Re: Use ICP RTT with HTTPS request

Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx> · Fri, 23 Sep 2022 10:52:38 -0400

On 9/23/22 10:30, Théo BARRAGUE wrote:

How can I say "please, use ICP for RTT sharing like you did with
HTTP" ?

AFAICT, Squid tries to use NetDB on both HTTP and HTTPS paths, but 
something probably goes wrong somewhere. The easiest way to figure this 
out may be to analyze debugging cache.log while reproducing the problem 
with a single transaction.

https://wiki.squid-cache.org/SquidFaq/BugReporting#Debugging_a_single_transaction

Beyond that, I do not have any good triage ideas. You may want to share 
Cache Manager mgr:server_list page for additional clues. Does changing 
the order of cache_peer lines in squid.conf change the outcome?

Cheers,

Alex.

I'm trying to setup ICP exchange with HTTPS request.
With my current setup (no ssl bumping) I can't use ICP for cache but it 
may be possible for RTT.
My goal is to use the closest parent to establish the connection.

My configuration look like :

    cache_peer 127.0.0.1 parent 3129 3131 no-digest proxy-only
    name=same-server
    cache_peer_access same-server allow all

    cache_peer w.x.y.z parent 3129 3131 no-digest proxy-only
    name=pair-server
    cache_peer_access pair-server allow all

    query_icmp on
    never_direct allow all

It works great for http, when I curl for the first time i got that :

    same-server
    Network                                        recv/sent     RTT
      Hops Hostnames
    142.251.40.0                                      1/   1   121.0
      14.0 www.google.fr

    pair-server
    Network                                        recv/sent     RTT
      Hops Hostnames
    172.253.122.0                                     1/   1    94.0
      23.0 www.google.fr <http://www.google.fr>

Next requests will go through pair-server, example :

    same-server
    Network                                        recv/sent     RTT
      Hops Hostnames
    142.251.40.0                                      1/   1   121.0
      14.0 www.google.fr

    pair-server
    Network                                        recv/sent     RTT
      Hops Hostnames
    172.253.122.0                                    10/  10    93.1
      23.0 www.google.fr <http://www.google.fr>

But for HTTPS, squid is able to determine hostname and network but 
doesn't care about RTT sharing :

    same-server
    Network                                        recv/sent     RTT
      Hops Hostnames
    149.202.190.0                                    10/   1     6.0
      15.0 api.gouv.fr

    pair-server
    Network                                        recv/sent     RTT
      Hops Hostnames

Even if I force a request though the pair-server to initiate NetDB, ICP 
not used.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users