Re: [squid-users] Random outgoing ip

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 05 Feb 2013 00:50:23 +1300

On 5/02/2013 12:25 a.m., BERTRAND Joël wrote:
> Hello,
>
> I'm trying to configure squid to use a random ip for outgoing
> packets.
>
> My hardware configuration is :
>
> (internet)-----(gateway)-----(proxy squid)
>
> Gateway only translates 192.168.1.X addresses to public addresses. I
> have tested that a simple squid configuration (without round robin)
> works like a charm. When I try to add round robin, all requests always
> use the same outgoing address (!). Proxy has one ethernet interface
> with one real address (192.168.1.72) and four virtual addresses
> (192.168.1.73 to 192.168.1.76). Squid (2.7) runs on a linux sparc
> operatic system.

You are making several mistakes.
  1) using round-robin, which is a predictable cycle over a fixed set of
IPs - as far from random as you can get. It is also *destination*
selection, not a source IP selection.
  2) using cache_peer at all. Again a destination IP selection, nothing
to do with source IP.
  3) turning balance_on_multiiple_ip on. Again a destination IP
selection, nothing to do with source IP.
  4) trying to do this with HTTP. All the optimizations which make
HTTP/1.1 faster than HTTP/1.0 (or wais, or email, or gopher) are about
*reducing* the DNS, TCP, routing and processing overheads of message
delivery. By doing this you are maximizing the overhead cost encountered
by every single message.

To solve (1) and (2) please read:

