Re: [squid-users] 2 questions about proxy hierarchy from Amos Jeffries on 2012-06-08 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 08 Jun 2012 23:11:45 +1200

On 8/06/2012 9:26 p.m., Eugene M. Zheganin wrote:
> On 07.06.2012 17:19, Amos Jeffries wrote:
>> On 7/06/2012 10:48 p.m., Eugene M. Zheganin wrote:
>>> Hi.
>>>
>>> Happy world ipv6 launch day to everybody. :P
>>>
>>> squid/3.1.12, FreeBSD 8.x|9.x
>>>
>>> a) why when using ipv6 address, like fd00::316 or, no matter
>>> [fd00::316], squid detects that configuration file is corrent, but
>>> then I'm immidiately getting "TCP connection to fd00::316/3128
>>> failed", but, in the same time, I CAN telnet to the fd00::316 port
>>> 3128 ?
>>
>> More to the point *what* is failing to connect to your Squid and from
>> where?
> Assume I get one parent squid A, and one child squid, B.
> B's IP (v6) is in the parent's config file, like
>
> acl children src fd00::d02/128
>
> B's config has the line like
>
> cache_peer fd00::316 3128 3130 default
>
> or
>
> cache_peer [fd00:316] 3128 3130 default
>
> and some lines like
>
> always_direct deny some-domain-based-acl
> always_direct allow all
> never_direct allow some-domain-based-acl
> never_direct deny all
>
> In this situation I'm starting to get these lines on B:
>
> TCP connection to fd00::316/3128 failed
>
> In the same time I can connect from B's console (telnet fd00::316 3128).

Ok got it. Please try setting "debug_options 5,6" and see if anything
unusual shows up.

>>
>>>
>>> b) more long story. I think I'm just not getting something. From the
>>> 2.6 version I always had to use no-query option for parents. That is
>>> because the cold
> ZOMG. Did I write this ? I mean 'children'.
>>> squid is always detecting the parent proxy as dead, but the weird
>>> thing is, it's still capable of communicating to them. I mean I see
>>> udp/3130 packets in tcpdump going both ways, and UDP_HIT/000
>>> UDP_MISS/000 ICP queries from children on parent proxies.
>>> Why is that ?
>>
>> bugs?
> That's too easy to explain. I think the situation when I discover and
> report this bug first time for like 10 years is quite impossible.

"no-query" is supposed to completely suppress such ICP probes over UDP.
If they are still being sent despite the no-query that is a bug.

Are the UDP packets using the same fd00::d02 and fd00::316 IPs as the HTTP?

Amos
Received on Fri Jun 08 2012 - 11:12:02 MDT

This archive was generated by hypermail 2.2.0 : Fri Jun 08 2012 - 12:00:03 MDT