Re: [squid-users] What exactly makes accelerator mode faster then transparent mode ?

Raemaekers Mark wrote:
> I have a last question concerning this topic :
>
> Suppose I would tell you : "In front of my internet
> server I have a WC in transparant mode and it works.
> the Internet DNS points the URL to the TP-WC and the
> TP-WC caches the content of the server. Since there is
> only one webserver (apart from DOS attacks, and
> operating system security) I do not need a Firewall to
> divert traffic.
>
> Is there any reason why I should change the
> transparent WC into an accelerator mode WC and why ?
> What benefit would an accelerator WC give me above the
> transparent one ?
>

In squid specifically:

    http_port 80 vhost

        + Host: header de-referencing for better www simulation
        + full WWW-Authentication (not just Proxy-Authentication)
        + Support for IE reload bugs.
        + PMTU discovery
        + in-transit port alteration (vport)

    http_port 80 transparent

        -- disabled all authentication
        + performs NAT lookup every request
        -- disables PMTU discovery
        - may simulate the client IP (tproxy)

Amos

>
>
> --- Henrik Nordstrom <henrik@henriknordstrom.net>
> wrote:
>
>> On Thu, 2008-03-20 at 05:31 -0700, Raemaekers Mark
>> wrote:
>>> What mode of WC (so transparent or accelerator)
>> will
>>> give me the best performance and why ? Or is there
>> no
>>> difference with respect to performance ?
>> The different modes is not about performance but
>> different use cases.
>>
>>
>> accelerator or reverse proxy -> Squid sits infront
>> of your own web
>> server (or one you host), offloading traffic from
>> the web server. The
>> DNS is registered so that Internet users visiting
>> your site contact the
>> Squid server.
>>
>> transparent interception -> Squid sits in the path
>> of your LAN users
>> outgoing web traffic and port 80 traffic is
>> transparently diverted to
>> the proxy by firewall rules. This is a workaround to
>> make all LAN client
>> HTTP traffic go via the proxy even if they haven't
>> configured the proxy
>> settings correct.
>>
>> normal proxy -> The clients is configured to use the
>> proxy, either
>> manuall or via automatic means such as WPAD.
>>
>>
>> accelerator more is Internet users -> your web
>> server.
>>
>> transparent interception and normal mode is your
>> local LAN users going
>> out to random web servers out on the Internet.
>>
>> Regards
>> Henrik
>>
>>
>
>
>
> ____________________________________________________________________________________
> Never miss a thing. Make Yahoo your home page.
> http://www.yahoo.com/r/hs

-- 
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.