[AusNOG] Comindico routing

Adrian Chadd adrian at creative.net.au
Wed Apr 23 11:49:36 EST 2008


On Wed, Apr 23, 2008, David J. Hughes wrote:
> 
> 
> On 23/04/2008, at 3:33 AM, Adrian Chadd wrote:
> 
> >Hah! And here I was, being told that australian ISPs don't roll
> >proxies/caches of any sort these days. Funny that..
> 
> TPG are in the vast minority on that front and it certainly is an  
> issue for some of their customers.  I've even seen their trans-proxy  
> break some HTTP based app's (offsite backup for example).  The fact  
> that the average user doesn't even know it's there certainly doesn't  
> help in the faultfinding process.

Quite a bit of work went into figuring out what will make Squid "transparent"
as far as HTTP is concerned, to the point of failing over to a pass-through
mode if the request doesn't look like HTTP.

Of course, I now hear this breaks Shoutcast, as it uses something that
resembles HTTP on request, but not-HTTP on reply. Bastards.

About the only breakage I hear about these days is related to DNS -
Squid does the DNS lookup itself and will always forward to that.
Some people with locally defined hostnames complain that the proxy stops them
accessing these and Squid can be patched to fail through to passthrough on
DNS resolve failure (and not cache anything!) but the consensus atm seems
to be that re-enforcing the DNS for transproxied stuff is a semi security
benefit..

(Trying to pretend to be TCP end-to-end (duplicating IP options, MSS
negotiation, port space, etc) should appear in the next 6 or so months.)



Adrian




More information about the AusNOG mailing list