squid
DESCRIPTION
What is squid? What is a proxy server? how it works.., What squid can offer??, How you get a fast internet access using caching server,,you can download this pptTRANSCRIPT
Topic to be covered:Topic to be covered:
What is Proxy?? Purpose of using Proxy Improving performance using Proxy Filtering request using proxy
Part I:
Part II: How Proxy works?? (Animated presentation) SquidOther ProxiesSquid Page Fetch AlgorithmCacheable ObjectsNon-cacheable ObjectsTransparent Proxies (Pros & Cons)Part III:Installation & Configuration Of SquidDemo
What is Proxy ?What is Proxy ?ProxyProxy
Proxy is hardware / software
Proxy servers operate as an intermediary between a local network and services available on a larger one, such as the Internet.
Indirect access to other networks e.g INTERNET. all computers on the local network have to go through it before accessing information on the Internet.
Proxy share a connection to others
Proxy act as gateway
Proxy act as Cache Server/Firewall
Organization , universities , companies use proxy systems
LAN INTERNET
Main purpose of using Main purpose of using proxiesproxies Improve Performance
Act as Cache server Cache web pages & provide them back without
requesting the page again from website server. Bandwidth control
Reduces the Bandwidth requirements for an large Organization.
Filter Requests Prevent access to some web sites!!! Prevent access to some protocols Prevent access of network on Time Basis.
Surfing Anonymously Browsing the WWW without any identification!!!
Improving PerformanceImproving PerformanceCaching can greatly speed up Internet access. If one or more Internet sites are frequently requested, they are kept in the proxy's cache, so that when a user requests them, they are delivered directly from the proxy's cache instead of from the original Internet site.
Caches diminish the need for network bandwidth, typically by 35% or more, by reducing the traffic from browsers to content servers.
Bandwidth controlBandwidth control– Policy-based Bandwidth Limits– Deny by content type
INTERNET
64 Kbps
128 Kbps
512 Kbps1 Mbps
CachingCaching Reduces latency (Sites
takes less time to open) Reduces Network Traffic
( Reduces Data uses)
Filtering RequestsFiltering Requests Prevent access to some web sites!!!Prevent access to some web sites!!!
Categories web sitesCategories web sites Educational Educational Advertisements & Pop-UpsAdvertisements & Pop-Ups Chat Chat Games Games Hacking Hacking Peer-to-PeerPeer-to-Peer
Check by content typeCheck by content type .Exe / .Com.Exe / .Com .Mid / .MP3 / .Wav.Mid / .MP3 / .Wav .Avi / .Mpeg / .Rm.Avi / .Mpeg / .Rm
LAN
INTERNET
Proxy Server
IP : 172.16.0.2
Gw : 172.16.0.1
IP : 172.16.0.1
Source IP
172.16.0.2www.yahoo.com
Dest IP209.191.93.52
IP : 217.219.66.2
Gw : 217.219.66.1
LAN
INTERNET
Proxy Server
IP : 172.16.0.2
Gw : 172.16.0.1
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP
217.219.66.2www.yahoo.com
Dest IP209.191.93.52
Change Source IP Address
Source IP
172.16.0.2www.yahoo.com
Dest IP209.191.93.52
LAN
INTERNET
Proxy Server
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP
209.191.93.52
Dest IP217.219.66.2
Change Source IP Address & Destination IP Address
IP : 172.16.0.2
Gw : 172.16.0.1
LAN
INTERNET
Proxy Server
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP
209.191.93.52
Dest IP217.219.66.2
Change Dest. IP Address
Source IP
209.191.93.52
Dest IP172.16.0.2
IP : 172.16.0.2
Gw : 172.16.0.1
LAN
INTERNET
Proxy Server
IP : 172.16.0.2
Gw : 172.16.0.1
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP
209.191.93.52
Dest IP172.16.0.2
SQUIDSQUIDSquid is a free, open source, proxy caching server for Web clientsIt operates as an intermediary between the Web browsers (clients) and the servers they access.
Technically, A proxy server can simply manage traffic between a Web server and the clients that want to communicate with it, without doing caching at all. Squid combines both capabilities as a server.
Squid is supported and distributed under a GNU Public by the National Laboratory for Applied Network (NLANR) at the University of California, San Diego.
