ICP incoming/outgoing port definitions

--MimeMultipartBoundary
Content-Type: text/plain; charset=us-ascii

Hiya,

        We have a need and as an aside, the current udp_incoming_address
and udp_outgoing_address don't really make logistical sense.

        Here's why:

        We'd like to change the IP addresses of our Squid servers. This
would all be fine and dandy except for ICP. Downstream caches only like
to accept ICP requests coming back from the IP that they think they sent
a query to.

        We can ease our transition to the new IP addresses by bringing up
virutal interfaces on our caches and have them serve from multiple IP
addresses. This is fine for TCP, since TCP will return traffic back from
the IP address which was connected to. UDP, however, is connectionless,
and most Unixes (if fact none that I know of) allow you to find our to
which IP address a UDP datagram was delievered to on that host. This means
that at best, squid will return a ICP request from either the one specified
in the udp_outgoing_address, or from the address of the primary interface
if no specific UDP addresses are defined.

        This means that while TCP will work to multiple address, UDP will
not (at least not as far as squid is concerned).

        My proposed solution which I would like to begin to code up is
one where:

        a) Squid simply binds to all UDP addresses on the machine (current
           default behaviour)

        or

        b) Squid can bind to multiple operator specified udp_io_addresses
           where a UDP (ICP) query packet that arrives on one of these
           addresses get sent straight back out with the same address. This
           will be possible because the socket is bound to a single address
           and therefore packets sent through that socket will get that
           address. This will require 1 socket per address.

           Further, for firewall operation, all that's required is an
           optionally specified udp_out_address from which address all ICP
           queries destined for neighbour caches from THIS cache get sent
           from. Otherwise squid could just use the first specified UDP
           address for its query use.

        In fact, to be complete, we should allow the operator defined binding
to multiple TCP addresses too. This would then allow for multiple addresses
on the inside of a firewall with a single outgoing address if so desired.
If there was no firewall style operation then simply binding to all addresses
for TCP would work.

        I believe this makes the ICP stuff a little more useable and flexible.

        So, do any of you guys have major objections to me coding this up and
submitting a patch for it? Any suggestions/considerations/extensions/clarifi-
cations?

        Cheers,

                Stew.

--MimeMultipartBoundary--
Received on Tue Jul 29 2003 - 13:15:50 MDT