Thanks for the insight. Ted On Thu, 2004-03-11 at 09:28 +0100, Henrik Nordstrom wrote:
> On Wed, 10 Mar 2004, Ted Kaczmarek wrote: > > > Transparent is fool proof(assuming you do your homework) > > Fact: Only about 1% of the people deploying transparent proxying do the > homework on what this actually involve at the protocol level, and at least > 95% does so in an environment where it can not be done correctly. > > > but implicit is definitely more robust. In Fail over situation > > transparent really starts to shine. It is very simple to originate a > > default route through a L4 redirect, with implicit the only good option > > is dns timeout. > > It is not complex to add a load balancer infront of a farm of proxies. In > addition PAC scripts provide very easy paths. > > > If you really a crackpot you can redirect both for fail over. Service > > and health checks are a sweet thing. > > These are ortogonal to the transparent vs configured proxy question. > > > I opted for transparent because the administration is fool proof and > > auth is not required. > > Just works....... > > Transparent mode does not "just works". > > Transparent mode does most often work for the majority, but there is a big > can of worms which will bite sooner or later. > > Some of the most noticeable include: > > - Path MTU discovery issues, seen if any client as a Path MTU smaller > than the normal, such as a dialup tuned for interactive use or a VPN > client. > - Authentication not possible as you already mentioned > - Browsers not expecting a proxy and therefore not sending the same > information as when using a proxy (Reload button not working etc..) > > But when it works it "feels great". > > Regards > Henrik
