Re: [squid-users] Squid, virtual IP and Layer 7 switching...any idea?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Wed, 23 Feb 2005 00:05:40 +0100 (CET)

On Tue, 22 Feb 2005, Marco Crucianelli wrote:

> Well, I'm sure not that ggod in squid configuration, but thinking about
> a layer 7 switching solution using virtual IP, to let squid answer to
> clients request directly I should use a TCP handoff.

Yes...

> In such a case,
> squid needs to use the virtual IP address to answer to clients (binding
> squid instance to the virtual IP in squid.conf) while, to speak with its
> cache_peer it needs to use its real IP address (using something like
> udp_incoming_address and udp_outgoing_address in squid.conf).

You don't need to bind Squid to the virutal IP. You may if you only want
Squid to answer to the virtual IP and not the real IPs, but it is not
required.

> While, not using wirtual IP solution but natting only, I don't need
> neither to bind squid to wirtual IP nor to change udp_incoming and
> outgoing_address.

You do not need to if you use a virtual IP either.

All the gory details of the virtual IP is handled by the OS, and even
there it isn't that much special about it (just a secondary IP on the same
server). Only if the servers is on the same network segment as the L7
switch publishes the virtual IP on is some small amount of care needed at
the OS level to make sure the servers do not respond to ARP on the virtual
IP. Only the L7 switch should respond to ARP for the virtual IP. If the
servers is on a separate network behind the L7 switch then the ARP problem
is not an issue and can be ignored.

Regards
Henrik
Received on Tue Feb 22 2005 - 16:05:42 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST