Lowery, Michael wrote: > We have a central office with 2 Squid 2.5 servers / FreeBSD 4.4. We > have over 100 branches that all have their own Internet connections > through various means. All of the branches are connected to the central > office via VPNs to a Cisco 3030 VPN Concentrator allowing them access to > the centralized servers and other network resources. The central office > has a 15 meg pipe to the Internet, most of the branches are using ADSL > with 384k upstream.
> With this scenario, is it possible to use the two Squid servers in the > central office to service all of the clients across this VPN network? It's possible. How well the Squid servers will perform depends on the average and peak concurrent requests/second you want the Squid servers to handle, and also on how much bandwidth is left over from the VPN for HTTP requests. > HTTP traffic outside of the network is not considered to be terribly > important, so even though it will be quite slow, will it be TOO slow? If it is, Squid probably won't be the problem. I'll hazard a guess that the main site's Internet connection will be the biggest bottleneck here. > Should we be using WCCP? (We want to proxy transparently.) You can, though the general advice is to use proxy autoconfiguration scripts pushed out by whatever configuration management tool the company uses. > Are there other alternatives to this? Let the branch offices use their Internet connections directly for HTTP requests to external sites instead of using the VPN, and install some sort of proxy appliance in each office. Adam
