Search squid archive

Re: How to setup squid proxy to run in fail-over mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gontzal wrote:
Hi Abdul,

As has been said the most simple solution is to use a PAC file, i'm
using it at my company and balancing the connections depending on the
subnet: subnet A goes throught proxy1 and subnet B goes throught
proxy2. When proxy1 goes down, connections goes to proxy2, but it
doesn´t sinchronyzes the information of the conections, so clients
will have to stablish a new connection to proxy2.

Squid does not have connection synchronization capabilities between peers. No matter what form of load balancing/high availability you use, if one of your Squid servers dies, any active connections with that server will be dropped and the client will have to reestablish a new connection.

You have multiple
examples of configuring a pac file on internet.

Obviouslly this is not the best solution, it is not a load balancing
depending on the amount of "charge" of each proxy.

A PAC file can be load balancing. See the Super Proxy Script from Sharp (http://naragw.sharp.co.jp/sps/).

For that you may
need a solution including LinuxVirtualServer (LVS) + Heartbeat (like
ultramonkey), with two virtual/physicall machines acting as load
balancers in Active/Pasive mode (with heartbeat) connected to other
two machines acting as proxys. For the final user it acts as an
individual machine, with only one ip (virtual ip for the hole
structure).

Okay so far.

It has another advantages, like the LB sinchronyzes the
information of the connections throught UDP multicast, so if one
server goes down, the other proxy have the information of the
connection and the client doesn't have to restart the connection.

The load balancer might very well send the continuation of the TCP stream to Squid, but Squid will dump it due to the fact that it has no accounting of the connection. If you have an active/active Linux-HA setup (or even an active/passive) and one of the load balancing machines (or processes) dies, the existing connections will be maintained (as long as the Squid process is not affected).

Also is a HA solution.

Also is good for stops due to updates, improves, fails, etc on your
servers, its is completely transparent for the users.

For true transparency, you have to remove the Squid server from the cluster (which will prevent NEW connections from being established) and then wait for active connections to finish (which if you have customers listening to Internet Radio, this step can take a while). Then you can perform maintenance on it. Just shutting the Squid service down will disrupt active connections.

And you can increase easily the number of servers acting as proxys.

Changing a PAC file is just as easy (if not more so). The disadvantage the PAC file has is that it is only loaded when the browser starts.

Hope it can help you.

Gontzal

Be aware if you decide to go the "multiple active proxies" route, there are any number of sites which don't understand (or accept) that HTTP is stateless and attempt to maintain a "session" based on source IP. If you load balance your traffic without some attempt at keeping connections "sticky" (such as using a source hash algorithm) or NATing all of your proxies outgoing traffic, you will experience trouble with such sites. Ask me how I know... :o)

Chris

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux