Hi,
i'm trying to achieve some sort of multi-uplink caching-solution
for a company office with 3 uplinks of different speed.
Squid 3.1.6 on Debian Squeeze.
Simplified network-topology looks like this:
|proxy1| |proxy2| |proxy3| ----|Uplink1| slow, fixed IP
| | | /
---------------------------- ----
| Switch |---|GW|---|Uplink2| cellular, dyn IP
---------------------------- ----
| | | \
|client1| |client2| |proxy0| ----|Uplink3| fast, dyn IP
\----------- Company LAN -----------/
In reality there are more switches and way more users involved
and Uplink3 is not there yet but coming in the next days because
bandwith is an issue.
GW box is NAT'ing the LAN and does *policy* routing:
Source-IP == proxy1? -> Use Uplink1
Source-IP == proxy2? -> Use Uplink2
Source-IP == proxy3? -> Use Uplink3
This means, if proxy1 does a DIRECT to contact Origin servers,
connection is going out on Uplink1. Proxy2 is routed to Uplink2 etc.
The requirement reads like this:
a) When clients use proxy0
1. company domain .example.com on the internet should be
reached via fixed IP (UL1)
2. .otherstuff.tld is to be fetched over UL2.
3. .youtube.com and .github.com is to be fetched over UL3.
4. Other traffic should use UL3.
5. If an Uplink is down any other Uplink should be used.
b) When clients use proxy1 all stuff is to be fetched over UL1
c) When clients use proxy2 all stuff is to be fetched over UL2
d) When clients use proxy3 all stuff is to be fetched over UL3
e) Cache objects should not be stored on multiple servers
In general users will use proxy0 as their proxy server. some developers
sometimes have to test things on the internet with different client IP
addresses so they are allowed to use e.g. proxy3 to get out with a
dynamic client IP.
My config so far looks like this:
on proxy1:
cache_peer proxy2.local sibling 8080 3130 proxy-only
cache_peer proxy3.local sibling 8080 3130 proxy-only
on proxy2:
on proxy3:
accordingly
on proxy0:
cache_peer proxy1.local parent 8080 3130 no-query proxy-only
cache_peer proxy2.local parent 8080 3130 no-query proxy-only
cache_peer proxy3.local parent 8080 3130 no-query proxy-only default
never_direct allow all
cache_peer_domain proxy1.local .example.com
cache_peer_domain proxy2.local .otherstuff.tld
cache_peer_domain proxy3.local .youtube.com .github.com
a) 1-3 works
a) 4 doesn't work:
on proxy0:
Failed to select source for 'http://www.google.com/'
always_direct = 0
never_direct = 1
timedout = 0
a) 5 doesn't work. as soon as e.g. proxy3 does down, proxy0 complains
that it can't connect to an intermediate proxy server.
This is expected with the current config.
b)-e) works
So here are my questions:
What do i have to change to make the default parent work?
Is a) 5 possible with squid? adding round-robin to all peers
in proxy0's config didn't change anything. when proxy3 is down
www.youtube.com can't be accessed when client uses proxy0.
Besides these 2 things is there anything you would do completely
different?
Is the no-query option on proxy0's cache_peers ok?
#
# Simpler Solution?
#
I guess in this scenario i could also replace all 4 proxy servers
with only one squid server with 3 different IP addresses and select
tcp_outgoing_address according Origin domain names.
The gateway would then choose the uplink according to squids
outgoing ip address.
To solve b)-d) one could make squid listen on 3 additional ports
and choose tcp_outgoint_address according to acl myport, right?
Mhh, maybe i should give this all-in-one approach a try.
I checked the FAQ and Wiki but coudn't find this scenario.
Please point me in the right direction.
Thanks!
Marcel Meckel.
