Michael Bowe wrote:
-----Original Message-----
From: Henrik Nordstrom [mailto:henrik@xxxxxxxxxxxxxxxxxxx]
Sent: Friday, 5 March 2010 7:08 AM
To: Michael Bowe
Cc: squid-users@xxxxxxxxxxxxxxx
Subject: RE: Regarding wccp
tor 2010-03-04 klockan 12:25 +1100 skrev Michael Bowe:
I think you have the hash stuff wrong, isn't service 80 meant to be
src_ip_hash and service 90 meant to be dst_ip_hash?
no, 80 is usually the normal www service interception, which is a
dst_ip_hash.
but it doesn't matter very much as long as you have the combination of
both src_ip_hash and dst_ip_hash.
As hinted at on the wiki, with TPROXY I reckon there is a gotcha you have to watch out for when you have more than one squid.
80 dst_ip_hash
90 src_ip_hash
Ties a particular web server to a particular cache
80 src_ip_hash
90 dst_ip_hash
Ties a particular client to a particular cache
The problem with the 1st way is this :
Say a client wants to access http://some-large-site, their PC resolves the address and gets x.x.x.1
GET request goes off to the network, Cisco sees it and hashs the dst_ip.
Hash for this IP points to cache-A
Router sends the request to cache-A. This cache takes the GET and does another DNS lookup of that host. This time it resolves to x.x.x.2
Cache sends request off to the internet
Reply comes back from x.x.x.2, and arrives at the Cisco. Cisco does hash on src_ip and this happens to map to cache-B
Reply arrives at cache-B and it doesn’t know anything about it. Trouble!
If you only have 1 TPROXY cache, either way works OK. If you have more than one cache I reckon you need to use the 2nd way?
Michael.
Wonderful. Thank you for this most excellent description too.
Updated the wiki.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE7 or 3.0.STABLE24
Current Beta Squid 3.1.0.17