[General] FT Cache Compromised (Again)

Burhan Khalid burhan at kuwaitnet.net
Thu Dec 4 10:30:12 +03 2008 

Maje B. wrote:
> I have built a Virtual Machine host with 24GB RAM and about 250GB
> space (RAID5) -- quad core xeon, for work.
> 
> We have a couple of low utilization VMs running on it, so I guess I
> can slap another Linux VM and put squid on it. It's gonna serve around
> 150-300 users.
> 
> I love the ramfs/tmpfs idea!! I've been tinkering with it for a while,
> so I guess this is yet another usage for it :D
> 
> What I wanna ask is whether it's worth having 2 caches: local & remote
> on the VPS?
> 
> It seems to me that one local is quite enough, and the secondary one
> would only put more delay (prefetching, caching, logging, sending).
> If a request comes to the local cache, it will fetch the data through
> its gateway which is the VPS, then cache it locally. The next time a
> request comes along, it's gonna hit the local cache, so the remote one
> would never be touched for previously visited data.
> 
> Correct me if I'm wrong!

The second one is not a true 'cache', its just a request forwarder. 
Either way, you would have to have squid (or some other lightweight 
proxy) running on the remote machine which can then forward requests to 
your local cache. What you can do is disable caching and logging on the 
remote one; since I assume you'll be putting it in a VPS/VM or similar 
setup.

> Thanks a lot Burhan for the link! But can you elaborate on this paragraph:
> cache_peer_domain parent.foo.net	.edu
> "has the effect such that UDP query packets are sent to 'bigserver'
> only when the requested object exists on a server in the .edu domain."
> 
> Does that mean that cache requests are served for edu domains only?

Not quite, it means that "for all objects in the .edu domain, use 
parent.foo.net as the caching server". I believe 'UDP query packets' is 
the long way of saying "DNS lookups". This option is used to specify 
caching servers "peers" that are only queried for certain domains.

If I were to set this up, I would explicitly prohibit cache peering for 
domains that are *.kw, since that would just be pointless traffic.

If you are looking to do an ACL for domains, then the correct option is 
cache_peer_access

So, to summarize:

To setup external proxy servers, use cache_peer with the "proxy-only" 
option. (Ref: 
http://www.squid-cache.org/Versions/v3/3.1/cfgman/cache_peer.html )

To optimize your cache performance, limit the domains for which you send 
requests out by using cache_peer_access (Ref: 
http://www.squid-cache.org/Versions/v3/3.1/cfgman/cache_peer_access.html  )

Hope this helps.

More information about the General mailing list