RE: [fw-wiz] Transparent proxying

From: Victoria of Borg (vicofborg_at_myrealbox.com)
Date: 02/13/04

Next message: Brian Ford: "Re: [fw-wiz] Vlan's as effective security measures?"

Previous message: hugh_fraser_at_dofasco.ca: "RE: Re: [fw-wiz] Vlan's as effective security measures?"
In reply to: kaptain: "RE: [fw-wiz] Transparent proxying"
Next in thread: Ng Pheng Siong: "Re: [fw-wiz] Transparent proxying"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <firewall-wizards@honor.icsalabs.com>
Date: Fri, 13 Feb 2004 09:11:53 -0800

> From: firewall-wizards-admin@honor.icsalabs.com
> [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf
> Of kaptain
> Subject: RE: [fw-wiz] Transparent proxying
>
>
> WCCP is more elegant. It doesn't force default routes and it
> uses health checks with proxies that support it. If the
> proxy goes down, the router will bypass the proxy and go
> directly to the origin server.

A couple of months ago, I helped setup a WCCP-based system using Squid
(www.squid-cache.org) as the cache-engine. This worked remarkably well.
When we brought up the Squid engine, after making sure our WCCP config was
correct, every single outbound HTTP request was routed through the proxy.
Not a single change was needed on the desktop. It was a wonderous event.

To make matters more interesting, the WCCP protocol supports multiple
cache-engines. It then parcels out a portion of traffic to each engine
based on a hash of the URL. That way, all traffic heading to
http://www.cisco.com/ hits the same cache, where traffic going to
http://www.hotmail.com/ could go through a different one. If any of the
engines drops out, within 30 seconds WCCP will notice and repartition
traffic accordingly. And if all engines fail, traffic goes out the default
route instead.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Brian Ford: "Re: [fw-wiz] Vlan's as effective security measures?"

Previous message: hugh_fraser_at_dofasco.ca: "RE: Re: [fw-wiz] Vlan's as effective security measures?"
In reply to: kaptain: "RE: [fw-wiz] Transparent proxying"
Next in thread: Ng Pheng Siong: "Re: [fw-wiz] Transparent proxying"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: FreeBSD 6.x / GRE / WCCP / Squid
... >> wccp version 2 in order to run wccp with squid. ... Squid doesn't support WCCP version 2. ... I see the packets hitting fxp0 correctly and I see the forward rules, ... and the proxy server is in a routable IP range in my DMZ. ...
(freebsd-questions)
Re: Proxy with PIX
... > What do you mean by WCCP? ... its a protocol, used to intercept traffic, and forward it to the proxy. ... Prev by Date: ...
(comp.dcom.sys.cisco)