Search squid archive

RE: Squid + Policy-Based Routing +LoadBalancing/Clustering???

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



sön 2007-04-29 klockan 13:59 -0500 skrev Fiero, Paul:
> Aaahhhh, I see your point. I wasn't thinking before I spoke.  To
> bypass the normal route to the outside world would be in violation of
> our security policy and would set a precedent that I don't think our
> CIO is ready to defend 

Well, I can't speak for the design of your network. That's your
headache. Can only give you alernatives in how to solve your question.

If you replace a WCCP capable router with one without WCCP or other load
balancing capabilities, and want to still have the same functionality
then something needs to be added between the new router and Squid to
distribute the load and provide fallback if the Squid is not running.

This something may be running on the Squid servers (i.e. Linux LVS +
heartbeat or similar running directly on one the servers in an HA
setup), or separate (i.e. load balancer, or WCCP capable router). Having
it separate is usually preferred as it is a fairly isolated and
fail-proof thing needing much less administration and maintenance than
the Squid servers.

And I can only second what Amos said. All of this should most likely
take place on the internal side of the firewall. Having servers outside
the firewall is well, kind of defeats the purpose of having a firewall
in the first place.. but if you trust the security awareness and
strictness of everyone maintaining the servers you may obviously have
local firewalls on each server or strictly secured servers, also works
but requires a fair bit more discipline in server maintenance and setup.

Regards
Henrik

Attachment: signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux