Sunday, January 16, 2011

How do I tell if I would benefit from a Squid?

Is there a good way to tell if my network users would benefit from a squid cache?
I assume setting one up and looking at it's logs would tell me, but at that point I may as well finish.
The network already has a Linux based NATing Firewall.

From serverfault Dru

  • What type of internet connection do you have? What is the bandwidth speed? How many users do you have and what is their typical use of the internet? Are you currently having any bandwidth issues?

    Read the first two paragraphs here and see if that helps.

    John Gardeniers : My thoughts exactly - too little information to be able to offer a proper answer. +1
    From cop1152

  • we had squid installed in our college porxy server. it helps if u have multiple connections. for just one pc i dont think it would be that useful

    From $pageUsers[$post.author].name

  • Depends on users and the content they're hitting. If they're hitting a lot of static content, the proxy will help. If it's dynamic information, not so much.

    The only way to really tell is if you tried putting one in and saw what kind of traffic you're seeing. There's really no test that I know of to determine if you're in need of or could benefit from a proxy server.

    You could try looking at your bandwidth use and if it's coming from a lot of HTTP traffic you should try the proxy. Also if your users are complaining about slow browsing then you can try the proxy.

    If slow webbertubes navigation is because you have a couple people sucking bandwidth for Internet radio or videos or something like that then the proxy probably won't be a big boost.

    One bonus to the proxy, though, is the ability to get a general idea of what kind of web traffic you're getting if the boss wants that information for some reason. For some businesses there are accountability issues, or you can see things like how hard update sites are getting hit (windows updates) or if there's anomalous traffic you will know what machine to investigate to see if it's infected with something and trying to "phone home".

    The proxy would let you break down web traffic and get some statistics for your network in case there are some issues there.

    Personally I don't see why you couldn't throw together a testbed proxy server and see if it helps or hurts your network. If it doesn't help, you just stop routing traffic through it and remove it from the network. If it does work, you could only benefit from the effort.

    From Bart Silverstrim

  • I'd definitely go through a proxy as it lets you have a single point through which everything on your network accesses the internet and keeps your users away from direct access to the firewall. Doing this should enable you to create a firewall ruleset that's probably a good bit simpler and/or more secure than what you currently have, and you should also be able to implement some form of content scanning for any malicious executables being downloaded. All good stuff.

    A cache is still of some value for content such as images and large javascript files. It's probably a good bet that about 50% of your internet traffic hits the same 10 or so sites, so you could get some useful gains there. Even if someone else is sucking up your bandwidth by streaming video, these could be delivered locally from the cache without needing to compete with the other use.

    From mh

  • Our ResTek group does something creative with their cache-proxy (which I believe is actually Squid) and our network infrastructure. Since they do not have unlimited bandwidth, they are using a packet-shaper to try and keep the P2P stuff prioritized lower. Traffic from the cache-proxy is prioritized highest. Regular ole web-traffic from dorm rooms is prioritized at a medium level.

    The students have found out that they can get noticeably faster web access when they are configured to use the cache-proxy. This was intentional, as their networking people really would like to prioritize interactive web-traffic over bulk-downloads. By setting up the cache-proxy for high priority they do this.

    From sysadmin1138

  • Years ago, I found it helped with dns lookups, the browsers asks for the web page, the cache handles all the ickly stuff, it made Mozilla much nicer. And of course, there is always some static content.

    From Ronald Pottol

  • Another potential benefit that has not been mentioned is for software upgrades. Instead of hitting the same upgrade site with many machines, if the updates/upgrades are cached, your internal machines will all upgrade much faster. These updates are generally static patch files so will be cached if squid is configured correctly. You can save a lot of traffic this way.

    John Gardeniers : ... right up to the point where those files are removed to make room for newer content.
    sybreon : hehe.. just increase the size of the cache and extend lifespan of the files. I'm sure that there are other ways to handle this.
    TRS-80 : Currently Microsoft updates aren't cached by squid - I think the lusca (a squid2 fork) developer is working on fixing it though.
    Bart Silverstrim : I don't know how well the proxy handles things that are massively distributed like through akamai, which I think Apple and MS use (or some other large commonly used companies)...that would be something to test or someone else may know the answer to, since the target is different depending on load and time of day.
    From sybreon

  • In my experience, the average office gets 40-60% cacheability on their web browsing. Schools usually a good deal higher. Unless there's only 2 or 3 of you in your organisation, you'll get some benefit, which you will trade for another point of failure. If the squid cache is on the NAT device, you won't have any extra places where hardware can fail though, so that reduces the harm.

    Generally, I would say yes, you won't regret it.

    From Tom Newton
Posted by Mu Cat at 5:05 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)