Re: [squid-users] Squid, virtual IP and Layer 7 switching...any idea?

From: Marco Crucianelli <m.crucianelli@dont-contact.us>
Date: Wed, 23 Feb 2005 09:55:43 +0100

On Wed, 2005-02-23 at 00:05 +0100, Henrik Nordstrom wrote:
> On Tue, 22 Feb 2005, Marco Crucianelli wrote:
>
> > Well, I'm sure not that ggod in squid configuration, but thinking about
> > a layer 7 switching solution using virtual IP, to let squid answer to
> > clients request directly I should use a TCP handoff.
>
> Yes...
>
> > In such a case,
> > squid needs to use the virtual IP address to answer to clients (binding
> > squid instance to the virtual IP in squid.conf) while, to speak with its
> > cache_peer it needs to use its real IP address (using something like
> > udp_incoming_address and udp_outgoing_address in squid.conf).
>
> You don't need to bind Squid to the virutal IP. You may if you only want
> Squid to answer to the virtual IP and not the real IPs, but it is not
> required.

You are extremely right! That way, I mean binding squid on the virtual
IP, I make it answer only to the virtual IP, otherwise squid answer to
all possible active interface.

>
> > While, not using wirtual IP solution but natting only, I don't need
> > neither to bind squid to wirtual IP nor to change udp_incoming and
> > outgoing_address.
>
> You do not need to if you use a virtual IP either.
>
> All the gory details of the virtual IP is handled by the OS, and even
> there it isn't that much special about it (just a secondary IP on the same
> server). Only if the servers is on the same network segment as the L7
> switch publishes the virtual IP on is some small amount of care needed at
> the OS level to make sure the servers do not respond to ARP on the virtual
> IP. Only the L7 switch should respond to ARP for the virtual IP. If the
> servers is on a separate network behind the L7 switch then the ARP problem
> is not an issue and can be ignored.
>
> Regards
> Henrik

Sometimes I do feel like I'm abusing you!!! :)
I do thank you Henrik, this was exactly what I was trying to say! Even
if it was not that clear to me...now it is! ;)

Thanks you!

Marco
Received on Wed Feb 23 2005 - 01:54:02 MST

This archive was generated by hypermail pre-2.1.9 : Tue Mar 01 2005 - 12:00:02 MST