Re: [squid-users] Can a guru verify my config?

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Mon, 6 Apr 2009 16:09:20 +1200 (NZST)

>> When you are confidant about this going, we can move on to the HTTPS and
>> failover questions.
>>
>> Amos
>
>
> Hi Guys,
>
> Sorry that I am "dropping" in on this thread, but it reminded me that I
> need to find this out.
>
> I am working on a "active-active" firewall for a customer. It will be two
> Linux boxes (Gentoo for now) running VRRP to publish a virtual IP. I have
> done the firewall setup so that connections can failover between the boxes
> (takes about 30 seconds - I am sure the heartbeat can be set to less) but
> it works ok :)
>
> Now - the tricker part. Let say someone is currently busy with a download,
> can squid do a failover of the connection ? If so, mind pointing me to the
> setup docs ?

mid-stream I think not, all Squid can do is pass on the failure to the
client and hope its recovers properly. If failure occurs before the
outbound TCP link is setup then yes, squid will try the following:
 * other peer sources if any.
 * direct access to each of the website AAAA or A records (3.1+ for the
AAAA).

If the failure was on the Squid->client link, then your config
(quick_abort_* and range_offset settings) will determine whether Squid
drops the Squid->server link or keeps pulling the object into cache hoping
that the client will re-request it soon.

>
> If this is going to be a feature to add to squid, then I am happy to take
> it to the dev mailing list and "propose" something there.

The forwarding part of squid is still a bit of confusion to me at times,
if you bring up the idea in squid-dev maybe someone else will have a
better idea of whats there and whats missing to get this going.

>
> Please accept my best attempt at ASCII art :)
>
> |eth2 |eth2
> ___|___ ___|___
> |NODE1| |NODE2|
> | |--eth1---eth1--| |
> ---|--- ---|---
> |eth0 |eth0
>
>
> eth0 - Private LAN
> eth1 - heartbeat,failover and ICP LAN
> eth2 - Internet
>
> Cheers,
>
> Pieter
>
Received on Mon Apr 06 2009 - 03:09:23 MDT

This archive was generated by hypermail 2.2.0 : Mon Apr 06 2009 - 12:00:02 MDT