On Tue, Jan 17, 2012 at 4:25 PM, jeffrey j donovan
<donovan_at_beth.k12.pa.us> wrote:
>
> On Jan 17, 2012, at 1:02 PM, nachot wrote:
>
>> We currently have a commercial proxy solution in place but since we increased
>> our bandwidth to 150meg connection, the proxy is slowing things down
>> considerably as it's spec'd for 10meg connections. The commercial vendor
>> proposes a new appliance that is 5 times what we can afford to spend. We're
>> considering Squid as an option, but it needs to be able to support 50meg
>> sustained throughput with spikes to 150meg.
>>
>> We have about 200 users and only need the proxy to support ICAP integration
>> with our DLP solution. The Squid proxy should provide visibility into our
>> SSL connections for the DLP solution to scan and also provide blocking of
>> web/FTP connections containing sensitive data. Caching and web filtering
>> are secondary needs.
>>
>> I expect Squid would be able to support our needs, but also expect that it
>> won't run on light hardware (which is the reason behind our current need in
>> the first place). Are there recommended hardware specs for such a
>> configuration?
>>
>> Any suggestions are appreciated.
>
>
> I have 2 squids running on 2.8ghz quad core xeons, serving 32 networks and 9,000 users. internet connection is 100mb ethernet handoff.
> squid is great money saver.
>
> -j
More important that Mb/s or users is requests per second. You can put
gig or 10 gig interfaces on the Squid box; the number of lookups it
can do per second doesn't get any faster.
You can get that from your logs, it's easy to time bin them and
generate peak values for second, 5 or 10 second bins, minutes, etc.
From that, spec out systems to match it.
Last time I ran high-performance Squid clusters (a couple of jobs ago
now) we hit 600 plus hits per second per server in "lab test"
(3.0P30ish at the end) and 400+ HPS in production, in clusters of 2-4
per cache pool, using dual-CPU quad-core P4 boxes with 8 GB of RAM, 4x
SATA HD (root, 2x separate cache dirs, logs dir). I have heard
similar numbers for general internet content from others, though your
mileage may vary depending on how big the hits are and tuning and your
CPUs.
-- -george william herbert george.herbert_at_gmail.comReceived on Wed Jan 18 2012 - 17:05:08 MST
This archive was generated by hypermail 2.2.0 : Wed Jan 18 2012 - 12:00:03 MST