Gontzal wrote:
Hi Abdul, As has been said the most simple solution is to use a PAC file, i'm using it at my company and balancing the connections depending on the subnet: subnet A goes throught proxy1 and subnet B goes throught proxy2. When proxy1 goes down, connections goes to proxy2, but it doesn´t sinchronyzes the information of the conections, so clients will have to stablish a new connection to proxy2.
Squid does not have connection synchronization capabilities between peers. No matter what form of load balancing/high availability you use, if one of your Squid servers dies, any active connections with that server will be dropped and the client will have to reestablish a new connection.
You have multiple examples of configuring a pac file on internet. Obviouslly this is not the best solution, it is not a load balancing depending on the amount of "charge" of each proxy.
A PAC file can be load balancing. See the Super Proxy Script from Sharp (http://naragw.sharp.co.jp/sps/).
For that you may need a solution including LinuxVirtualServer (LVS) + Heartbeat (like ultramonkey), with two virtual/physicall machines acting as load balancers in Active/Pasive mode (with heartbeat) connected to other two machines acting as proxys. For the final user it acts as an individual machine, with only one ip (virtual ip for the hole structure).
Okay so far.
It has another advantages, like the LB sinchronyzes the information of the connections throught UDP multicast, so if one server goes down, the other proxy have the information of the connection and the client doesn't have to restart the connection.
The load balancer might very well send the continuation of the TCP stream to Squid, but Squid will dump it due to the fact that it has no accounting of the connection. If you have an active/active Linux-HA setup (or even an active/passive) and one of the load balancing machines (or processes) dies, the existing connections will be maintained (as long as the Squid process is not affected).
Also is a HA solution. Also is good for stops due to updates, improves, fails, etc on your servers, its is completely transparent for the users.
For true transparency, you have to remove the Squid server from the cluster (which will prevent NEW connections from being established) and then wait for active connections to finish (which if you have customers listening to Internet Radio, this step can take a while). Then you can perform maintenance on it. Just shutting the Squid service down will disrupt active connections.
And you can increase easily the number of servers acting as proxys.
Changing a PAC file is just as easy (if not more so). The disadvantage the PAC file has is that it is only loaded when the browser starts.
Hope it can help you. Gontzal
Be aware if you decide to go the "multiple active proxies" route, there are any number of sites which don't understand (or accept) that HTTP is stateless and attempt to maintain a "session" based on source IP. If you load balance your traffic without some attempt at keeping connections "sticky" (such as using a source hash algorithm) or NATing all of your proxies outgoing traffic, you will experience trouble with such sites. Ask me how I know... :o)
Chris
