On 1/09/18 9:33 PM, David Touzeau wrote: > Hi > > We have 2 ways to make the squid in « transparent mode. » > > The standard Transparent method and (with modern kernels) the use of > « Tproxy » method > Please clarify what this "standard transparent" thing is you referring to? I suspect that you actually mean "NAT" which is completely separate from Squid and thus has no bearing on proxy performance. > I would like to know which is the best according to the performance ? > This is a meaningless question. "comparing apples to oranges", etc. You might as well ask if NAT is faster or slower than packet flow? Both NAT and TPROXY involve kernel managing tables of active connections and syscalls by Squid to search those tables on every accept(). Only the timing of those syscalls and the state listed in the tables differ. The limitations each imposes are more relevant than performance differences. Specifically; * TPROXY restricts the TCP ports available to clients to 31K, where normally they are 63K. * NAT systems restrict ports to (63*M)/N where N is number of clients on the network, and M the number of IPs available to Squid outbound (usually 1). As you can see those will impose a cap on both performance and capability of your network. How much is determined by your network size and traffic peak flows. Not by anything related to Squid. Squid performance should be essentially the same for all traffic "modes". It is driven by the HTTP features used in the messages happening, combined with what types of processing your config requires to be done on those messages. So by crafting the very extreme types of message one can flood a Gbps network with a single HTTP request, or pass thousands of transactions quickly over a 56Kbps modem link. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users