Search squid archive

Re: Squid in gigabit speed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Pasi Pekka Leinonen wrote:


Hi!
We have 300 users with 100(200 Full Dublex)Mb connection to our LAN with has 2(4 Full Dublex)Gigabit backbone. We plan to make Transparent Proxy server with Gigabit connection to our LAN. We plan to make the separation of port 80 traffic and other traffic with own Linux router that sends the 80 
port traffic to proxy server running Linux(maybe freeBSD).

Our wan connection is 100(200 Full Dublex)Mbit.

           WAN
              |
         FIREWALL
         |           |
Traffic shaper   PROXY
          |          |
      LINUX ROUTER (separation of port 80 traffic)
                | | (2 gigabit bounded)
                LAN (D-link DGS3308TG)

We have tree questions
1) What are the Hardware requirments of the caching proxy server running squid. What do you recomend? Is hardware raid with sata good enough? Dual core any good? Does the menory system benefit on dual chanel?
Get the fastest disks you can afford. The more spindles the better (within reason). Don't RAID the cache_dir drives. With either the epoll patch or Squid 2.6, CPU power is far less important than IO speed.
2) Is it a good way to do the transparensy routing of port 80 with another linux server than where squid is running? Is this good way to do this? Any problems doing it this way?
I'm not sure about how this will impact performance, but xinetd can redirect traffic to another computer (search for "xinetd redirect"). Perhaps in conjunction with the standard iptables redirect rule... http://www.heronforge.net/redhat/node11.html seems to imply that using netcat is a better choice for a constantly used service.
Personally I'm strongly opposed to interception caching, but I do understand the attraction and benefits. See section 2.1 of http://www.wrec.org/Drafts/draft-ietf-wrec-known-prob-02.txt for an explanation of some of the problems.
Can the proxy server then directly connect to internet or do have to backroute it to the router that made the separation? Can you recomend any 
howtos how this transparenty is done with diffrend server.
With the method suggested, (xinetd redirect) no special backrouting needs to be performed.
3) Does any of you know does Linux support D-Link DGS-3308TG's Trunking, also known as link aggregation to combine two gigabit connections as one? The switch does not seems to support 802.3ad. 
Can't help you there.



Pasi Leinonen
Retkeilijäntie 1H 12
70200 Kuopio
p. 044-2892372


Chris
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux