Re: [squid-users] Primary, Secondary, Tertiary Squid proxies from Amos Jeffries on 2010-04-21 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 22 Apr 2010 17:40:26 +1200

Nick Cairncross wrote:
> Hi,
>
> I would like to configure my proxies to route via different boxes if
> the primary upstream is unavailable. I have three Squid boxes all at
> different sites . All three have the entry:
>
> cache_peer upstream.isp.com parent 8080 0 no-query default
>
> All three are the same, utilising Kerberos authentication, hooking
> into an ICAP server. All working ok - users authenticate, ICAP
> manipulation then passed upstream. What I want is if the upstream at
> site A is unavailable I would like to route to the site B, and then
> site C to pass to the upstream. Likewise at Site B, site A, site C.
> And again at site C, site B and site A.
>
> I think I need to be looking at something like this.. I'm not using
> caching by the way:
>
> SiteA proxy: cache_peer upstream.isp.com parent 8080 0 no-query
> no-digest default cache_peer siteb.[mydomain] sibling 8080 0 no-query
> no-digest cache_peer sitec.[mydomain] sibling 8080 0 no-query
> no-digest
>
> Do I also need additional conf lines to say send upstream and don't
> do any auth/ICAP etc or is it as simple as getting the right lines
> above and it'll automatically go upstream?
>
> Could anyone offer some pointers?

sibling relationships form a kind of cluster with multi-lateral fetches
happening. It does not match your structured failover requirement.
Although, it does permit a fastest-fetch setup you might like better.

To meet your failover requirement each would need to be parented off
each other.
Unless you add some form of load-balancing setting yourself the
default is to fetch from the structured first, second, third parent the
way you described. Simply list the cache_peer lines in priority order.
Failover will happen when a) one goes down, or b) one gets overloaded.

One thing to watch out for is that for this to work without looping you
MUST have the Via: and X-Forwarded-For headers enabled (via on,
forwarded_for on settings in squid.conf).
Also some cache_peer_access rules preventing a fetch which came from
any of the A,B,C sites being passed to one of the others.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.1

Received on Thu Apr 22 2010 - 05:40:35 MDT

This archive was generated by hypermail 2.2.0 : Thu Apr 22 2010 - 12:00:05 MDT