The proxy server of the university computer room erection

Classroom, teaching base, laboratory, room and so on about dozens of, network computer up to more than 3,000 units. Our school currently exports 2, a rate of 10M bps, through the fiber-optic access to the Chinese Education Research Network cernet, another rate of 4M bps connected to China Telecom.

First, the user's needs:

The subject of the campus network of our school is the students and teachers in the school. According to statistics, about 80% of users use WWW, FTP and other resources. Our school existing chinanet IP 126, it is impossible for all users to use. Setting up a proxy server to enable all users to use network resources is the simplest and relatively safe and reliable method. Through the establishment of a dedicated WWW (FTP) agent to meet the user's main needs, through the erection of SOCKS5 agents to meet the needs of users.

Second, hardware and software selection

Hardware

Cache server can be a common PC server plus cache software (such as squid, Inktomi) composition, can also be a hardware and software system and a dedicated cache server. According to the actual situation of the export of chinanet, the maximum incoming data per second is about 500k/s for the 4Mbps rate exit. The backbone of our school network nodes for the double gigabit connection, to reach some of the laboratory is hundred trillion, to reach the hostel for 10M. The maximum amount of data sent is approximately 12m/s. The amount of data transferred is not very large, and using a traditional IA32 architecture server can meet the requirements. The mainframe room of our school Network Center uses the cabinet to store the server. HP's LH6000 server, with a strong scalability, is a new type of server. The proxy server is not heavily computational, and requires a higher level of IO. This requirement can be achieved through a custom configuration LH6000. By using RAID, you can improve disk performance and increase the reliability of your data. The proxy server software consumes a large amount of memory. LH6000 can support 8GB of memory. The final selection is configured as follows:

Configuration

Processor: Intel Pentium III Xeon 700MHz processor with 1 100MHz system bus

Memory: 1G PC-133 ECC SDRAM

Disk controllers: Integrated dual-channel ULTRA3 SCSI HP netraid controller with 32MB cache

Additional single channel: Ultra Wide SCSI Controller

Built-in storage: Hot-swappable 5x18g semi-high drive

Network card: Built-in Intel 82559 100M network card

Power supply: 3 hot-swappable power Supplies

RAID uses the RAID5 mode, which writes data to the disks in the array, and parity data is stored on each disk in the array, allowing a single disk to go wrong. RAID 5 is also a data parity to ensure data security, but it is not a separate hard disk to store data parity bit, but to the data section of the check bit interaction on each hard disk. In this way, any hard drive that is damaged can reconstruct the corrupted data based on the parity bit on the other hard disk.

Software

Squid Internet Object Cache (a later version of Harvest Project) is a research program that the U.S. government has been heavily instrumental in. Squid is an open source proxy server software. It is a fully functional proxy server software running for UNIX systems. It can be cached for HTTP protocols, FTP protocols, and other protocols that use URL positioning. It enables the client to use the SSL protocol for data transfer. It can use the ICP, HTCP, CARP, Cache Digests and other protocols and methods and other running Squid server to collaborate. It supports SNMP protocols and can be coordinated and managed using the appropriate software. And can configure a detailed access control list (ACL).