RE: Transparent proxying

["Victoria of Borg" <vicofborg () myrealbox com>]

> From: firewall-wizards-admin () honor icsalabs com 
> [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf 
> Of kaptain
> Subject: RE: [fw-wiz] Transparent proxying
>
>
> WCCP is more elegant.  It doesn't force default routes and it 
> uses health checks with proxies that support it.  If the 
> proxy goes down, the router will bypass the proxy and go 
> directly to the origin server.

A couple of months ago, I helped setup a WCCP-based system using Squid
(www.squid-cache.org) as the cache-engine.  This worked remarkably well.
When we brought up the Squid engine, after making sure our WCCP config was
correct, every single outbound HTTP request was routed through the proxy.
Not a single change was needed on the desktop.  It was a wonderous event.

To make matters more interesting, the WCCP protocol supports multiple
cache-engines.  It then parcels out a portion of traffic to each engine
based on a hash of the URL.  That way, all traffic heading to
http://www.cisco.com/ hits the same cache, where traffic going to
http://www.hotmail.com/ could go through a different one.  If any of the
engines drops out, within 30 seconds WCCP will notice and repartition
traffic accordingly.  And if all engines fail, traffic goes out the default
route instead.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards