On 17/07/2013 11:15 p.m., Travel Factory S.r.l. wrote:
> Hi,
> sorry my message was incomplete.
>
>> Depends on what is purpose of the proxy.
>
>
> When in production the proxies will serve about 3000 users on a
> 200mbit internet connection that runs at full speed during several
> hours daily. Use of proxy is not mandatory at the moment, users can
> disable it.
Sure. You will require, probably, at least 4 workers to handle this Mbps
load comfortably. Assuming it is 100% HTTP traffic.
You then have 10 or so spare CPU cores on that box.
>
> I want to save bandwidth, if possible, and give quicker answers when
> possible.
>
> I also want/need to block direct access to the internet by the
> clients, so that all traffic is scanned for malware.
>
> To do this I currently have an antivirus/malware/url scanner as
> upstream proxy (cache_peer). This commercial product also support
> ICAP... is it better ?
ICAP is better, but that depends on how you locate it in your network
topology.
* With an upstream proxy you are required to funnel all traffic via
them and may bottleneck or go down if they have issues.
* ICAP protocol offers sending only a short preview of responses for
scanning, whitelisting traffic to bypass the scanners, etc. However how
data gets to the scanner matters as Squid consumes bandwidth getting it
there AND back in addition to the regular upstream bandwidth requirements.
>
>
>> In squid SMP you can try to use ROCK store that stores small
>> objects in
>> order to use SMP and cache_dir together.
>
>
> I compiled ROCK but is it mature enough to be used in production
> servers ?
Yes.
>
> I will locate infos on how to enable squid SMP
>
"Simple", the workers directive, you simply configure the number of
Squid worker processes to run and SMP is enabled.
Getting beyond that is somewhat more complex, and we are all still
experimenting and tuning up the various parts of Squid which are
SMP-aware for best performance.
>> If you want to measure the RAID1 efficiency feel free.
>> Dont rush into SSD since it's nice but you now have the specific
>> hardware that can work fine just like that.
>> What Raid are you using?? HW or SW or LVM?
>
>
> It's HW raid, and it is quick :-)
Better be. Take a read through http://wiki.squid-cache.org/SquidFaq/RAID
if you have not already.
>
>> I assume that you are not only trying to save couple small pieces of
>> bandwidth??
>
>
> It's one of the things I want to do since bandwidth is full....
>
> Thanks
Received on Wed Jul 17 2013 - 12:05:28 MDT
This archive was generated by hypermail 2.2.0 : Wed Jul 17 2013 - 12:00:19 MDT