Last Modified: 26-Nov-2007; 11:27 WST; adrian
A checklist of things to do when you're running a WCCPv2 enabled transparent proxy.
Transparent proxies need to be as transparent as possible. This document outlines various things to do to maximise network transparency. This does not cover HTTP protocol transparency.
It is a placeholder for now. This document will be fleshed out fully over time.
- Disable ECN
- Set the default route to have an MTU below 1500 - this is to deal with slightly broken PMTU (eg ICMP filtering; broken upstream link MTU somewhere at layer -2-; avoiding fragmentation issues with GRE packet redirection/return)
- Disable window scaling (perhaps limit window scaling to a factor of 2?)
- Squid: set httpd_accel_no_pmtu_disc to on.
- Tests for ECN, PMTU (so ECN/PMTU can be enabled in general but disabled for specific hosts)
- A test for Window Scaling (RFC1323) so it can be enabled by default