The Journey of a Network Engineer

Feb 23 2011   5:29AM GMT

How to design transparent proxy?

Sulaiman Syed Profile: Sulaiman Syed

Almost every organization uses proxy. The benefits of proxy servers are countless. Some of these benefits are mentioned:

  • Add Accounting
  • Add Authorization
  • Reduce the load on the external (wan) link

When the proxy is installed in transparent setup. it makes it easier for end users, since they don’t have to add the proxy in their browser, applications explicitly. After all, not all users are computers savvy.

Most proxy appliances can be used in transparent by few means.

  • By using WCCP
  • By using Policy Based Routing (multilayer switches)
  • By making proxy in bridge mode (in line with traffic going to router).

WCCP Cisco-developed content-routing protocol.

The main advantages:

  • Scalability—This feature allows clusters of up to 32 cache appliances.
  • Availability—Any cluster can be serviced by up to 32 different switches/routers. Load-balancing switches/routers are not required.
  • Ease of configuration—Caches and routers can automatically discover each other without explicit configuration.

The Disadvantages

  • drawback of WCCP is that some implementations are either not supported, or not supported very well in Cisco’s high-end switching routers.
  • It has documented a fair number of bugs and other implementation issues in specific Cisco IOS releases.
  • was not particularly consistent stability between various trains or train revisions

PBR is typically used as Cisco feature, although technically it is layer 4 routing. The advantages of using Cisco PBR:

  • Its forwarding throughput is higher than the WCCP approach in many cases, as PBR in the Cisco equipment can be supported through Cisco Express Forwarding (CEF). As a result, forwarding throughput can be in gigabit-per-second range.
  • Simplicity of configuration.


  • No mechanism to deal with failover.
  • Can’t load balancing.

Note: From various research, it is found that WCCP is preferred for resiliency, given that the appropriate implementation is conducted.

Making the proxy in line of traffic although sounds easy, it doesn’t come off as a practical design set up. It could be done in small networks. but when the network is handling thousands of users, such implementation get severely hindered and becomes ineffective.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: