[ previous ] [ next ] [ threads ]
 
 From:  "Chris Bagnall" <m0n0wall at minotaur dot cc>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] Squid & m0n0wall
 Date:  Fri, 5 Aug 2005 08:46:32 +0100 
> > Whats the best way to run Squid now? We used to port 
> forward outbound 
> > 80 and 443 to our squid server sitting on the Internet side of our 
> > backbone via iptables and forward rules.

Can't help you much with this I'm afraid - it sounds a bit like Squid's
transparent proxying, but I've never really used it. Can you not specify
proxy settings on the client machines (either manually or via group policy)?

> > Our primary worry is we love squid, use it heavily (it 
> saves are butt 
> > in bandwidth issues at times) but it gets beat on so badly it goes 
> > down frequently (once or so per month) - most of the time, just bad 
> > hdd's.

I'd say there are 3 options here:
1) use multiple squid boxes in a load-balancing configuration. Squid's
support for this is pretty good (you can either get each squid box to use
ICCP to query each other's cache) or you can use a javascript PAC file on
the client machines to load balance between multiple squid boxes.

2) If the problem is HDDs, consider using multiple HDDs in the cache, each
in a hot-swap bay so you can add/remove them without taking the squid
machine offline. There are some reasonably priced SATA hotswap units around
these days and cards to support them.

3) Depending how much disk space is required, consider using a squid box
with a massive in-memory cache (4GB or so) so that frequently accessed data
is nearly always coming from ram, not disk. Don't know how much difference
this'll make - my experience of squid has been that any more than about 4GB
cache tends to use as much IO time finding the object as it does to grab it
from the remote website.

> We have a squid box internally that that has a gateway of the 
> firewall and we set the client proxy settings using a windows 
> gpo.  The box we use is a spare Dell 750 (cel 2.4/512/80GB 
> SATA drive) that doesn't break a sweat with
> 50+ users on it.

A client's place is running on an XP2800+/512/80GB with about 30 users and
quite a few other services on the same box (IMAP server, etc.) and there
doesn't appear to have been a load problem. HDD seems to have been reliable
- Seagate 7200.7 SATA if it's any help to you. Tend to use them in all
machines for clients - they're cheap, quiet, reliable (yet to have one fail)
and have a 5yr warranty on 'em.

Regards,

Chris
-- 
C.M. Bagnall, Director, Minotaur I.T. Limited
Tel: (07010) 710715   Mobile: (07811) 332969   Skype: minotaur-uk
ICQ: 13350579   AIM: MinotaurUK   MSN: msn at minotaur dot cc   Y!: Minotaur_Chris
This email is made from 100% recycled electrons