Hi
I am using squid inside firewall and on DMZ.
Firewall Firewall
| DMZ |
| |
+--+ +---------+ | +--+ +---------+ |
| |-->|squid-1-a|-----+ | |-->|squid-2-a|--------> internet
| | +---------+ | | | | +---------+ |
client --> |LB| | +-->|LB| |
| | +---------+ | | | | +---------+ |
| |-->|squid-1-b|-----+ | |-->|squid-2-b|--------> internet
+--+ +---------+ | +--+ +---------+ |
| |
| |
LB: Load Balancer
1. Clients access LB's VIP by Proxy Automatic Configuration
2 LB accesses squid-1-* by round-robin
3. Squid-1-* access LB's VIP on DMZ
4. LB on DMZ accesses squid-2-* by round-robin
5. Squid-2-* access to the internet
Squid-1-* are used for cache and Virus Scan over HTTP(high CPU usage and too many disc
I/O).
Squid-2-* are used only for proxy(not cache and low load).
Spec of Squid-1-* box is the same with Squid-2-* box.
Under this condition, web accesss to the internet is very slow.
I want to use Squid-2-* effectively for cache.
LB is not required and Squid-1-* can't access to the internet directly.
What shoud I do?
(I think that CARP is the best way to access to the internet)
Tomi
