[squid-users] Sibling peers not talking to each other

From: Jeff Rigby <jrigby_at_databasepublish.com>
Date: Fri, 5 Jun 2009 14:52:30 -0400

Hello,

I've just set up my first Squid server. So far I've been very impressed with
the performance. I would have been lost without this list so thanks for all
your help.

My config seems to work, but the peers are not talking to each other at all
and I was hoping that someone on this (extremely helpful) list can help me
out. Here are the parameters:

- 3 Squid servers running in accelerator mode
- Each server has its own cache (I have plenty of space available)
- 3 web servers
- 3 different domains are served by these servers (domain.com,
test.domain.com, dev.domain.com) and each goes to a different origin server.
- I want the Squid servers to query each other before going to the parent
(this is not working)
- I have set up the peers as siblings (not sure if this is correct)
- Each server has a different origin server defined (webserver 1, 2, 3
respectively)
- I pretty much always want to serve from the cache regardless of header (We
enforce unique file names)
- This server only serves jpg, png, gif, js, css, and txt

So I have four questions:

1. Is it possible to round robin the origin server instead of defining
different IPs for each server?
2. How can I make the servers talk to each other, before hitting the origin
server?
3. Is there anything else odd in my configuration?
4. How can I block all other file types besides images, js, css, txt. I know
this can be done with an acl but thus far I haven't figured it out.

Here are the IPs:
Squid 1: 10.155.0.90:80 -> Webserver 1: 10.155.0.101 Squid 2: 10.155.0.91:80
-> Webserver 1: 10.155.0.102 Squid 3: 10.155.0.92:80 -> Webserver 1:
10.155.0.103

Squid 1 Config:
visible_hostname img1.squid_server.com
dns_nameservers 10.155.0.240 10.155.0.241 cache_effective_user squid
cache_effective_group squid http_port 127.0.0.1:3128 accel
defaultsite=localhost vhost http_port 10.155.0.90:80 accel
defaultsite=squid_server.com vhost cache_peer 10.155.0.101 parent 80 0
no-query originserver no-digest no-netdb-exchange
forceddomain=www.domain.com name=prod cache_peer_domain prod
squid_server.com www.squid_server.com cache_peer 10.155.0.101 parent 80 0
no-query originserver no-digest no-netdb-exchange
forceddomain=test.domain.com name=test cache_peer_domain test
test.squid_server.com cache_peer 10.155.0.101 parent 80 0 no-query
originserver no-digest no-netdb-exchange forceddomain=dev.domain.com
name=dev cache_peer_domain dev dev.squid_server.com cache_peer 10.155.0.91
sibling 80 3130 allow-miss no-netdb-exchange name=squid2 cache_peer
10.155.0.92 sibling 80 3130 allow-miss no-netdb-exchange name=squid3

#headers
reply_header_access Cache-Control deny all header_replace Cache-Control
max-age=1209600 refresh_pattern . 0 50% 1209600 ignore-no-cache
override-expire override-lastmod reload-into-ims ignore-reload
ignore-no-store ignore-private
reload_into_ims on

#ICP
query_icmp on
icp_port 3130
udp_incoming_address 10.155.0.90

# Basic ACLs
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl mydomain dstdomain .domain.com .squid_server.com localhost
.external.alliedadvpub.com acl localnet src 10.0.0.0/16
acl Safe_ports port 80 # http
acl Safe_ports port 3128 # admin
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access allow mydomain
http_access deny all
icp_access allow localnet
icp_access deny all

cache_peer_access prod allow mydomain
cache_peer_access prod deny all
cache_peer_access test allow mydomain
cache_peer_access test deny all
cache_peer_access dev allow mydomain
cache_peer_access dev deny all
#cache_peer_access squid1 allow mydomain localnet #cache_peer_access squid1
deny all cache_peer_access squid2 allow mydomain localnet cache_peer_access
squid2 deny all cache_peer_access squid3 allow mydomain localnet
cache_peer_access squid3 deny all icp_access allow localnet icp_access deny
all

(other settings removed)

The other configs are exactly the same except the siblings are configure to
be the other servers and the parent for the main server points to another IP
(a different webserver).

I'm not seeing anything weird in cache.log. It seems to load the siblings
but when I look at the cache manger ICP sent and received is 0.

Jeff
Received on Fri Jun 05 2009 - 18:52:38 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 06 2009 - 12:00:02 MDT