On 11/18/2011 04:56 AM, Amos Jeffries wrote:
> This removes the domain from the server pconn key.
>
> Under the squid-3.2 pconn model the IP:port specifying the destination
> are part of the key and can be used to strictly filter selection when
> locating pconn. This means the domain is no longer a necessary part of
> the key.
>
> Squid using cache_peer can see a large number of wasted idle connections
> to their peers due to the key domain value if the peer hostname is not
> substituted properly. There is also a similar affect when contacting
> servers with virtual hosted domains.
>
> A simpler form of this with just the functional change in key generation
> has been tested for several months now with only socket usage benefits
> seen in a few production networks.
Even though using IP addresses "feels" wrong to me, I cannot think of
any specific reason why a host name would be required for compliant servers.
All bad side effects I can think of deal with poorly implemented
servers. For example, a server may incorrectly assume that
* a connection starting with a request to virtual host A will never
contain requests to virtual host B;
or
* two pipelined requests read at once from the socket buffer must go to
the same virtual host.
Another, perhaps more likely, breakage (suggested by Duane) will come
from over-simplifying L7 switches that make their decision based on the
first HTTP request header on the TCP connection. IIRC, such switches
were quite common when L7 switching was introduced some 10 years ago,
but one could hope that they are all extinct now.
In summary, I do see benefits of using IP addresses without host names
but I fear that we will run into compatibility problems in some cases,
even though it would not be our fault. Folks may ask for an
ACL-controlled decision (defaulting to the IP-only behavior), and I am
guessing you do not want to add that now.
It may be a good idea to ask about this on squid-users.
Please do not interpret the above as an objection to your change. It is
your call whether it is worth the risks outlined above, especially if
you promise to address corner cases if they indeed surface.
Thank you,
Alex.
Received on Fri Nov 18 2011 - 17:29:13 MST
This archive was generated by hypermail 2.2.0 : Fri Nov 18 2011 - 12:00:07 MST