On Tue, 07 Sep 2010 04:00:16 +0000, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On Tue, 7 Sep 2010 08:54:16 +0800, Tirazona Ludwig Johann > <ljbtirazona@xxxxxxxxxxx> wrote: >> (Note: Bazazath is 172.16.11.1, and Zachriel is 172.16.11.3) >> >> I haven't been able to find a solution to this, so I thought I would ask >> this here: >> >> We have two squid servers on our network (runninng 3.1.7), transparently >> proxying HTTP requests. They are peered as siblings. They restart >> intermittently, most of the time alternately. >> >> 172.16.11.3 Produces this error: " assertion failed: stmem.cc:247: >> "target.range().end > target.range().start" " . 172.16.11.3 then > restarts >> the squid server and then 172.16.11.1 spits out this error: >> > > There were range overflow fixes in 3.1.8. Please try an upgrade. > >> 2010/09/06 17:06:45| WARNING: Forwarding loop detected for: >> GET /squid-internal-dynamic/netdb HTTP/1.1 >> Host: 172.16.11.1:3128 >> Via: 1.1 ZachrielSquid.intranet.uplb.edu.ph (squid/3.1.7), 1.1 >> BazazathSquid.intranet.uplb.edu.ph (squid/3.1.7), 1.1 >> BazazathSquid.intranet.uplb.edu.ph (squid/3.1.7), 1.1 >> BazazathSquid.intranet.uplb.edu.ph (squid/3.1.7), 1.1 >> BazazathSquid.intranet.uplb.edu.ph (squid/3.1.7), 1.1 >> BazazathSquid.intranet.uplb.edu.ph (squid/3.1.7), 1.1 >> BazazathSquid.intranet.uplb.edu.ph (squid/3.1.7), 1.1 > > This is just as serious and may be causing the problem to be more > noticable. > The request indicates that 172.16.11.1 / > BazazathSquid.intranet.uplb.edu.ph has become extremely confused about what > to do. > > Check that you: > * have "via on" in both proxies > * are using port 3128 for sibling communications and properly configured > client requests > * are using a different (secret) port for the NAT traffic from the > firewall > [this port ONLY needs to be known to the firewall NAT rule and > squid.conf] > * are NAT'ing only port 80 into the proxies > * are excluding any requests sent by both proxies from the NAT rule > * that rDNS for 172.16.11.1 resolves to the proxy hostname > BazazathSquid... > * that DNS lookup for BazazathSquid... resolves to 172.16.11.1 > * vice-versa for DNS of the other sibling. > > Preferably all of the above can be answered with a "yes". > > I'll take a look through the loop detection code as to why BazazathSquid > is not detecting it anyway. > > Amos I forgot to mention, you can also add "no-netdb-exchange" to the cache_peer lines to prevent these particular requests from cloggign up the pipes until we get this resolved properly. This wont prevent loops, but will cut down the number of sibling requests which are aggravating it. Amos
