On 20/06/2013 12:02 a.m., T Ls wrote:
> Hi,
>
> we are using squid (S_{1,2,3}) to connect our sites to the internet
> via parent proxies (P_{1,2}), there is no direct line to the internet.
> The constellation looks something like this:
> (P_1) (P_2)
> | / \
> /-----------------\
> | | W A N | | |
> \-----------------/
> | / \
> (S_1) (S_2) (S_3)
> | | |
> (N_1) (N_2) (N_3)
>
> the mapping S_i <=> P_j is fix and I can't change it. In S_1 config, I
> have the line:
>
> cache_peer P_1 parent 80 0 no-query default
>
> If one parent fails (e.g. P_1), we force all clients in N_1 to use S_2
> (by AD policy). This procedure works, but there are two major drawbacks:
> a) we have to make this switching manually (and also the swich back,
> after P_1 recovers)
> b) S_2 has to handle N_1+N_2 traffic
>
> What I want to do is:
> a) switch to alternative parents automatically
> b) in case of P_1-failure: distribute N_1-traffic over S_2 and S_3
> c) in normal operation send all requests to P_1 and no requests to S_2
> or S_3
>
> Because of c), I can't declare S_{2,3} as sibling (as far as I
> understand the function of a sibling and the peer selection methodes),
> so I changed the S_1 config to:
> cache_peer P_1 parent 80 0 no-query
> cache_peer S_2 parent 80 0 no-query
> cache_peer S_3 parent 80 0 no-query
>
> I think, this fits to a) and b) (because a client request is send to
> FIRST_UP_PARENT), but this will not fit to c) perfectly (may be S_2 is
> FIRST_UP_PARENT, but it still has to fetch the data from P_2, so the
> data for N_1 passes the line of S_2 two times and this should not
> happen).
>
> Can basetime=x at the P_1-line make sure, that P_1 is always choosen
> in normal operation?
>
> Any other ideas?
For each S_* order the sources as parent cache_dir according to the
preferred order of failover.
Also, in the cache_peer_access for each peer link add a rule preventing
any traffic which arrived from an S_* peer to be sent back.
S_1 config:
acl fromPeer src <IPs of S_1,2,3>
cache_peer P_1 ...
cache_peer_access P_1 allow all
cache_peer S_2 ...
cache_peer_access S_2 allow !fromPeer
cache_peer S_3 ...
cache_peer_access S_3 allow !fromPeer
S_2 config:
acl fromPeer src <IPs of S_1,2,3>
cache_peer P_2 ...
cache_peer_access P_2 allow all
cache_peer S_1 ...
cache_peer_access S_1 allow !fromPeer
cache_peer S_3 ...
cache_peer_access S_3 allow !fromPeer
... etc.
Amos
Received on Wed Jun 19 2013 - 12:58:52 MDT
This archive was generated by hypermail 2.2.0 : Wed Jun 19 2013 - 12:00:04 MDT