Re: [squid-users] transparent proxy over transparent proxy

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 14 Jul 2011 01:35:21 +1200

On 13/07/11 19:20, WiNET . wrote:
> On Wed, Jul 13, 2011 at 1:20 PM, Amos Jeffries<squid3_at_treenet.co.nz> wrote:
>> Thank you.
>>
>> Because the way chained proxies work proxy1 is just another client to
>> proxy2.
>>
>> Are they both caching? that would make proxy1 only pass requests through
>> proxy2 when the object is expired/stale. In that case both proxies will
>> detect it as a MISS at once, but HIT only get as far as the first proxy.
>> proxy2 can only be a HIT if some source other than proxy1 caused that
>> object to be cached or updated before proxy1 had a MISS/REFRESH on it.
>>
>> So...
>> Two proxies chained like this only really make sense if one is not caching
>> (proxy2 usually for efficiency), or if there are multiple proxies/clients
>> plugged into router2, or if the cache space available to proxy1 is smaller
>> than the one able to be stored in proxy2.
>>
>>
>> Also, proxy1 can use cache_peer directive to pass requests through proxy2.
>> There is no need for it to be transparent/intercepting at any level other
>> than the one directly next to the client.
>>
>> Amos
>> --
>> Please be using
>> Current Stable Squid 2.7.STABLE9 or 3.1.14
>> Beta testers wanted for 3.2.0.9
>>
>
> First, they both caching. Client behind proxy1 gets HIT object when
> proxy1 done caching any object. And so is the client behind proxy2
> gets HIT object whenever proxy2 done caching any object. the weird
> thing is, proxy1 won't get any cache from proxy2. both proxies has the
> same RAM, configuration, OS and cache space.

Not weird. Try making a request from client2 to proxy2, then one from
proxy1 to proxy2 (should be a HIT).

I think when client makes a request to proxy1 which gets relayed to
proxy2 the object is then being sored in both almost simultaneously AND
will expire at the same time in both. Its not possible for proxy2 to get
a HIT on that update check unless something causes it to have already
updated is before proxy1 needs it. ie the scenarios I mentioned earlier.

>
> About cache_peer directive,
> 1. would this mean, proxy1 gets caches from proxy2? or proxy1 gets
> direct request to internet, without checking caches on proxy2 first?

cache_peer of type parent in proxy1 squid.conf would mean it uses proxy2
instead of going direct. For neary all requests, see
nonhierarchical_direct directive for exceptions to that.

cache_peer of type sibling means they chatter via ICP/HTCP or
cache-digest about what each has stored already and can pull HIT from
each other. But MISS attempt to go direct to the Internet from both.

> 2. What protocol this would be?

  HTTP over TCP links for most.
  Possibly also ICP or HTCP over UDP.

> Does zph_mode tos work here?

Yes. for both, but at present best set on proxy1 which be supplying all
the HITs.

> So i can
> set queue limit on my router based on HIT or MISS objects.
>
> Thanks for the detailed explanations :)

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.14
   Beta testers wanted for 3.2.0.9
Received on Wed Jul 13 2011 - 13:35:29 MDT

This archive was generated by hypermail 2.2.0 : Wed Jul 13 2011 - 12:00:03 MDT