Hi,
On a normal setup, both are forward proxies. As per the security design, the downstream proxy will be kept with the LAN (i.e. closer to clients) and Upstream will be in DMZ of Firewall. The downstream proxy will be doing content filtering, authentication etc and when it needs to pull data from outside, it will forward the request to the upstream proxy. This is commonly seen at companies where they want to enforce security polices which stops a single device from having communication with clients and outside world. There could be more reasons (Security or otherwise) for this to deployed.