On 7/31/2012 12:50 PM, Jannis Kafkoulas wrote:
Thanks for the quick answer!
Now I see that I didn't express myself precisely enough :-(
"to also go via cache_peer par-alt." wasn't meant as an alternative (either or) but as "as well as the domain ".fa-intracomp.net" :-)
in other words, abc.intracomp.com should be directed only to par-alt.
...
thanks
so it's pretty simple..
as the acls goes for first "HITS" there is nothing to trick the splay
trees but just use a more explicit ACLS with a "deny" one first.
##start
acl alt dstdomain .fa-intracomp.net
acl std dstdomain .intracomp.com
acl alt-2 dstdom_regex -i abc.intracomp.com
cache_peer 192.10.10.22 parent 3128 0 no-query login=PASS
proxy-only no-digest name=par-std
cache_peer 192.10.10.22 parent 80 0 no-query login=PASS
proxy-only no-digest name=par-alt
#first use an explicit dney for the abc...
# so first this domain will not pass using this proxy
# then allow the other proxy.
# and it's recommended to separate the acls for the two proxies.
cache_peer_access par-std deny alt-2
cache_peer_access par-alt allow alt-2
cache_peer_access par-alt allow alt
cache_peer_access par-std allow std
##end
i would put it in my squid.conf in another order for it t be more
understandable for the human eye\mind to match the algorithm that squid
uses for acls.
##start
#acls part with notes about purpose of each acl if neede.
acl alt dstdomain .fa-intracomp.net
acl std dstdomain .intracomp.com
acl alt-2 dstdom_regex -i abc.intracomp.com
#cache peers part:
#cache peer 1
cache_peer 192.10.10.22 parent 3128 0 no-query login=PASS
proxy-only no-digest name=par-std
#cache peer 1 acls
cache_peer_access par-std deny alt-2
cache_peer_access par-std allow std
#....
#cache peer 2
cache_peer 192.10.10.22 parent 80 0 no-query login=PASS
proxy-only no-digest name=par-alt
#cache peer 2 acls
cache_peer_access par-alt allow alt-2
cache_peer_access par-alt allow alt
##end
so you do know which proxy will match first explictly
you will have the acls ordered per cache_peer and there for you see
better how squid will approach to the cache_peers.
Regards,
Eliezer
--- El Lun 30/7/12, Amos Jeffries <squid3@xxxxxxxxxxxxx> escribió:
De: Amos Jeffries <squid3@xxxxxxxxxxxxx>
Asunto: Re: How to trick splay trees?
Para: squid-users@xxxxxxxxxxxxxxx
Fecha: Lunes 30 de Julio de 2012 15:25
On 31/07/2012 1:25 a.m., Jannis
Kafkoulas wrote:
Hi,
(I use squid 2.7. STABLE9 on RedHat EL 5.6)
Following problem:
I have following dstdomains defined
going to par-std and par-alt cache_peers
respectively:
acl alt dstdomain .fa-intracomp.net
acl std dstdomain .intracomp.com
Now I'd like "abc.intracomp.com" to also go
via cache_peer par-alt.
Following two tries didn't work:
# acl alt-2 dstdom_regex -i abc.intracomp.com
# acl alt dstdomain abc.intracomp.com
The dstdomain one is faster. Both are correct for your
requested policy.
The key word you stated being "also" ...
The requests were sent to par-std cache_peer
cache_peer 192.10.10.22 parent
3128 0 no-query
login=PASS proxy-only no-digest name=par-std
cache_peer 192.10.10.22 parent
80 0 no-query
login=PASS proxy-only no-digest name=par-alt
cache_peer_access par-alt allow alt-2
cache_peer_access par-alt allow alt
cache_peer_access par-std allow std
Is there a way for that to work at all?
Unless given some specific selection algorithm (digest, ICP,
hshes,
carp, roundrobin etc) Squid lists peers in configuration
order when
attemping to pass traffic.
As I said above the key word in your policy statements is
"also" - with
both peers *available* for use Squid will pick the first one
that works.
With par-std being listed first your logs will show it being
used until
such time as it becomes unresponsive or overloaded. Then
par-alt will
pick up the slack for that one domain.
I think you are looking at the logs and seeing only par-std,
thinking
its not working when actually it is. You can test by
changing the order
of cache_peer definitions in your config and seeing the
preferred peer
switch to the par-alt when the new ACL is added.
NOTE: you canot send a request via *both* using TCP unicast
links, just one.
Amos
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il