Re: [squid-users] WCCP load balancing and TPROXY fully transparent interception

From: Richard Wall <richard.wall_at_appliansys.com>
Date: Fri, 19 Dec 2008 15:00:34 +0000

2008/12/19 Bin Liu <binliu.lqbn_at_gmail.com>:
>> I'm interested to know if you have managed to get this working
>> reliably for your ISP environment?
> Not yet. We are still doing some test in our own environment.

Bin,

Thanks for your reply. We're working on a Squid configuration for ISP
customers and it would be really interesting to hear about any
potential problems with this configuration.

>> How far have you gone to make Squid truly transparent eg
>> * suppressing the Squid headers, error messages etc.
>> * Is there any way to configure Squid / Cisco to give SYN_ACK,
>> "connection refused" and ICMP "host unreachable" responses rather than
>> Squid error messages?
>> * Can you force Squid to make its request from the same source port
>> as the client.
>
> You mean totally transparent and the clients don't even know the
> existence of squid by any means? It seems a little bit difficult...

Yeah, I agree. It's going to be impossible to totally hide Squid, but
we're going to do as much as we can.

>> * If someone uses port 80 for a protocol other than http, can Squid
>> reject the redirected traffic in such a way that it is passed through
>> directly instead?
>
> WCCPv2 can support this feature by Packet Return Method. (See
> http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/wccp.html,
> search "Web Cache Packet Return". Also mentioned in your url:
> http://bazaar.launchpad.net/~squid3/squid/3.1/annotate/9363?file_id=draftwilsonwccpv212o-20070417152110-s6qkuxj8uabe-1)
> But Henrik said squid hadn't implemented this feature yet. (See
> http://www.squid-cache.org/mail-archive/squid-users/200811/0130.html)

Thanks for the links.

-RichardW.

-- 
Richard Wall
Support Engineer
ApplianSys Ltd
http://www.appliansys.com
(t) +44 (0)24 7643 0094
(f) +44 (0)87 0762 7063
(e) richard.wall_at_appliansys.com
Received on Fri Dec 19 2008 - 15:04:39 MST

This archive was generated by hypermail 2.2.0 : Fri Dec 19 2008 - 12:00:02 MST