Hi Balazs, Thanks. I think this project is going to be fun. -- Diego On Friday 25 July 2008 05:13:48 Balazs Scheidler wrote:
On Mon, 2008-07-21 at 17:22 -0300, Diego M. Vadell wrote:
Hi, We have a satellite link between an ethernet networks full of windows PCs and the internet. Windows PCs don't have it's TCP stack optimized for a satellite link (i.e. 700ms delay, 3Mbps) so they barely use it (they wait for acks and use a little sliding-window, so the rtt kills the throughput). Our ISP uses something called a PEP,: a tcp proxy that answers all the LAN's tcp connections. This PEP is well optimized, so it can fully use the satellite link and feed the ethernet PCs at full speed. This page:
http://www.sonet.at/dsdsl-vpn/dsdsl-vpn.htm
explains the problem with more detail.
Everything works OK except when we put a VPN to connect this place with another office. The PEP is on the ISP's side, so it sees IPSEC traffic. So I want to make a PEP (or say, a proxy that can transparently proxy any tcp connection) in the inside.
From reading I think it can be done: haproxy has tproxy support, so I could tproxy everything to haproxy, and tune the TCP stack of the proxy for the satellite link. But as I have never done it, I thought I may ask: Am I missing something horribly big here?
If I understand you correctly, then no, you are not missing anything. It is possible to do that, as a proxy uses separate TCP connections on the server and the client side. And provided your box is tuned for high-latency links for its server side connection, the clients will also benefit.