[squid-users] Questions about forcing traffic through Squid

From: Wallace, Brian S. <[email protected]>
Date: Thu, 07 Aug 2003 13:50:17 -0400

Hi:

We have a Squid cluster setup as follows:

        1 ServerIron router
        3 Sun SunFire V120 servers running Squid 2.5Stable2,
                SmartFilter 3.2.1 and InterScan VirusWall 3.8

The ServerIron router load balances proxy.ornl.gov to the 3 Sun servers,
proxy(1,2,3).ornl.gov. Squid is setup to route traffic through the
VirusWall via the following configuration:

                cache_peer 127.0.0.1 parent 81 0 default no-query
                never_direct allow all

With the user setting their browser to proxy.ornl.gov, the web traffic
is proxied, content monitored and virus scanned. All of this is load
balanced via the ServerIron router. This is working fine.

We have a Cisco IPX firewall router and we had intended to block all
outgoing port 80/443 traffic and have our users set their browsers to
use proxy.ornl.gov. However, we have been requested to force users
through the proxy cluster without having them change their browser
settings. After reviewing FAQ-17 and the ViSolve white paper on
transparent caching, I have the following questions:

1. It looks like transparent caching and WCCP would both bypass the load
balancing currently being done by the ServerIron. Is this correct?

2. Are there other ways to do load balancing and still use the
VirusWall?

3. Is there anything that can be setup between the Cisco router and the
ServerIron to do the routing without changing the configuration of the
Squid servers?

4. Which ever method is used to force traffic to the Squid servers, are
there ways to allow some outgoing traffic to bypass the Squid servers?

I am not a networking expert, so my questions may seem trivial. Please
keep that in mind responding to my questions.

Thanks for your help,

Brian S. Wallace

Oak Ridge National Laboratory
P. O. Box 2008, MS 6025
Oak Ridge, Tennessee 37831-6025

Voice (865) 576-3193
Fax (865) 241-4000
Received on Thu Aug 07 2003 - 11:50:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:18:46 MST