On Wed, 2005-02-23 at 00:05 +0100, Henrik Nordstrom wrote: > On Tue, 22 Feb 2005, Marco Crucianelli wrote: > > > Well, I'm sure not that ggod in squid configuration, but thinking about > > a layer 7 switching solution using virtual IP, to let squid answer to > > clients request directly I should use a TCP handoff. > > Yes... > > > In such a case, > > squid needs to use the virtual IP address to answer to clients (binding > > squid instance to the virtual IP in squid.conf) while, to speak with its > > cache_peer it needs to use its real IP address (using something like > > udp_incoming_address and udp_outgoing_address in squid.conf). > > You don't need to bind Squid to the virutal IP. You may if you only want > Squid to answer to the virtual IP and not the real IPs, but it is not > required. You are extremely right! That way, I mean binding squid on the virtual IP, I make it answer only to the virtual IP, otherwise squid answer to all possible active interface. > > > While, not using wirtual IP solution but natting only, I don't need > > neither to bind squid to wirtual IP nor to change udp_incoming and > > outgoing_address. > > You do not need to if you use a virtual IP either. > > All the gory details of the virtual IP is handled by the OS, and even > there it isn't that much special about it (just a secondary IP on the same > server). Only if the servers is on the same network segment as the L7 > switch publishes the virtual IP on is some small amount of care needed at > the OS level to make sure the servers do not respond to ARP on the virtual > IP. Only the L7 switch should respond to ARP for the virtual IP. If the > servers is on a separate network behind the L7 switch then the ARP problem > is not an issue and can be ignored. > > Regards > Henrik Sometimes I do feel like I'm abusing you!!! :) I do thank you Henrik, this was exactly what I was trying to say! Even if it was not that clear to me...now it is! ;) Thanks you! Marco
