Re: [squid-users] Transparent proxy cache on BGP multihome

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Sat, 21 Jun 2014 15:25:02 +1200

On 21/06/2014 1:12 a.m., Omid Kosari wrote:
> I asked this question in
> http://serverfault.com/questions/606373/transparent-proxy-cache-on-bgp-multihome
> please answer me here or there .
>
> Provider A have transparent caching with squid .
>
> In the situation which a client has multihome BGP with provider A and
> provider B then client does not send its outgoing traffic (upload) to
> provider A but its incoming traffic (download) comes to/from provider A .
>
> In that situation what happens . clients will have problem to loading pages
> ? Cache works fine ?

Client may be intending the request to go on uplink B, but it gets
delivered to the proxy. The proxy outbound is being sent to uplink A.

To solve this you need to configure the proxy outbound traffic to send
on the right uplinks. That can be done in several ways:

 * latest releases of Squid use TCP_ORIGINAL_DST to ensure the proxy
outbound is destined to the same upstream server the cleint was
contacting. This allows any routing selection based on destination to
remain correct.

* squid.conf provides tcp_outgoing_tos directive to set TOS/DiffServ on
packets leaving the proxy. This allows any routing selection based on
TOS/DiffServ value to remain correct. May require kernel patching to
pass-thru values, or logic in squid.conf to re-decide which uplink to use.

* (Linux only) squid.conf provides tcp_outgoing_mark directive to set
iptabled MARK on packets leaving the proxy. This allows any routing
selection based on MARK value to remain correct.

* squid.conf provides tcp_outgoing_address directive to set source IP on
packets leaving the proxy. This allows any routing selection based on
source IP to work. Requires the proxy to have a unique outgoing IP for
each uplink.

Which one (or combination) you use depends on how you route the traffic
to each uplink.

Amos
Received on Sat Jun 21 2014 - 03:25:29 MDT

This archive was generated by hypermail 2.2.0 : Sat Jun 21 2014 - 12:00:04 MDT