Re: Squid Link/Route probe

[Etienne Pretorius <etiennep@xxxxxxxxxxxxxx>]

Amos Jeffries wrote:
> > Amos Jeffries wrote:
> >     
> > > Etienne Pretorius wrote:
> > >       
> > > > Hello all,
> > > >
> > > > I am just wandering, if you have multiple uplinks to your provider
> > > > can you make squid send a probe for each request on all the links and
> > > > then let it use the fastest link to retrieve HTTP data? I suspect it
> > > > is possible, but at this moment I do not see how.
> > > >         
> > > Should be easy enough to extend the new pinger a little for that.
> > > How would you see the configuration working? based on squid's
> > > configured tcp_outgoing_address(s)?
> > >
> > > If you want to take it up, please do so or submit the idea as a
> > > feature request in bugzilla.
> > >
> > > Amos
> > >       
> > All that need to be done is just to get first one of the
> > tcp_outgoing_address complete a SYN,ACK sequence to the remote host.
> > As policy based routing could play in quite nicely for fine tuning. I
> > will submit the idea to bugzilla as a feature request.
> >     
>
> Doubling (at least) the TCP handshake delays is not quite the ideal
> solution it seems for a couple of reasons:
>  - TCP has those annoying TIME_WAIT delays at each network node, which
> means you would be holding up two complete control paths across the 'Net
> for every request. This has the potential be an major DoS problem for
> high-request servers or routers, even outside of Squid.
>  - Squid handles each TCP stream seperately and Async. Thats been a big
> hurdle for the persistent and pinned connection features.
>
> On the other hand, Squid already has some very crude fastest-source
> detection using ICMP in some of the peering algorithms. It would be much
> simpler to extend it to key local-IP/source/RTT instead of just source/RTT
> and run the algorithm on DIRECT requests.
> And yes, I am aware of the legacy problems with some networks blocking
> ICMP. Those could be resolved in a way by limiting the hop distances and
> with ICMP service agreements on those upstream links.
>
> Amos
>
>   
I see, and having the LINGER option do away with the tcp timewait brings 
complexity to an already complex
code base... but ICMP will serve the right purpose and for this feature 
without the TCP tear down overhead.
Anyway, ICMP should be fine and paranoid Network Admin must first 
understand what ICMP is before blocking
it out right - all in all not really squid's problem, if all the routes 
have failed then fall back on squids existing
connection management algorithm by attempting a TCP connection using 
only one of the tcp_outgoing_address(es).

Kind Regards

Etienne Pretorius
Network Administrator

<http://www.kingsley.co.za>