April 22, 2019

Do-It-Yourself Caching: Squid 2.3 - page 4

Why Caching is Essential

  • February 29, 2000
  • By Lisa Phifer

Squid 2.3 caches HTTP, FTP, Gopher, and DNS lookup results, with support for SSL connections. All protocols are handled in forward proxy mode; only HTTP is available in transparent proxy mode. Squid can also operate as an HTTP accelerator (reverse web proxy) for a single server, or for several servers with different content.

We tested Squid as a simultaneous forward and reverse web proxy. To use both at the same time, you must enable the httpd_accel_with_proxy option. As a reverse proxy, Squid can listen for requests directed to several IPs and ports or accelerate virtual hosts at the same address using the HTTP/1.1 Host: header. Squid does not distribute requests across servers; for this, you'd need to use DNS round-robin or a server load balancer.

We did not test Squid in transparent mode. To do so, you'd need to route or redirect traffic to Squid using a switch or (new in Squid 2.3) a Cisco router running WCCP 1.0. Several Squid config changes are required, including:

http_port 8080
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Depending upon your OS, you may also need to recompile Squid. The most difficult part may be getting your OS to accept redirected packets and deliver them to Squid. Some OSes cannot do this; others require IP filtering or forwarding tweaks described in the Squid FAQ. Squid must run initially as root to listen to port 80 (or any other privileged port).

Squid supports hierarchies using ICP queries between child, parent, and neighbor caches over both unicast and multicast IP. As we had with commercial caches, we successfully configured Squid to query an ICP parent for all ISP-Planet.com requests:

cache_peer huahine.netreach.net parent 8080 3130
cache_peer_domain huahine.netreach.net .isp-planet.com

and monitored hierarchy behavior using Cache Manager. But we found that Squid must be able to reach its cache_peer(s) at start-up.

NLANR maintains a registry of caches to help build hierarchies. You can query NLANR's Tracker database to locate potential parent or sibling caches. To enroll your own cache, contact NLANR. You can restrict hierarchical queries satisfied by your cache using the icp_access option, or have proxied requests bypass the hierarchy if they match a specified hierarchy_stoplist. Finally, Squid can generate and exchange "cache digests." A digest is a (relatively) compact object index that peers can used to locate objects stored in neighboring caches.

Squid does not offer the high-availability features found in some commercial caching products. Using transparent mode with a switch may insulate clients from Squid server failure. Perhaps disk mirroring could be used to enable hot-standby, but we did not find this possibility discussed in the Squid FAQ.

Most Popular LinuxPlanet Stories