Re: squid.conf (udp_incoming/outgoing_address)

Hi all squid-users,

> Dancer wrote:
>
> Is there any reason to use it at all? Why not just bind to all addresses?
> Unless you _really_ want to take care about which IP interfaces ICP happens
> on (as opposed to HTTP), I'd recommend not bothering with the
> *_incoming/*_outgoing addresses. Leave them commented out.
>
well, of course there is the situation where you'll need at least
udp_outgoing_address (and so you may use just udp_incoming_address),
when you're using several (virtual) interfaces.

At least I would like a configurable option for the outgoing address
in dependence of the destination sibling, to suite the following
scenario:

At two locations are running two (or even more) proxies with the
following (sample) configuration:

Interface Location A Location B

le0 192.168.1.2 192.168.1.130
le0:1 192.168.1.4 (192.168.1.4)
le0:2 (192.168.1.132) 192.168.1.132

The official proxy addresses are .4 and .132 and they are load balanced
by DNS Round Robin.
In the normal case the load is also balanced over the two machines. But
in case of a failure of one machine (or location) the other location
will become active and responsible for the failed IP-address.

Because we don't want to announce the hard adresses to our customers,
the proxies have to be configured with udp_outgoing_address
.4 for location A and .132 for location B to be usefull two other
proxies as parents or siblings. (Otherwise the siblings will not
receive or ignore the response, coming from an unexpected ip-address).

Because all IP-addresses have to be configured at every time, we
may use the hard addresses for siblings for the proxies itself.
But that no longer will work, because the response will have
the wrong source address.

As I assume, it's not possible to configure squid to always use the
previously received destination address as the outgoing udp address,
but that at least would solve the problem, of course.
(The default 0.0.0.0 for incoming, 255.255.255.255 for outgoing
 always will result the address on the hard interface le0.)

So i would like an option like the following for usage at location A,
to force the outgoing source address to 192.168.1.2 to all replies
send to neighbor 192.168.1.130:

udp_outgoing_sibling 192.168.1.2 192.168.1.130

Because we may have several neighbors which may need this configuration
and because squid already has acl support we may also write:

acl sibling 192.168.1.130/255.255.255.255
udp_outgoing_sibling 192.168.1.2 allow sibling

At Location B you will need a similar configuration of course.
I looked at the source, and it should be possible in general and
not that complicated in detail.

But IMHO it should be discussed at the list before, so here it is.

Enjoy,

        Jan
Received on Tue Mar 30 1999 - 23:39:24 MST