Re: [squid-users] cache peering between two squid 2.7 + zph + mikrotik

Silence around here usually menas nobody has an answer.

FWIW I've reviewd your setup as stated and have some comments inline
below...

On 16/02/2012 3:12 a.m., Saiful Alam wrote:
> Hello,
> We are running two squid servers (squid 2.7 stable 9) and want to have cache peering between each other. Both have static real IP addresses and sits in the same LAN.

Fine. Good. A cache_peer link on each Squid does that peering.

> Bandwidth management for users are done by Mikrotik 3.30 which has a WAN IP of the same subnet and also sits in the same LAN as the squid servers. Users are connected from Mikrotik LAN interface running PPPoE servers. We are re-directing HTTP requests from users to the squid server using DNAT to the squid's real IP + port 3128.

On the Mikrotik or the Squid box?

Note that interception does not actually work when done on a different
machine to Squid. It can have all appearance pf working while actually
not. The current production releases of Squid all hide most of the failures.

Use policy routing on the Mikrotik to mark port 80 packets from the
clients and route them to one of the Squid boxes. Leaving the IPs and
ports untouched until they arrive at the Squid box. DNAT can work from
there.

> Also note that we are also using the ZPH facility of Squid to mark cache hit packets in Mikrotik, and allowing unlimited bandwidth for hit objects.
>
> Proxy1 squid.conf :-
> acl localnet src 10.10.0.0/16 10.15.0.0/16 172.16.0.0/16 192.168.0.0/16
> acl gateway02 src XXX.XXX.38.248/32
> http_access allow gateway02
> icp_access allow gateway02
> miss_access deny gateway02
>
> tcp_outgoing_tos 0x30 localnet
> zph_mode tos
> zph_local 0x30
> zph_sibling 0x31
> zph_parent 0
> zph_option 136
>
> cache_peer XXX.XXX.38.248 sibling 3128 3130 proxy-only

Okay. Seems mostly fine. As does the other.

> Proxy1 configuration file says that local hits should be 0x30 .... and sibling hits should be 0x31, so why is proxy1 marking 0x30 for those packets which are actually SIBLING_HITS and not local hits. Even though its marking 0x30 for SIBLING_HIT .. Mikrotik still can't identify the proxy-hit packets, and therefore the download is slow.

Try removing tcp_outgoing_tos. It is likely that is replacing the ZPH
values with 0x30.

>
> I may have confused you with lots of information, but the main fact is, I am unable to get the ZPH working with the SIBLING_HIT.
>
> Some Additional information : Few months before I used Squid 3.1 in both proxy servers and ZPH did work SIBLING_HIT. But its not working working in Squid 2.7

Same config? Tnen it may just be 2.7 problems. ZPH was experimental in
2.7, although it did have many years of use as a patch to iron out the bugs.

Amos
Received on Fri Feb 17 2012 - 08:35:16 MST