Some Facts About Proxy Caches - Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION Installation Manual
Hide thumbs
Also See for LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION:
- Manual (184 pages) ,
- Supplementary manual (50 pages) ,
- Quick manual (12 pages)
Table of Contents
Advertisement
41.1 Some Facts about Proxy Caches
As a proxy cache, Squid can be used in several ways. When combined with a firewall,
it can help with security. Multiple proxies can be used together. It can also determine
what types of objects should be cached and for how long.
41.1.1 Squid and Security
It is possible to use Squid together with a firewall to secure internal networks from the
outside using a proxy cache. The firewall denies all clients access to external services
except Squid. All Web connections must be established by the proxy. With this confi-
guration, Squid completely controls Web access.
If the firewall configuration includes a DMZ, the proxy should operate within this zone.
Section 41.5, "Configuring a Transparent Proxy" (page 797) describes how to implement
a transparent proxy. This simplifies the configuration of the clients, because in this
case they do not need any information about the proxy.
41.1.2 Multiple Caches
Several instances of Squid can be configured to exchange objects between them. This
reduces the total system load and increases the chances of finding an object already
existing in the local network. It is also possible to configure cache hierarchies, so a
cache is able to forward object requests to sibling caches or to a parent cache—causing
it to get objects from another cache in the local network or directly from the source.
Choosing the appropriate topology for the cache hierarchy is very important, because
it is not desirable to increase the overall traffic on the network. For a very large network,
it would make sense to configure a proxy server for every subnetwork and connect
them to a parent proxy, which in turn is connected to the proxy cache of the ISP.
All this communication is handled by ICP (Internet cache protocol) running on top of
the UDP protocol. Data transfers between caches are handled using HTTP (hypertext
transmission protocol) based on TCP.
To find the most appropriate server from which to get the objects, one cache sends an
ICP request to all sibling proxies. These answer the requests via ICP responses with a
786
Installation and Administration
Advertisement
Table of Contents
Troubleshooting
