Re: parent request order

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

On 20/06/2013 12:02 a.m., T Ls wrote:
> Hi,
>
> we are using squid (S_{1,2,3}) to connect our sites to the internet 
> via parent proxies (P_{1,2}), there is no direct line to the internet. 
> The constellation looks something like this:
>   (P_1)     (P_2)
>     |        / \
>  /-----------------\
>  |  | W A N |   |  |
>  \-----------------/
>     |       /   \
>   (S_1)  (S_2) (S_3)
>     |      |     |
>   (N_1)  (N_2) (N_3)
>
> the mapping S_i <=> P_j is fix and I can't change it. In S_1 config, I 
> have the line:
>
> cache_peer P_1 parent 80 0 no-query default
>
> If one parent fails (e.g. P_1), we force all clients in N_1 to use S_2 
> (by AD policy). This procedure works, but there are two major drawbacks:
> a) we have to make this switching manually (and also the swich back, 
> after P_1 recovers)
> b) S_2 has to handle N_1+N_2 traffic
>
> What I want to do is:
> a) switch to alternative parents automatically
> b) in case of P_1-failure: distribute N_1-traffic over S_2 and S_3
> c) in normal operation send all requests to P_1 and no requests to S_2 
> or S_3
>
> Because of c), I can't declare S_{2,3} as sibling (as far as I 
> understand the function of a sibling and the peer selection methodes), 
> so I changed the S_1 config to:
> cache_peer P_1 parent 80 0 no-query
> cache_peer S_2 parent 80 0 no-query
> cache_peer S_3 parent 80 0 no-query
>
> I think, this fits to a) and b) (because a client request is send to 
> FIRST_UP_PARENT), but this will not fit to c) perfectly (may be S_2 is 
> FIRST_UP_PARENT, but it still has to fetch the data from P_2, so the 
> data for N_1 passes the line of S_2 two times and this should not 
> happen).
>
> Can basetime=x at the P_1-line make sure, that P_1 is always choosen 
> in normal operation?
>
> Any other ideas?

For each S_* order the sources as parent cache_dir according to the 
preferred order of failover.
Also, in the cache_peer_access for each peer link add a rule preventing 
any traffic which arrived from an S_* peer to be sent back.

S_1 config:
  acl fromPeer src <IPs of S_1,2,3>
  cache_peer P_1 ...
  cache_peer_access P_1 allow all
  cache_peer S_2 ...
  cache_peer_access S_2 allow !fromPeer
  cache_peer S_3 ...
  cache_peer_access S_3 allow !fromPeer

S_2 config:
  acl fromPeer src <IPs of S_1,2,3>
  cache_peer P_2 ...
  cache_peer_access P_2 allow all
  cache_peer S_1 ...
  cache_peer_access S_1 allow !fromPeer
  cache_peer S_3 ...
  cache_peer_access S_3 allow !fromPeer

... etc.


Amos