Pasi Pekka Leinonen wrote:
>Hi!
>
>We have 300 users with 100(200 Full Dublex)Mb connection to our LAN
>with has 2(4 Full Dublex)Gigabit
>
>backbone.
>
>We plan to make Transparent Proxy server with Gigabit connection to
>our LAN.
>
>We plan to make the separation of port 80 traffic and other traffic
>with own Linux router that sends the 80
>
>port traffic to proxy server running Linux(maybe freeBSD).
>
>Our wan connection is 100(200 Full Dublex)Mbit.
>
> WAN
> |
> FIREWALL
> | |
>Traffic shaper PROXY
> | |
> LINUX ROUTER (separation of port 80 traffic)
> | | (2 gigabit bounded)
> LAN (D-link DGS3308TG)
>
>We have tree questions
>
>1) What are the Hardware requirments of the caching proxy server
>running squid. What do you recomend? Is
>
>hardware raid with sata good enough? Dual core any good? Does the
>menory system benefit on dual chanel?
>
>
Get the fastest disks you can afford. The more spindles the better
(within reason). Don't RAID the cache_dir drives. With either the
epoll patch or Squid 2.6, CPU power is far less important than IO speed.
>2) Is it a good way to do the transparensy routing of port 80 with
>another linux server than where squid is
>
>running? Is this good way to do this? Any problems doing it this way?
>
>
I'm not sure about how this will impact performance, but xinetd can
redirect traffic to another computer (search for "xinetd redirect").
Perhaps in conjunction with the standard iptables redirect rule...
http://www.heronforge.net/redhat/node11.html seems to imply that using
netcat is a better choice for a constantly used service.
Personally I'm strongly opposed to interception caching, but I do
understand the attraction and benefits. See section 2.1 of
http://www.wrec.org/Drafts/draft-ietf-wrec-known-prob-02.txt for an
explanation of some of the problems.
>Can the proxy server then directly
>
>connect to internet or do have to backroute it to the router that made
>the separation? Can you recomend any
>
>howtos how this transparenty is done with diffrend server.
>
>
With the method suggested, (xinetd redirect) no special backrouting
needs to be performed.
>3) Does any of you know does Linux support D-Link DGS-3308TG's
>Trunking, also known as link aggregation to
>
>combine two gigabit connections as one? The switch does not seems to
>support 802.3ad.
>
>
Can't help you there.
>
>Pasi Leinonen
>Retkeilijäntie 1H 12
>70200 Kuopio
>p. 044-2892372
>
>
>
Chris
Received on Thu Jun 08 2006 - 16:31:03 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Jul 01 2006 - 12:00:01 MDT