On Mon, 12 Sep 2011 18:40:39 +0430, spaceman wrote:
> Dear Sir or Madam,
>
> Firstly i would like to apologize for my poor english
>
Your English is fine, your emailer formatting needs some fixing. ;)
> I want to load balance two isp connection with one linux
> squid proxy server.Load balancing and failover is ok using shorewall
> firewall.My network setup is here
Problem: load balancing in two independent pieces of software is very
tricky. Particularly when one of the two (Squid) does not support
multi-homed load balancing such as you are attempting.
> eth0 is for LAN
>
> eth1 is for A internet connection It use
> Parent-A upstream parent proxy server
>
> eth2 is for B internet connection It use
> Parent-B upstream parent proxy server
>
> I user Fedora Core 10 and Shorewall Firewall
> (www.shorewall.net) .
>
> Shorewall automatically load balance and failover outgoing
> internet gateway.
Squid duplicates this operation.
Problem: The Shorewall recovery methods will break the Squid failure
detection. Causing Squid to miscalculate traffic loads on each upstream.
Leading to un-balanced connections.
>
> Now i want to set up squid proxy server.
>
> My problem is that each internet connection has seperate
> parent proxy.
>
> So i want to route,match or map A internet gateway request
> to Parent-A upstream parent proxy server and B internet gateway
> request to Parent-B upstream parent proxy server in squid proxy.
>
> I think i must be use
> cache_peer
> cache_peer_access
> tcp_outgoing_address
> but no sure .i have test so many
> times but fails
>
> Any help would be great.With best regards
To work with the upstream proxies you need a cache_peer for each parent
proxy. With a flag for one of the load balancing algorithms
(http://wiki.squid-cache.org/Features/LoadBalance) to split the traffic.
* tcp_outgoing_address is not useful. Shorewall needs only to perform
NAT to MASQUERADE the IP for the appropriate WAN interface.
* Failure detection and recovery is performed by the Squid balancing
algorithm (wiki has details of how). Depending on your Squid version the
cache_peer connect-fail-limit controls how many failures are required
before an upstream is stopped being used, default is 10 attempts.
Note that Squid operates on a per-request basis. Not bytes. So if you
need byte/bandwidth balancing Squid and the parent proxies are going to
clash with Shorewall where byte balancing is best done.
Theoretically you might be able to feedback TCP load information to
Squid by blocking (with reject, not drop) of new connections to an
overloaded parent in Shorewall. This could improve the worst loading
imbalances. Risky though and untested.
Amos
Received on Tue Sep 13 2011 - 03:20:20 MDT
This archive was generated by hypermail 2.2.0 : Tue Sep 13 2011 - 12:00:02 MDT