[squid-users] cache peering between two squid 2.7 + zph + mikrotik

From: Saiful Alam <saifulmr_at_hotmail.com>
Date: Sun, 29 Jan 2012 01:53:33 +1100

Hello,
We are running two squid servers (squid 2.7 stable 9) and want to have cache peering between each other. Both have static real IP addresses and sits in the same LAN. Bandwidth management for users are done by Mikrotik 3.30 which has a WAN IP of the same subnet and also sits in the same LAN as the squid servers. Users are connected from Mikrotik LAN interface running PPPoE servers. We are re-directing HTTP requests from users to the squid server using DNAT to the squid's real IP + port 3128. Also note that we are also using the ZPH facility of Squid to mark cache hit packets in Mikrotik, and allowing unlimited bandwidth for hit objects.

Proxy1 squid.conf :-
acl localnet src 10.10.0.0/16 10.15.0.0/16 172.16.0.0/16 192.168.0.0/16
acl gateway02 src XXX.XXX.38.248/32
http_access allow gateway02
icp_access allow gateway02
miss_access deny gateway02

tcp_outgoing_tos 0x30 localnet
zph_mode tos
zph_local 0x30
zph_sibling 0x31
zph_parent 0
zph_option 136

cache_peer XXX.XXX.38.248 sibling 3128 3130 proxy-only

and similarly we have Proxy2 squid.conf :-

acl localnet src 10.10.0.0/16 10.15.0.0/16 172.16.0.0/16 192.168.0.0/16

acl gateway01 src XXX.XXX.38.245/32

http_access allow gateway01

icp_access allow gateway01

miss_access deny gateway01

tcp_outgoing_tos 0x30 localnet

zph_mode tos

zph_local 0x30

zph_sibling 0x31

zph_parent 0

zph_option 136

cache_peer XXX.XXX.38.245 sibling 3128 3130 proxy-only

Mikrotik Setting :-
/ip firewall mangle add action=mark-packet chain=prerouting disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no comment="Cache Hit Packets"

/queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=pmark packet-mark=proxy-hit parent=global-out priority=8 queue=default

Proxy1 is a new machine, and doesn't have any cache objects in it, because it hasn't been in the service yet. Proxy2 is a old machine, and have a substantial large cache inside it. When I use proxy2 to browse and download, I get the proxy2 objects fast because the zph_local is working and mikrotik can also mark the hit packets properly.

Again I clear my browser cache, and tried to browse using proxy1, browsed the same websites are already in cache by proxy2, and I get SIBLING_HIT. Here's the log.

1327761343.689   2663 10.15.180.16 TCP_MISS/200 6299190 GET http://sound21.mp3pk.com/indian/jodibreakers/jodi-breakers08(www.songs.pk).mp3 - SIBLING_HIT/XXX.XXX.38.248 audio/mpeg

But, its downloading very slowly, and downloading at the speed where I have set the RX/TX limit for that particular package. That means ZPH is not working. To investigate more, I tried to take tcpdump report from proxy1. Using tcpdump -vni eth1 | grep 'tos 0x31' i got zero results. Its not marking anything with 0x31.

AGain I used tcpdump -vni eth1 | grep 'tos 0x30' while browsing those websites which are actually cached by proxy2, but accessed by proxy1. I get results like this:-

20:43:25.324668 IP (tos 0x30, ttl 64, id 27401, offset 0, flags [DF], proto TCP (6), length 40)
20:43:25.324814 IP (tos 0x30, ttl 64, id 7570, offset 0, flags [DF], proto TCP (6), length 40)
20:43:25.324834 IP (tos 0x30, ttl 64, id 51042, offset 0, flags [DF], proto TCP (6), length 40)
20:43:25.325749 IP (tos 0x30, ttl 64, id 17589, offset 0, flags [DF], proto TCP (6), length 290)
20:43:25.325845 IP (tos 0x30, ttl 64, id 47388, offset 0, flags [DF], proto TCP (6), length 290)
20:43:25.325928 IP (tos 0x30, ttl 64, id 46825, offset 0, flags [DF], proto TCP (6), length 290)
20:43:25.326010 IP (tos 0x30, ttl 64, id 27402, offset 0, flags [DF], proto TCP (6), length 290)

Proxy1 configuration file says that local hits should be 0x30 .... and sibling hits should be 0x31, so why is proxy1 marking 0x30 for those packets which are actually SIBLING_HITS and not local hits. Even though its marking 0x30 for SIBLING_HIT .. Mikrotik still can't identify the proxy-hit packets, and therefore the download is slow.

I may have confused you with lots of information, but the main fact is, I am unable to get the ZPH working with the SIBLING_HIT.

Some Additional information : Few months before I used Squid 3.1 in both proxy servers and ZPH did work SIBLING_HIT. But its not working working in Squid 2.7

Please advise.

Thanks & Regards,
Saiful
                                               
Received on Sat Jan 28 2012 - 14:53:40 MST

This archive was generated by hypermail 2.2.0 : Sun Jan 29 2012 - 12:00:03 MST