Search squid archive

Re: Loadbalance & Failover between parent proxies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 11/07/2013 2:54 a.m., Nishant Sharma wrote:

Hi,

I have two parent proxies configured. Parent 1 is on a faster link while
Parent 2 is on a DSL.

Squid 3.1.20 is the child proxy while Parent proxies are 3.1.6.

I have some domains which need higher priority and should be failed-over
and rest all of the traffic can be load-balanced.

Here is my configuration snippet:

-----------------
cache_peer 10.27.0.1 parent 8082 0 no-query no-digest connection-auth=on
login=PASSTHRU round-robin proxy-only

cache_peer 10.28.0.1 parent 8082 0 no-query no-digest connection-auth=on
login=PASSTHRU round-robin proxy-only

prefer_direct off
nonhierarchical_direct off

cache_peer_access 10.27.0.1 allow highpriodomains
cache_peer_access 10.27.0.1 deny bulkupdatedomains

cache_peer_access 10.28.0.1 allow bulkupdatedomains

cache_peer_access 10.27.0.1 allow all
cache_peer_access 10.28.0.1 allow all
------------------

I would like highpriodomains to go to Parent 1 (10.27.0.1) and only go
to Parent 2 (10.28.0.1) when Parent 1 is detected dead. But when I see
the logs on the Parents, I see requests to highpriodomains also getting
load-balanced.


You configured "round-robin".
http://wiki.squid-cache.org/Features/LoadBalance#Round-Robin



Also, when either of the parent is detected dead, all traffic should go
to the live Parent, while bulkupdatedomains can take a hit for the time
while faster link Parent is down.

Could someone please suggest the ACLs/configuration that I can put in
place to achieve what I want to?


I don't think that will be possible in exactly that way.
You can set a failover preference by ordering the peers in squid.conf like above and also push the bulk traffic to using the #2 peer with a deny like above. But you cannot "undo" that denial once it has been configured. 

To achieve your policy, but without bulk being able to failover, simply:
 * remove the "round-robin" option from your cache_peer lines.
NOTE: for better performance you can remove cache_peer_access rule sets which *only* contain "allow" rules. Such as the rules for peer 10.28.0.1. Squid default is to allow so processing a lot of ACL checks to do the default operation is just a waste of CPU cycles. Also, unless highpriodomains is whitelisting some sub-domains in bulkupdatedomains you can remove the two allow rules on peer 10.27.0.1 as well. Just deny the bulk sites and let the rest of the traffic go to that peer. 

Amos
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux