Thank you for the reply, that is wonderful.
But what routing mark should I give the squid server ip?
The squid has to go through the mikrotik rb to access the internet.
Amos Jeffries <mailto:squid3@xxxxxxxxxxxxx>
12 October 2013 03:59 AM
On 12/10/2013 10:55 a.m., Dean Volt wrote:
I have a network that serves internet to 60 clients, all go through
a mikrotik rb which routes traffic according to MARK_ROUTING rule in
mangle.
So, Group1 goes thru WAN1, and Group2 goes thru WAN2 etc.
Now i want to setup a squid proxy to optimize browsing, but if i mark
routing of the squid ip to Group1, then ALL the traffic will go to
Group1 only.
Now do i have to have a squid server for each WAN connection?
No.
Or is there a way to have all the clients go via the proxy, and the
proxy chooses the WAN connection that matches the clients routing mark?
You can emit TOS/Diffserv values from Squid back to the router using
tcp_outgoing_tos which tell the router which group each particular
connection is part of.
Things to be aware of:
* HTTP persistence - any given TCP connection PROBABLY contains
multiple request transactions.
* HTTP multiplexing - any client->Squid request MAY go out any
Squid->Internet connection. Squid ensure that the destination server
and port are identical. But any two clients trying to reach the same
server may share a connection.
* TOS is applied per-request - an existing connection MAY be labeled
0x1 when it is setup and change to 0x2 halfway, then switch back to
0x1. Your routing setup needs to be capable of handling that. Many
ISP, yours probably included, prohibit TCP connections switching. It
operates this way because TOS is designed more for dynamic QoS speed
limitations over a connection lifetime than routing it around.
I highly recommend using squid-3.3 or later releases for this. With
the newer releases you can set tcp_outgoing_address based on the
incoming client details and Squid will ensure the persistent
connection matches both src and dst on the outgoing connection. Which
avoids all the above complications.
Amos
Dean Volt <mailto:voltdean@xxxxxxxxx>
11 October 2013 11:55 PM
I have a network that serves internet to 60 clients, all go through a
mikrotik rb which routes traffic according to MARK_ROUTING rule in
mangle.
So, Group1 goes thru WAN1, and Group2 goes thru WAN2 etc.
Now i want to setup a squid proxy to optimize browsing, but if i mark
routing of the squid ip to Group1, then ALL the traffic will go to
Group1 only.
Now do i have to have a squid server for each WAN connection?
Or is there a way to have all the clients go via the proxy, and the
proxy chooses the WAN connection that matches the clients routing mark?
Dean Volt <mailto:voltdean@xxxxxxxxx>
11 October 2013 11:51 PM
I have a network that serves internet to 60 clients, all go through a
mikrotik rb which routes traffic according to MARK_ROUTING rule in
mangle.
So, Group1 goes thru WAN1, and Group2 goes thru WAN2 etc.
Now i want to setup a squid proxy to optimize browsing, but if i mark
routing of the squid ip to Group1, then ALL the traffic will go to
Group1 only.
Now do i have to have a squid server for each WAN connection?
Or is there a way to have all the clients go via the proxy, and the
proxy chooses the WAN connection that matches the clients routing mark?
