We currently have a single FreeBSD box with Squid cache, which forwards all requests through a Trend AV proxy server, and out to the Internet for web requests. Both of these boxes are duplicated, the Squid box, running freevrrp for hot standby and the AV box with a manual failover. This setup supports about 20,000 users and sustains 10-13MBps during 6am-6pm.
Here is my first draft plan:
Reinstall the OS, FreeBSD 4.10-STABLE with all recommended and/or required kernel tuning parameters including ephemeral ports, which we are currently hitting the ceiling on (18GB disk for OS/apps, 18GB disk for logs, 72GB disk for cache... all SCSI). Squid will be 2.5STABLE5 compiled with --enable-ipf-transparent and --enable-storeio=diskd,ufs, cache_mem set to 384 MB and a single 60GB diskd cache_dir with noatime, async, and softupdates enabled. This box will forward all requests to the Trend Proxy for virus scanning.
My questions:
Is there a better way to make use of these two identical Squid boxes? The second box will be a hot standby using freevrrp. Is there an easy way to setup a load balanced pair that share cache dirs, and provide 100% uptime if one of the boxes crashes?
Same question goes for the AV servers... From what I read, I can setup two cache_peers instead of one and it will use them both. If one dies, it won't send traffic to that one anymore? Currently if the active AV proxy dies, we have to change the squid config file to point to the other IP address.
Is diskd a solid filesystem for this kind of load? Do multiple cache_dirs across disks increase performance, or will the single one be just as good? How about multiple cache_dirs on the same drive?
Thanks for the help!
-gvb
