Squid with SMP, CARP and a forwarding loop

[Mike.Hodgkinson@xxxxxxxxxxxx]

I have been attempting to setup a squid
forward proxy with one frontend and two backends as per configuration example
http://wiki.squid-cache.org/ConfigExamples/SmpCarpCluster

My issue is that only the first attempt
comes from the cache and then additional requests are downloaded direct
by the frontend instead of from the backend caches. I suspect it is due
to a detected forwarding loop which shows up in the logs:

2015/10/30 13:07:49.239 kid1| 44,3|
peer_select.cc(137) peerSelect: e:=XIWV/0x7f7bfee2e730*2 http://127.0.0.1:4002/squid-internal-dynamic/netdb
2015/10/30 13:07:49.239 kid1| 20,3|
store.cc(466) lock: peerSelect locked key 64AAA11C8DEF57153B10BA2C9D2F3D60
e:=XIWV/0x7f7bfee2e730*3
2015/10/30 13:07:49.240 kid1| 44,3|
peer_select.cc(441) peerSelectFoo: GET 127.0.0.1
2015/10/30 13:07:49.240 kid1| 44,3|
peer_select.cc(468) peerSelectFoo: peerSelectFoo: direct = DIRECT_YES (forwarding
loop detected)
2015/10/30 13:07:49.240 kid1| 44,3|
peer_select.cc(477) peerSelectFoo: peerSelectFoo: direct = DIRECT_YES
2015/10/30 13:07:49.240 kid1| 44,2|
peer_select.cc(258) peerSelectDnsPaths: Find IP destination for: http://127.0.0.1:4002/squid-internal-dynamic/netdb'
via 127.0.0.1

I can force the backend caches to be
used successfully with this option "never_direct allow all" however
I would like to resolve the underlying issue.

I have no iptables configured on this
server and have made sure the environment variable http_proxy is not set.
Also I have tested this on Squid 3.4.8 and 3.5.10 on Debian.

My config is below:
#/etc/squid/squid.conf#
debug_options = ALL,3
cachemgr_passwd eight22 all
acl localnet src 10.1.0.0/16
acl localnet src 10.2.0.0/16
acl localnet src 192.168.0.0/23
acl localnet src fe80::/10
acl squid_servers src 10.1.209.0/24
acl SSL_ports port 443    
     # https
acl SSL_ports port 8443    
    # Unifi/Non-standard https
acl SSL_ports port 5222    
    # Jabber
acl SSL_ports port 10000    
   # Webmin
acl SSL_ports port 10443    
   # Non-standard https
acl SSL_ports port 18080    
   # PMX
acl SSL_ports port 28443    
   # PMX
acl Safe_ports port 80    
     # http
acl Safe_ports port 21    
     # ftp
acl Safe_ports port 443    
    # https
acl Safe_ports port 70    
     # gopher
acl Safe_ports port 210    
    # wais
acl Safe_ports port 1025-65535  #
unregistered ports
acl Safe_ports port 280    
    # http-mgmt
acl Safe_ports port 488    
    # gss-http
acl Safe_ports port 591    
    # filemaker
acl Safe_ports port 777    
    # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
workers 3
if ${process_number} = 1
include /etc/squid/squid-frontend.conf
else
include /etc/squid/squid-backend.conf
endif
http_access deny all
refresh_pattern ^ftp:    
      1440    20%     10080
refresh_pattern ^gopher:    
   1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0
    0%      0
refresh_pattern .      
        0       20%     4320

#/etc/squid/squid-frontend.conf#
http_port 3128
http_port 3129 tproxy
http_access allow localhost manager
http_access deny manager
http_access allow localhost
http_access allow localnet
http_access allow squid_servers
htcp_access allow squid_servers
htcp_access deny all
cache_peer 127.0.0.1 parent 4002 0 carp
login=PASS name=backend-kid2 no-query
cache_peer 127.0.0.1 parent 4003 0 carp
login=PASS name=backend-kid3 no-query
prefer_direct off
nonhierarchical_direct off
memory_replacement_policy heap LRU
cache_mem 2048 MB
access_log /var/log/squid3/frontend.access.log
cache_log /var/log/squid3/frontend.cache.log
visible_hostname frontend.cloud.solnet.nz

#/etc/squid/squid-backend.conf#
http_port 127.0.01:400${process_number}
http_access allow localhost
cache_mem 5 MB
cache_replacement_policy heap LFUDA
maximum_object_size 1 GB
cache_dir rock /cache/rock 20480 max-size=32768
cache_dir aufs /cache/${process_number}
20480 128 128 min-size=32769
visible_hostname backend${process_number}.cloud.solnet.nz
access_log /var/log/squid3/backend${process_number}.access.log
cache_log /var/log/squid3/backend${process_number}.cache.log

I did have visible_hostname set to backend.cloud.solnet.nz
but that did not help either.

#/var/log/squid3/frontend.access.log#
1446163673.780    491 10.1.209.33
TCP_MISS/200 756381 GET http://asylum-inc.net/WoT/2013-03-03_00006.jpg
- CARP/127.0.0.1 image/jpeg
1446163676.750   1580 10.1.209.33
TCP_MISS/200 756224 GET http://asylum-inc.net/WoT/2013-03-03_00006.jpg
- HIER_DIRECT/69.73.181.160 image/jpeg
1446163681.498   3059 10.1.209.33
TCP_MISS/200 756224 GET http://asylum-inc.net/WoT/2013-03-03_00006.jpg
- HIER_DIRECT/69.73.181.160 image/jpeg

Any assistance is appreciated.

Cheers

Mike Hodgkinson
Internal Support Engineer

Mobile  +64 21 754 339
Phone  +64 4 462 5064
Email   mike.hodgkinson@xxxxxxxxxxxx

Solnet Solutions Limited
Level 12, Solnet House
70 The Terrace, Wellington
6011
PO Box 397, Wellington 6140

www.solnet.co.nz  
Attention:
This email may contain information intended for the sole use of
the original recipient. Please respect this when sharing or
disclosing this email's contents with any third party. If you
believe you have received this email in error, please delete it
and notify the sender or postmaster@xxxxxxxxxxxxxxxxxxxxx as
soon as possible. The content of this email does not necessarily
reflect the views of Solnet Solutions Ltd.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users