Lowery, Michael wrote:
> We have a central office with 2 Squid 2.5 servers / FreeBSD 4.4. We
> have over 100 branches that all have their own Internet connections
> through various means. All of the branches are connected to the central
> office via VPNs to a Cisco 3030 VPN Concentrator allowing them access to
> the centralized servers and other network resources. The central office
> has a 15 meg pipe to the Internet, most of the branches are using ADSL
> with 384k upstream.
> With this scenario, is it possible to use the two Squid servers in the
> central office to service all of the clients across this VPN network?
It's possible. How well the Squid servers will perform depends on the
average and peak concurrent requests/second you want the Squid servers to
handle, and also on how much bandwidth is left over from the VPN for HTTP
requests.
> HTTP traffic outside of the network is not considered to be terribly
> important, so even though it will be quite slow, will it be TOO slow?
If it is, Squid probably won't be the problem. I'll hazard a guess that the
main site's Internet connection will be the biggest bottleneck here.
> Should we be using WCCP? (We want to proxy transparently.)
You can, though the general advice is to use proxy autoconfiguration scripts
pushed out by whatever configuration management tool the company uses.
> Are there other alternatives to this?
Let the branch offices use their Internet connections directly for HTTP
requests to external sites instead of using the VPN, and install some sort
of proxy appliance in each office.
Adam
Received on Tue Sep 21 2004 - 19:27:38 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT