Re: [squid-users] Random outgoing ip from Amos Jeffries on 2013-02-04 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 05 Feb 2013 00:57:45 +1300

On 5/02/2013 12:50 a.m., Amos Jeffries wrote:
> On 5/02/2013 12:25 a.m., BERTRAND Joël wrote:
>> Hello,
>>
>> I'm trying to configure squid to use a random ip for outgoing
>> packets.
>>
>> My hardware configuration is :
>>
>> (internet)-----(gateway)-----(proxy squid)
>>
>> Gateway only translates 192.168.1.X addresses to public addresses. I
>> have tested that a simple squid configuration (without round robin)
>> works like a charm. When I try to add round robin, all requests
>> always use the same outgoing address (!). Proxy has one ethernet
>> interface with one real address (192.168.1.72) and four virtual
>> addresses (192.168.1.73 to 192.168.1.76). Squid (2.7) runs on a linux
>> sparc operatic system.
>
> You are making several mistakes.
> 1) using round-robin, which is a predictable cycle over a fixed set
> of IPs - as far from random as you can get. It is also *destination*
> selection, not a source IP selection.
> 2) using cache_peer at all. Again a destination IP selection, nothing
> to do with source IP.
> 3) turning balance_on_multiiple_ip on. Again a destination IP
> selection, nothing to do with source IP.
> 4) trying to do this with HTTP. All the optimizations which make
> HTTP/1.1 faster than HTTP/1.0 (or wais, or email, or gopher) are about
> *reducing* the DNS, TCP, routing and processing overheads of message
> delivery. By doing this you are maximizing the overhead cost
> encountered by every single message.
>
> To solve (1) and (2) please read:
>

Sorry, mouse decided to click send before I was finished. To continue...

http://wiki.squid-cache.org/Features/AclRandom

Then please consider upgrading your Squid to a version which supports it.

To solve (3), please turn that option off.

(4) may or may not be a mistake at all. Depends if you care how slow the
traffic is or not. If you are after anonymization there are better ways
to do it (removing the markers you view as trackers), if you are after
load balancing and traffic optimization - you actually get better
performance (not to mention a lot of websites using sessions start
working) out of letting Squid decide which route is fastest and
multiplexing your traffic down persistent connections.

Amos
Received on Mon Feb 04 2013 - 11:57:56 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 04 2013 - 12:00:08 MST