Greetings All,
I have a rather odd situation that has cropped up here that I
would like get some help with. For some background information, we
have had a Cisco SE onsite assisting us and we haven't gotten very
far.
Essentially I have two squid routers sitting parallel to our
firewall (they bypass the firewall). They plug into Cisco catalyst
3500 switches (no layer 3 capabilities) both inside and outside of our
network. In the past we have used WCCP on our internet gateway router
to intercept HTTP traffic and sending it to our squid farm while the
rest goes to our firewall. It has worked fairly well for us but we are
upgrading our gateway router and it no longer supports WCCP and
instead, I'm told that it uses policy-based routing which, to my
knowledge doesn't provide for any sort of fail-over or load-balancing.
After some rough water we managed to get the policy based routing
working to a single squid server which leads to the next step. I have
gone down the road towards setting up a squid cluster using heartbeat.
I've gotten that configured and working so all was looking good. Right
up until we pointed to policy based routing next-hop command to point
to the virtual IP presented by the squid cluster.
So here is where I can use some help from you all.
1. Is there a better way to provide the HTTP redirection instead
of policy based routing or WCCP?
2. Assuming the policy based routing is best what would be the
better way of providing load-balancing/failover besides the
clustering?
If you feel like you can help me with this but would like a
diagram in order to see the picture a bit more clearly please let me
know and I'll provide you with one.
I can be reached at this e-mail address:
paul<dot>fiero<at>gmail<dot>com pretty much any time from 5am till 1am
CST so please feel free to ask questions or pass on suggestions here.
Thanks in advance for whatever assistance you can provide. I have
had my current squid deployment in place for close to four-and-a-half
years with little problem and if it weren't for this system upgrade
I'd be sticking with it. And if I can't resolve this problem by this
coming Wednesday I will be forced to deploy a commercial system and
lose one more piece of open source software that keeps the door open
in my enterprise network for the continued use of open source
software.
PFiero
Received on Sat Apr 28 2007 - 15:34:06 MDT
This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT