Wensong Zhang wrote:
[WZ]
>>> By the way, you can use the private internet for your proxy servers.
[RT]
>> I did that when I was originally setting it up. But, for some unknown
>> reason, using 10.1.3.x address space resulted in -very- slow accepts of the
[WZ]
> It will be a little bit slow when private internet addresses are used for
> proxy servers, because the proxy servers access the Internet through the
> virtual server box's IP Masquerading. There are over 4,000 concurrent
OK. I have about 250 user dialins. Assume each one is browsing, and using
Netscape, which from memory uses up to 5 simultaneous connections. That's
only going to be about 1000 connections at the same time, which isn't all that
much. I just a quick count:
[rob@proxy0 net]$ pwd
/proc/net
[rob@proxy0 net]$ wc -l ip_masquerade
271 ip_masquerade
[rob@proxy0 net]$
Which means, to me, there's only 271 connections happening at the moment.
Admittedly, it's only 4:30pm, so it's no-where near peak time, which runs from
about 6pm to 11pm.
> I don't know why it was -very- slow when private internet addresses were
> used. Maybe we can analyze it if you are like to describe your network
> topology including your routers in detail and what your virtual proxy
> server for.
OK, I'll email you my (reasonably) current network diagram privately, as any
sane Majordomo will bounce a binary file 8-)
When I say 'very' slow, it was taking 20-30 seconds to accept a connection,
but once it had actually accepted it, the data was coming through fine.
Strange.
> Would you please tell who are using this virtual proxy server? If you just
> provide it for your dial-in users, the proxy1 and proxy2 reach them via the
> virtual server box, that's OK. If not, the proxy1 can reach the proxy users
> without routing through the virtual server box, i don't think it will work.
At the moment, users are connecting to annex1, annex2, annex3 or tigris. They
then either use a proxy.pac which points them to 203.63.158.2 (which is eth0:0
on 203.63.158.10) which is where the load balancer is listening. It then
fires them off to either 203.63.12.2 or 12.3 (I can't seem to make it talk to
12.1, which is eth1 on the same machine). If they're not using proxy.pac,
cisco4000 transparently redirects them to 203.63.158.10, on which squid is
listening and picks up requests there. It also queries .12.2 and 12.3 over the
private lan for ICP stuff, but I'm getting out of the context here 8-)
[RT]
>My next task is to figure out if I can redirect to the local machine, so I
>can put Squid on 203.63.12.1 as well as 2 and 3.
That doesn't seem to want to work.. Haven't looked too hard at tho.
(I'm assuming you've got xfig to look at the network diagram I'm sending off
8-)
--Rob
|