>
> In log file, I have :
>
> 1359971947.744 183 62.240.247.32 TCP_MISS/200 8206 GET
> http://www.rpl2.org/img/gotcha.png - ROUNDROBIN_PARENT/192.168.1.74
> image/png
> 1359971948.575 1004 192.168.1.73 TCP_MISS/301 890 GET
> http://www.rpl2.fr/cgi-bin/cvsweb/rpl - DIRECT/213.41.184.253 text/html
> 1359971948.576 1006 62.240.247.32 TCP_MISS/301 1047 GET
> http://www.rpl2.fr/cgi-bin/cvsweb/rpl - ROUNDROBIN_PARENT/192.168.1.73
> text/html
> 1359971949.217 613 192.168.1.73 TCP_MISS/200 3044 GET
> http://www.rpl2.fr/cgi-bin/cvsweb/rpl/ - DIRECT/213.41.184.253 text/html
> 1359971949.218 614 62.240.247.32 TCP_MISS/200 3201 GET
> http://www.rpl2.fr/cgi-bin/cvsweb/rpl/ -
> ROUNDROBIN_PARENT/192.168.1.76 text/html
> 1359971949.341 104 192.168.1.73 TCP_MISS/200 1574 GET
> http://www.rpl2.fr/cvsweb/css/cvsweb.css - DIRECT/213.41.184.253 text/css
> 1359971949.369 132 62.240.247.32 TCP_MISS/200 1731 GET
> http://www.rpl2.fr/cvsweb/css/cvsweb.css -
> ROUNDROBIN_PARENT/192.168.1.75 text/css
> 1359971949.370 122 192.168.1.73 TCP_MISS/200 657 GET
> http://www.rpl2.fr/cvsweb/icons/back.gif - DIRECT/213.41.232.237
> image/gif
> 1359971949.395 148 62.240.247.32 TCP_MISS/200 814 GET
> http://www.rpl2.fr/cvsweb/icons/back.gif -
> ROUNDROBIN_PARENT/192.168.1.74 image/gif
> 1359971949.436 40 192.168.1.73 TCP_MISS/200 666 GET
> http://www.rpl2.fr/cvsweb/icons/dir.gif - DIRECT/213.41.232.237 image/gif
> 1359971949.470 74 62.240.247.32 TCP_MISS/200 823 GET
> http://www.rpl2.fr/cvsweb/icons/dir.gif -
> ROUNDROBIN_PARENT/192.168.1.73 image/gif
> 1359971949.470 48 192.168.1.73 TCP_MISS/200 670 GET
> http://www.rpl2.fr/cvsweb/icons/text.gif - DIRECT/213.41.184.253
> image/gif
> 1359971949.505 84 62.240.247.32 TCP_MISS/200 827 GET
> http://www.rpl2.fr/cvsweb/icons/text.gif -
> ROUNDROBIN_PARENT/192.168.1.76 image/gif
> 1359971949.538 32 192.168.1.73 TCP_MISS/200 626 GET
> http://www.rpl2.fr/cvsweb/icons/minigraph.png - DIRECT/213.41.184.253
> image/png
> 1359971949.556 51 62.240.247.32 TCP_MISS/200 783 GET
> http://www.rpl2.fr/cvsweb/icons/minigraph.png -
> ROUNDROBIN_PARENT/192.168.1.75 image/png
>
> If I understand this log file, round robin capability works fine
> and first requests are sent to random peers. But why all second
> requests are always routed to 192.1681.73 ? For example, the first
> line of my log extract try to contact 192.168.1.74 peer and answer is
> returned by 192.168.1.73 and not by 192.168.1.74. Why ?
>
> My configuration file is :
>
> acl utilisateurs src <snip>
>
> acl all src all
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
> acl localnet src 192.168.1.0/24
>
> acl SSL_ports port 443 # https
> acl Safe_ports port 80 # http
> acl Safe_ports port 443 # https
> acl purge method PURGE
> acl CONNECT method CONNECT
>
> http_access allow utilisateurs
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localnet
> http_access allow localhost
> http_access deny all
>
> icp_access allow localnet
> icp_access deny all
>
> http_port 192.168.1.72:3128
> http_port 192.168.1.73:3128
> http_port 192.168.1.74:3128
> http_port 192.168.1.75:3128
> http_port 192.168.1.76:3128
>
> acl src_73 src 192.168.1.73
> acl src_74 src 192.168.1.74
> acl src_75 src 192.168.1.75
> acl src_76 src 192.168.1.76
>
> tcp_outgoing_address 192.168.1.73 src_73
> tcp_outgoing_address 192.168.1.74 src_74
> tcp_outgoing_address 192.168.1.75 src_75
> tcp_outgoing_address 192.168.1.76 src_76
>
> acl first_req src 192.168.1.72
> acl second_req src 192.168.1.73
> acl second_req src 192.168.1.74
> acl second_req src 192.168.1.75
> acl second_req src 192.168.1.76
> cache_peer 192.168.1.73 parent 3128 0 round-robin no-query
> cache_peer 192.168.1.74 parent 3128 0 round-robin no-query
> cache_peer 192.168.1.75 parent 3128 0 round-robin no-query
> cache_peer 192.168.1.76 parent 3128 0 round-robin no-query
> cache_peer_access 192.168.1.73 allow first_req
> cache_peer_access 192.168.1.74 allow first_req
> cache_peer_access 192.168.1.75 allow first_req
> cache_peer_access 192.168.1.76 allow first_req
> cache_peer_access 192.168.1.73 deny second_req
> cache_peer_access 192.168.1.74 deny second_req
> cache_peer_access 192.168.1.75 deny second_req
> cache_peer_access 192.168.1.76 deny second_req
> never_direct allow first_req
> never_direct deny second_req
>
> hierarchy_stoplist cgi-bin ?
> access_log /var/log/squid/access.log squid
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
> refresh_pattern . 0 20% 4320
>
> acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
> upgrade_http0.9 deny shoutcast
>
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
>
> extension_methods REPORT MERGE MKACTIVITY CHECKOUT
>
> hosts_file /etc/hosts
> coredump_dir /var/spool/squid
> balance_on_multiple_ip on
> negative_ttl 0
>
> Any help is welcome,
>
> JB
Received on Mon Feb 04 2013 - 11:50:39 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 04 2013 - 12:00:08 MST