On 11/03/2015 3:09 a.m., Klavs Klavsen wrote: > Amos Jeffries wrote on 03/10/2015 02:48 PM: > [CUT] >>> ahh.. I was hoping to have a loadbalancer in front of squid (haproxy) - >>> to have failover, if squid server should fail.. >> >> In which case you would NOT be intercepting by Squid. The LB device >> would be doing that. The haproxy would be configured to pass traffic to >> Squid port 3128. >> >> Though, what happens if the haproxy device fails? all you've done is >> shift the bottleneck from Squid to both Squid and haproxy. >> > haproxy is performing a much less intensive task than squid.. and having > haproxy in front, allows me to add multiple squid setups if I want.. and > f.ex. to test a new setup on one squid - and then quickly fall back if > there's issues etc. > > with haproxy I use keepalived to handle HA - and since haproxy is a HA > setup we already use many places - it's something we have a fair > understanding of - making it the simple solution for us :) > > Also - we already have data collection setup for haproxy, so we get > counters for traffic automaticly feed in to our graphite setup :) > >> Squid has built in mechanisms for auto-restart if anything goes wrong. >> Its sometimes hard to see that anything has happened at all from a >> client perspective. The admin will just see some graph spikes in the >> service records and (if they look) a log message. >> > nice to know that squid handles this fairly well :) > >> >>> >>> I'm trying to read and understand: >>> http://wiki.squid-cache.org/SquidFaq/InterceptionProxy#Concepts_of_Interception_Caching >>> >>> >>> >>> when nat'ing - doesn't squid just get the rewritten package (which would >>> have port 3129 in the tcp dest. port field?) >> >> Squid gets a NAT-mangled TCP/IP SYN packet. It then uses the kernel to >> undo that mangling in order to contact the original destination IP on >> the outgoing connection from Squid. >> >> If the incoming detail (after un-mangling) was Squid itself, things loop. >> > so intercept mode is only used, if you actually do the nat'ing on the > same server as squid is running.. > > ie. I should use accel mode instead in my use case? No, in your setup the Squid is a regular forward-proxy servicing traffic sent to it explicitly by haproxy. If the overall system happens to be a CDN then also use cache_peer to configure Squid where to fetch the responses, or use split-DNS to make Squid resolve the internal server IPs differently from the clients. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
