On Mon, 12 Sep 2011 18:40:39 +0430, spaceman wrote:
Dear Sir or Madam,
Firstly i would like to apologize for my poor english
Your English is fine, your emailer formatting needs some fixing. ;)
I want to load balance two isp connection with one linux
squid proxy server.Load balancing and failover is ok using shorewall
firewall.My network setup is here
Problem: load balancing in two independent pieces of software is very
tricky. Particularly when one of the two (Squid) does not support
multi-homed load balancing such as you are attempting.
eth0 is for LAN
eth1 is for A internet connection It use
Parent-A upstream parent proxy server
eth2 is for B internet connection It use
Parent-B upstream parent proxy server
I user Fedora Core 10 and Shorewall Firewall
(www.shorewall.net) .
Shorewall automatically load balance and failover outgoing
internet gateway.
Squid duplicates this operation.
Problem: The Shorewall recovery methods will break the Squid failure
detection. Causing Squid to miscalculate traffic loads on each upstream.
Leading to un-balanced connections.
Now i want to set up squid proxy server.
My problem is that each internet connection has seperate
parent proxy.
So i want to route,match or map A internet gateway request
to Parent-A upstream parent proxy server and B internet gateway
request to Parent-B upstream parent proxy server in squid proxy.
I think i must be use
cache_peer
cache_peer_access
tcp_outgoing_address
but no sure .i have test so many
times but fails
Any help would be great.With best regards
To work with the upstream proxies you need a cache_peer for each parent
proxy. With a flag for one of the load balancing algorithms
(http://wiki.squid-cache.org/Features/LoadBalance) to split the traffic.
* tcp_outgoing_address is not useful. Shorewall needs only to perform
NAT to MASQUERADE the IP for the appropriate WAN interface.
* Failure detection and recovery is performed by the Squid balancing
algorithm (wiki has details of how). Depending on your Squid version the
cache_peer connect-fail-limit controls how many failures are required
before an upstream is stopped being used, default is 10 attempts.
Note that Squid operates on a per-request basis. Not bytes. So if you
need byte/bandwidth balancing Squid and the parent proxies are going to
clash with Shorewall where byte balancing is best done.
Theoretically you might be able to feedback TCP load information to
Squid by blocking (with reject, not drop) of new connections to an
overloaded parent in Shorewall. This could improve the worst loading
imbalances. Risky though and untested.
Amos