Protocol Description and Port
HTTP Web pages, port 80
FTP FTP transfers through Web sites, port 21
ICP Internet Caching Protocol, port 3130
HTCP Hypertext Caching Protocol, port 4827
CARP Cache Array Routing Protocol
SNMP Simple Network Management Protocol, port 3401
SSL Secure Socket Layer
Squid supports following protocols:Squid supports following protocols:
It supports Transparent proxying.
It works on port no. 3128
Other works that a Proxy does.
Other proxiesOther proxies
• Free-ware– Apache 1.2+ proxy support
• Commercial– Netscape Proxy– Microsoft Proxy Server– NetAppliance’s NetCache– CacheFlow – Cisco Cache Engine
Squid’s page fetch algorithmSquid’s page fetch algorithm
• Check cache for existing copy of object (lookup based on MD5 hash of URL)
• If it exists in cache– Check object’s expire time; if expired, fall
back to origin server– If object still considered fresh, return cached
object to requester
Squid’s page fetch algorithmSquid’s page fetch algorithm
• If object is not in cache, expired, or otherwise invalidated– Fetch object from origin server– If 500 error from origin server, and expired
object available, returns expired object– Test object for cacheability; if cacheable,
store local copy
LAN
INTERNET
Proxy Server
IP : 172.16.0.2
Gw : 172.16.0.1
IP : 172.16.0.1
Source IP
172.16.0.2www.yahoo.com
Dest IP209.191.93.52
IP : 217.219.66.2
Gw : 217.219.66.1
Cached Pages:
LAN
INTERNET
Proxy Server
IP : 172.16.0.2
Gw : 172.16.0.1
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP
217.219.66.2www.yahoo.com
Dest IP209.191.93.52
Change Source IP Address
Source IP
172.16.0.2www.yahoo.com
Dest IP209.191.93.52
Cached Pages:
LAN
INTERNET
Proxy Server
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP
209.191.93.52
Dest IP217.219.66.2
Change Source IP Address & Destination IP Address
IP : 172.16.0.2
Gw : 172.16.0.1
Cached Pages:
LAN
INTERNET
Proxy Server
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP
209.191.93.52
Dest IP217.219.66.2
Change Dest. IP Address
Source IP
209.191.93.52
Dest IP172.16.0.2
IP : 172.16.0.2
Gw : 172.16.0.1
Cached Pages:
www.yahoo.com
LAN
INTERNET
Proxy Server
IP : 172.16.0.2
Gw : 172.16.0.1
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP
209.191.93.52
Dest IP172.16.0.2
Cached Pages:
www.yahoo.com
LAN
INTERNET
Proxy Server
IP : 172.16.0.3
Gw : 172.16.0.1
IP : 172.16.0.1
Source IP
172.16.0.3www.yahoo.com
Dest IP209.191.93.52
IP : 217.219.66.2
Gw : 217.219.66.1
Cached Pages:
www.yahoo.com
Cached Pages:
www.yahoo.com
LAN
INTERNET
Proxy Server
IP : 172.16.0.3
Gw : 172.16.0.1
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Check for cached page
Source IP
172.16.0.3www.yahoo.com
Dest IP209.191.93.52
Page Found
LAN
INTERNET
Proxy Server
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Retrieve page from cache
IP : 172.16.0.2
Gw : 172.16.0.1
No Need to contact Yahoo server
Source IP
209.191.93.52
Dest IP172.16.0.3 Cached Pages:
www.yahoo.com
LAN
INTERNET
Proxy Server
IP : 172.16.0.3
Gw : 172.16.0.1
IP : 217.219.66.2
Gw : 217.219.66.1
IP : 172.16.0.1
Source IP
209.191.93.52
Dest IP172.16.0.3
Cacheable objectsCacheable objects
• HTTP– Must have a Last-Modified: tag– If origin server required HTTP authentication for
request, must have Cache-Control: public tag– Ideally also has an Expires or Cache-Control: max-
age tag
• FTP– Squid sets Expires time to fetch timestamp + 2 days
Non-cacheable objectsNon-cacheable objects
• HTTPS• HTTP– No Last-Modified: tag– Authenticated objects– URLs with cgi-bin or ? in them– POST method (form submission)
Transparent Proxying• Router forwards all traffic to port 80 to
proxy machine using a route policy• Pros– Requires no explicit proxy configuration in
the user’s browser• Cons
− Route policies put excessive CPU load on routers on many (Cisco) platforms
− Often leads to mysterious page retrieval failures
− Only proxies HTTP traffic on port 80; not FTP or HTTP on other ports