-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Amos, independent proxies also supported by Cisco WCCP. For redundancy it can group any numbers of transparent proxies. WBR, Yuri 10.05.15 12:57, Amos Jeffries пишет: > On 10/05/2015 6:31 p.m., Ibrahim Lubis wrote: >> Hi, >> >> Most of all know about tiered network >> topology(access,aggregation/dist,core) from core than to firewall and then >> to router. For redundancy usually there 2 core and 2 firewall. I was >> thinking adding a transparent caching layer between core and firewall,just >> adding squid box. It is okay just adding 2 independent squid box or I need >> some sync between squid box ? What if I add not 2 but 6 and doing >> active-active on both core n firewall? Can anybody give me insight ? Btw My >> objective is to save some bandwidths from user for internet access. > > Go with independent Squid boxes until you are happy that they are > operating properly and you know whats going on. Number of Squid does not > matter much, so long as they each can handle the traffic load you put > through. If you are new to this start with just one and put only a small > amount of the traffic through, then increase gradually until you need 2, > and so on. > > Sync'ing between the Squid caches, and interception proxying can each > have unwanted side effects. Its best to deal with those in separately to > avoid confusion and troubles. > > > "active-active on both core n firewall" does not matter. You MUST NOT > perform destination-NAT (or TPROXY) on any machine other than the Squid > box receiving the TCP connection from client(s). The firewalls and core > only perform *routing* (perhapse over a tunnel) to get the TCP packets > to the right Squid box. This has the nice side effect of greatly > reducing the amount of data the firewalls need to sync. > > > Hints for beginners: > > Caching can make some traffic appear slower - all MISS and some REFRESH > transactions. There is extra packet processing done by the proxy and > latency getting the packets around. This is the tradeoff for bandwidth > saving. Super-fast HITs and traffic optimization can make up for that, > but not always. > > Amos > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVTzRXAAoJENNXIZxhPexGXJYIAMtb90ri0hymGN7ZGTVH98cy uZbNjQ2kYQqxXGCkkSFECpjM0wqkONF6pPGrL1YqcecZCkmGNS6ExE6r4FMuX8y1 oBE2z9OfaN/4CfMq4+WvE0jwtyOSVyKIUSUKr+I2qTNCubg0kFgr9yWONOdLbUDJ FJ06c1qqb1U8u8ZsYFTL7/hfTgVRr6QjnGQlnNcCwzU+/QIAtAP7GyRxJB0b0yxJ i2M/LQ+d1LJMhCgX6ICgBas5x+GXXB3KHtH0jAn/xF854qciQhbOrMf0O/j/ac19 4XB8qfqsGkIvPe3TcPSYypyOJn1dXILpb7mmNogGzh+rE4nmdRG7cam6MX3En8c= =SXkU -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
