Agreed. We have some alteon layer-4 switches. A nice piece of kit, though they don't really scale beyond 256 servers very well.
D
Stephen Baxter wrote:
>
> Brad,
>
> Have a look at ip route-cache policy under the interface config of your
> router. This may help some but in the end doing transparent proxy on a
> router does not scale all that well.
>
> Have a look at some layer 4 switches - they are very impressive !
>
> > Good evening all.
> >
> > I'm a new user to Squid and am having a problem with our Cisco 3640 router
> > when running Squid. (Its killing the cpu)
> >
> > Have Squid installed and up and running on a FreBSD System.
> > Pentium II-350, 128Meg, 4 Gig for OS and 2x9Gig drives for cache.
> > That part seems to be running just fine
> >
> > Problem I am having is when I cause our Cisco 3640 (core) router to
> > redirect HTTP traffic, the cpu load on the cisco goes from ~30% to 99%.
> > ie. it just hammers our router!!!
> >
> > Router is connected to two upstreams
> > one via a 100Meg full-duplex ethernet to UUNet
> > second via 2 Full T1 loops to Sprint
> > Running BGP4 and taking 2 full tables.
> > Router has 128Meg ram, Version 11.2(11)P IOS
> > Local traffic is delivered via another FastEther full-duplex to our Cisco
> > 2924XL switch.
> >
> > I'm applying the "ip policy route-map proxy-redirect" to the local FastEther.
> >
> > FreeBSD Squid cache box is connected to same switch via full-duplex 100Meg
> > Ether.
> >
> > Like I said, things seem to work along just fine. I tail the access.log
> > file and squid seems to be doing everything it should. Just the wheels are
> > going to fall off our poor little router. I would have thought a Cisco 3640
> > would have been able to handle doing redirects at this level just fine.
> >
> > Oh, guess I should mention that when I do let squid run for a bit, I'm
> > seeing about 1.5 - 1.8 Meg of traffic going to/from the Cache box. This
> > being generated from approx 600 dial customers on line at the time.
> > But during this time any traffic that goes through the router, is really
> > throttled back. Things just seem to grind to a halt. (ie telnet to any
> > local systems in the office is almost unusable).
> >
> > Any suggestions?
> > Am I trying to do more that our router will handle?
> > or do I maybe have a config problem somewhere?
> >
> > Some stuff from our cisco:
> >
> > access-list 110 deny tcp host 209.223.225.2 any eq www
> > access-list 110 permit tcp any any eq www
> >
> > route-map proxy-redirect permit 10
> > match ip address 110
> > set ip next-hop 209.223.225.2
> >
> > int fast 0/0
> > ip policy route-map proxy-redirect
> >
> > Thanks for any/all suggestions!
> >
> > _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
> > _/ Regards: Brad Groshok (bgroshok@odyssey.on.ca) _/
> > _/ President Odyssey Network Inc. http://www.odyssey.on.ca _/
> > _/ London Ontario Canada PH:(519)660-8883 Fax:(519)660-6111 _/
> > _/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
> >
> >
>
> --
> Stephen Baxter CCNA SE Network Access/Big Networks Australia
>
> CHECK OUT OZBYTES
> http://www.ozbytes.net.au
> Sound Bytes - 50 artists hosted and growing
>
> phone : +61 8 8221 5221 222 Grote Street
> fax : +61 8 8221 5220 Adelaide 5000, Australia
Received on Tue Jun 15 1999 - 04:07:20 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:46:53 MST