashion to the central headquarters
> where a couple of squid servers services them.. but after
> analizing the bandwidth usage i found that more than the 70% of it
> its eated by http traffic in fact internet traffic coming from the
> squid to the clients..
>
> So i will like to connect some of the branches to the net just in
> order to lower the http traffic wich travels trhu the intranet
> cable.
>
> But i also need to have control of who and where its going (i
> accomplish this right now with squidGuard and http authentication)
> thats why i want the request (small http request) travels thru the
> intranet to the parent (where i can deny or accept) and returns
> via the alternate internet connection on that site (in fact this
> connection will be used only for Reception not transmission)
Sounds like you need to run a "dedicated" "local" caching proxy for
each branch that you want to go directly to the net (your second
paragraph above).
Those branch Squids can use central Squid as a sibling. You can use
ICP or Cache Digests for peering, depending on your environment and
exact needs. Since authentication can be an external process, you can
still have a central authentication scheme even if your proxies are
distributed.
The only "trick" is to configure your browsers to use the right proxy,
depending on the branch, but that is doable.
This scheme does not use any connection redirection magic and is
pretty straightforward. However, I am sure there are folks on this
list who can suggest a better architecture.
$0.02,
Alex.
Received on Mon May 21 2001 - 22:03:07 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:13 MST