Thank you for the reply, that is wonderful.
But what routing mark should I give the squid server ip?
The squid has to go through the mikrotik rb to access the internet.
> Amos Jeffries <mailto:squid3_at_treenet.co.nz>
> 12 October 2013 03:59 AM
> On 12/10/2013 10:55 a.m., Dean Volt wrote:
>> I have a network that serves internet to 60 clients, all go through
>> a mikrotik rb which routes traffic according to MARK_ROUTING rule in
>> mangle.
>> So, Group1 goes thru WAN1, and Group2 goes thru WAN2 etc.
>>
>> Now i want to setup a squid proxy to optimize browsing, but if i mark
>> routing of the squid ip to Group1, then ALL the traffic will go to
>> Group1 only.
>> Now do i have to have a squid server for each WAN connection?
> No.
>
>> Or is there a way to have all the clients go via the proxy, and the
>> proxy chooses the WAN connection that matches the clients routing mark?
>
> You can emit TOS/Diffserv values from Squid back to the router using
> tcp_outgoing_tos which tell the router which group each particular
> connection is part of.
>
> Things to be aware of:
> * HTTP persistence - any given TCP connection PROBABLY contains
> multiple request transactions.
> * HTTP multiplexing - any client->Squid request MAY go out any
> Squid->Internet connection. Squid ensure that the destination server
> and port are identical. But any two clients trying to reach the same
> server may share a connection.
> * TOS is applied per-request - an existing connection MAY be labeled
> 0x1 when it is setup and change to 0x2 halfway, then switch back to
> 0x1. Your routing setup needs to be capable of handling that. Many
> ISP, yours probably included, prohibit TCP connections switching. It
> operates this way because TOS is designed more for dynamic QoS speed
> limitations over a connection lifetime than routing it around.
>
> I highly recommend using squid-3.3 or later releases for this. With
> the newer releases you can set tcp_outgoing_address based on the
> incoming client details and Squid will ensure the persistent
> connection matches both src and dst on the outgoing connection. Which
> avoids all the above complications.
>
> Amos
> Dean Volt <mailto:voltdean_at_gmail.com>
> 11 October 2013 11:55 PM
> I have a network that serves internet to 60 clients, all go through a
> mikrotik rb which routes traffic according to MARK_ROUTING rule in
> mangle.
> So, Group1 goes thru WAN1, and Group2 goes thru WAN2 etc.
>
> Now i want to setup a squid proxy to optimize browsing, but if i mark
> routing of the squid ip to Group1, then ALL the traffic will go to
> Group1 only.
> Now do i have to have a squid server for each WAN connection?
> Or is there a way to have all the clients go via the proxy, and the
> proxy chooses the WAN connection that matches the clients routing mark?
>
> Dean Volt <mailto:voltdean_at_gmail.com>
> 11 October 2013 11:51 PM
> I have a network that serves internet to 60 clients, all go through a
> mikrotik rb which routes traffic according to MARK_ROUTING rule in
> mangle.
> So, Group1 goes thru WAN1, and Group2 goes thru WAN2 etc.
>
> Now i want to setup a squid proxy to optimize browsing, but if i mark
> routing of the squid ip to Group1, then ALL the traffic will go to
> Group1 only.
> Now do i have to have a squid server for each WAN connection?
> Or is there a way to have all the clients go via the proxy, and the
> proxy chooses the WAN connection that matches the clients routing mark?
>
Received on Mon Oct 14 2013 - 00:07:58 MDT
This archive was generated by hypermail 2.2.0 : Mon Oct 14 2013 - 12:00:09 MDT