Re: [squid-users] How to setup squid proxy to run in fail-over mode

From: Chris Robertson <crobertson_at_gci.net>
Date: Tue, 16 Jun 2009 11:11:05 -0800

Gontzal wrote:
> Hi Abdul,
>
> As has been said the most simple solution is to use a PAC file, i'm
> using it at my company and balancing the connections depending on the
> subnet: subnet A goes throught proxy1 and subnet B goes throught
> proxy2. When proxy1 goes down, connections goes to proxy2, but it
> doesn´t sinchronyzes the information of the conections, so clients
> will have to stablish a new connection to proxy2.

Squid does not have connection synchronization capabilities between
peers. No matter what form of load balancing/high availability you use,
if one of your Squid servers dies, any active connections with that
server will be dropped and the client will have to reestablish a new
connection.

> You have multiple
> examples of configuring a pac file on internet.
>
> Obviouslly this is not the best solution, it is not a load balancing
> depending on the amount of "charge" of each proxy.

A PAC file can be load balancing. See the Super Proxy Script from Sharp
(http://naragw.sharp.co.jp/sps/).

> For that you may
> need a solution including LinuxVirtualServer (LVS) + Heartbeat (like
> ultramonkey), with two virtual/physicall machines acting as load
> balancers in Active/Pasive mode (with heartbeat) connected to other
> two machines acting as proxys. For the final user it acts as an
> individual machine, with only one ip (virtual ip for the hole
> structure).

Okay so far.

> It has another advantages, like the LB sinchronyzes the
> information of the connections throught UDP multicast, so if one
> server goes down, the other proxy have the information of the
> connection and the client doesn't have to restart the connection.

The load balancer might very well send the continuation of the TCP
stream to Squid, but Squid will dump it due to the fact that it has no
accounting of the connection. If you have an active/active Linux-HA
setup (or even an active/passive) and one of the load balancing machines
(or processes) dies, the existing connections will be maintained (as
long as the Squid process is not affected).

> Also is a HA solution.
>
> Also is good for stops due to updates, improves, fails, etc on your
> servers, its is completely transparent for the users.

For true transparency, you have to remove the Squid server from the
cluster (which will prevent NEW connections from being established) and
then wait for active connections to finish (which if you have customers
listening to Internet Radio, this step can take a while). Then you can
perform maintenance on it. Just shutting the Squid service down will
disrupt active connections.

> And you can increase easily the number of servers acting as proxys.
>

Changing a PAC file is just as easy (if not more so). The disadvantage
the PAC file has is that it is only loaded when the browser starts.

> Hope it can help you.
>
> Gontzal
>

Be aware if you decide to go the "multiple active proxies" route, there
are any number of sites which don't understand (or accept) that HTTP is
stateless and attempt to maintain a "session" based on source IP. If
you load balance your traffic without some attempt at keeping
connections "sticky" (such as using a source hash algorithm) or NATing
all of your proxies outgoing traffic, you will experience trouble with
such sites. Ask me how I know... :o)

Chris
Received on Tue Jun 16 2009 - 19:11:23 MDT

This archive was generated by hypermail 2.2.0 : Wed Jun 17 2009 - 12:00:04 MDT