> -----Original Message----- > From: hendrik [mailto:hendrik@xxxxxxxxxxxxxxxxx] > Sent: Wednesday, May 11, 2005 2:03 AM > To: Kevin > Cc: Squid Users > Subject: Re: [squid-users] loadbalancing multiple uplinks > > > Kevin wrote: > >>On 5/11/05, Hendrik Voigtländer <hendrik@xxxxxxxxxxxxxxxxx> wrote: >> >> >>>I need some help for deploying a second uplink. >>> >>>My setup is a simple: >>>A squid-backed to which users connect to use the net. >>>This squid forwards all traffic to a parent squid which is hooked up to >>>an ADSL-line. Works perfect. >>> >>> >> >>Can you explain the reasoning behind having a "backend" Squid server, >>separate from the "parent" Squid? Do both layers have similar policies >>for cache object size limits and cache_replacement_policy? >> >> >> > Security: The backend squid is located within the LAN and is separated > from the parent by a firewall. > Fallback: The backend squid can use another, very reliable line (not > ADSL) if the parents are down. > The parent is non-caching squid passing all traffic to the ADSL line. > >>>But now we will get a second a line as we need more bandwith. The >>>question is: What is the easiest and proven way to realise load balancing? >>> >>>I have done some experiments with round-robin parents (2 adsl line = 2 >>>parent proxies) but apparently some web application such as some >>>webmail-services are confused if they accessed from two different >>>ip-addresses simultanously. >>> >>> >> >>You might be able to get sufficient "stickiness" (so a given webmail session >>will tend to always make connections via the same parent rather than going >>round-robin) if you compile with --enable-icmp and configure the parent >>statements with closest-only. I have not tried this myself. >> >> >> > Sounds nice, but needs some testing. > >>>My next idea would be to deploy some sort of routing at the parent >>>squid, which would be hooked up to both lines. IMHO prone to errors. >>> >>>I think I could setup two independent proxy chains (2 squid-backend, ech >>>connected to a parent squid connected to an adsl-line) and use the >>>proxy.pac for load-balancing. Sounds pretty easy, but I am not sure. >>> >>> >> >>This approach seems popular. Also, if your PAC lists both parents in >>each return (e.g. return("PROXY 10.1.1.1:3128;PROXY 10.1.1.2:3128");) >>you also get failover behavior. You just need to add logic into the PAC >>(or in the server returning the PAC to the client) so different >>clients try their >>parents in different orders. >> >> >> > Yes, I think I will seperate the client by subnets. On the other hand > doubling the number of squid installations will double the amount of > work/maintenance etc. > Failover is a nice feature but not requested by the clients. > > Any other ideas? > > Regards, Hendrik Voigtländer If you figure out how to differentiate traffic on the outer squid (I imagine that it sees traffic as all sourced from the firewall IP) then the tcp_outgoing_address would do what you want... # TAG: tcp_outgoing_address # Allows you to map requests to different outgoing IP addresses # based on the username or sourceaddress of the user making # the request. An external acl that checks the X_FORWARDED_FOR headers might be one method of differentiating traffic. Authentication would be another. Chris
