Amos Jeffries wrote on 03/10/2015 02:48 PM:
[CUT]
ahh.. I was hoping to have a loadbalancer in front of squid (haproxy) -
to have failover, if squid server should fail..
In which case you would NOT be intercepting by Squid. The LB device
would be doing that. The haproxy would be configured to pass traffic to
Squid port 3128.
Though, what happens if the haproxy device fails? all you've done is
shift the bottleneck from Squid to both Squid and haproxy.
haproxy is performing a much less intensive task than squid.. and having
haproxy in front, allows me to add multiple squid setups if I want.. and
f.ex. to test a new setup on one squid - and then quickly fall back if
there's issues etc.
with haproxy I use keepalived to handle HA - and since haproxy is a HA
setup we already use many places - it's something we have a fair
understanding of - making it the simple solution for us :)
Also - we already have data collection setup for haproxy, so we get
counters for traffic automaticly feed in to our graphite setup :)
Squid has built in mechanisms for auto-restart if anything goes wrong.
Its sometimes hard to see that anything has happened at all from a
client perspective. The admin will just see some graph spikes in the
service records and (if they look) a log message.
nice to know that squid handles this fairly well :)
I'm trying to read and understand:
http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#Concepts_of_Interception_Caching
when nat'ing - doesn't squid just get the rewritten package (which would
have port 3129 in the tcp dest. port field?)
Squid gets a NAT-mangled TCP/IP SYN packet. It then uses the kernel to
undo that mangling in order to contact the original destination IP on
the outgoing connection from Squid.
If the incoming detail (after un-mangling) was Squid itself, things loop.
so intercept mode is only used, if you actually do the nat'ing on the
same server as squid is running..
ie. I should use accel mode instead in my use case?
[CUT]
--
Regards,
Klavs Klavsen, GSEC - kl@xxxxxxx - http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
