Re: cache_peer_? setting for internal peer

From: Andrew S. Howell <>
Date: Thu, 14 Jan 1999 00:47:51 +0900

Andrew S. Howell wrote:
> cache_peer parent 8080 7 no-query no-digest no-netdb-exchange
> So it looks like its matching the regex, but then not selecting the
> proxy.
> Any ideas?

    Henrik> Squid is a bit picky about selecting parents for which it
    Henrik> has nothing to weight the selection on... You can get
    Henrik> around this by using never_direct.

Picky is an understatement. :)

cache_peer tickle parent 8080 7 no-query no-digest no-netdb-exchange
cache_peer parent 8080 7 no-query no-digest no-netdb-exchange

acl tokyo-dstdomain dstdomain
acl pa-dstdomain dstdomain
acl tibco-dst dst
acl reuters-dstdomain dstdomain
acl reuters-regex url_regex

cache_peer_access allow reuters-regex
cache_peer_access tickle deny tibco-dst
always_direct allow tokyo-dstdomain
never_direct allow reuters-regex

    Henrik> The current peer selection algorithm is something like
    Henrik> this (see peerSelectFoo):

        1. DIRECT if always_direct
        2. If there is a single parent matching the request, and this parent has
        no-query set then use this parent.
        3. DIRECT if non-hierarchical and not matching never_direct.
        4. Digest HIT peer.
        5. CARP selected parent.
        6. Closest parent according to netdb
        7. ICP HIT selected parent.
        8. DIRECT if we are closer than closest netdb peer.
        9. ICP netdb closest MISS
        10. ICP fastest MISS
        11. DIRECT unless never_direct
        12. Some available parent (default/roundrobin/firstup/anyup)
        13. Fail

With my above configuration, it always falls through to step 12, with

I tried changing:

        cache_peer_access tickle deny tibco-dst
        cache_peer_access tickle deny tibco-dst reuters-regex

Thinking that this should prevent tickle from being used for anything
that matches reuter-regex. This did not help. Looking at the above
rules, I think I should be trying to get it to hit rule number 2.

    Henrik> Problems:

    Henrik> 2: single_parent before non-hierarchical check.

Does non-hierarchial mean to a SIBLING cache?

    Henrik> All ACL checks in cache_peer_access has to be
    Henrik> "fast"(non-blocking). I.e. dst type ACLs are uncertain,
    Henrik> and dstdom* are uncertain if the request uses an IP
    Henrik> address.

Is this why I am seeing AclMatchIP failing for hosts that I can find
with nslookup?

In another mail you said:

    Henrik> cache_peer_access allow ... is the same as cache_host_acl
    Henrik> ...

    Henrik> Also remember that cache_peer_access can only be used to
    Henrik> restrict which URLs that are sent to a peer, it does not
    Henrik> force Squid to use that peer.'

That what I am trying to get to. What does force squid to use a
particular peer. From the acl's, cache_peer_xxx etc, it all seems like
it sould be so simple to do what I want, but I have yet to be able to
figure it out.

One last thing. In trying to debug this problem, I played around with
the debug in config file. Setting this to 44 for peerSelect helped,
but then of course, I was missing all the other output. I have made a
minor patch to debugArg in debug.c to allow you to give a list of
debug sections and levels. ALL is just too much information. One level
is not enough. So now I can do something like:

# set debugging on for peerSelect and access control
debug_options 44,3 28,3

I'll be glad to post it is anyone is interested.


Received on Wed Jan 13 1999 - 09:05:11 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:44:01 MST