On 10/05/2015 6:31 p.m., Ibrahim Lubis wrote: > Hi, > > Most of all know about tiered network > topology(access,aggregation/dist,core) from core than to firewall and then > to router. For redundancy usually there 2 core and 2 firewall. I was > thinking adding a transparent caching layer between core and firewall,just > adding squid box. It is okay just adding 2 independent squid box or I need > some sync between squid box ? What if I add not 2 but 6 and doing > active-active on both core n firewall? Can anybody give me insight ? Btw My > objective is to save some bandwidths from user for internet access. Go with independent Squid boxes until you are happy that they are operating properly and you know whats going on. Number of Squid does not matter much, so long as they each can handle the traffic load you put through. If you are new to this start with just one and put only a small amount of the traffic through, then increase gradually until you need 2, and so on. Sync'ing between the Squid caches, and interception proxying can each have unwanted side effects. Its best to deal with those in separately to avoid confusion and troubles. "active-active on both core n firewall" does not matter. You MUST NOT perform destination-NAT (or TPROXY) on any machine other than the Squid box receiving the TCP connection from client(s). The firewalls and core only perform *routing* (perhapse over a tunnel) to get the TCP packets to the right Squid box. This has the nice side effect of greatly reducing the amount of data the firewalls need to sync. Hints for beginners: Caching can make some traffic appear slower - all MISS and some REFRESH transactions. There is extra packet processing done by the proxy and latency getting the packets around. This is the tradeoff for bandwidth saving. Super-fast HITs and traffic optimization can make up for that, but not always. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
