Re: [squid-users] Re: Proxy parent failover

From: Amos Jeffries <squid3@dont-contact.us>
Date: Thu, 14 Feb 2008 13:49:52 +1300 (NZDT)

> On Feb 12, 2008 7:21 PM, Amos Jeffries <squid3@treenet.co.nz> wrote:
>> Josh wrote:
>> > Sorry for the re-post, keyboard went crazy :/
>> >
>> > A little schema of what i want to do:
>> >
>> > Squid proxy ------------------- Proxy Parent 1----Link1----- Internet
>> > |
>> > |---FO--- Proxy Parent 2 ----Link2-----
>> Internet
>> >
>> > if Link1 is available,
>> > Force squid proxy to go through parent 1 only
>> > if Link1 is not available,
>> > Force squid proxy to go through parent 2 only
>> >
>> > I can configure squid with multiple parents but it'll use them both at
>> > the same time.
>> > I couldn't figure out if there's a way to configure squid with
>> > multiple parents in "failover" mode...
>> >
>> > Hope you can give me some hints...
>>
>> Squid has a mode FIRST_UP_PARENT which is exactly what you describe.
>> I believe its the default unless you configure another selection method.
>> So what exactly do you have in your squid.conf for the cache_peer lines?
>> and what release of squid is this in?
>>
>> Amos
>> --
>> Please use Squid 2.6STABLE17+ or 3.0STABLE1+
>> There are serious security advisories out on all earlier releases.
>>
>
> Hi,
>
> Thanks for the replies.
> Please find below my configuration file for Squid Version 2.6.STABLE16.
> So I would need to add a cache_peer line to my conf:
> ....
> cache_peer 10.X.X.X parent 8080 0 default no-query no-digest
> no-netdb-exchange
> cache_peer 10.Y.Y.Y parent 8080 0 no-query no-digest no-netdb-exchange
> ....
>
> All the requests will go to 10.X.X.X unless it can't reach, am i
> correct to say that ?

I believe so:
  10.X.X.X
  10.Y.Y.Y
  DIRECT
  10.X.X.X default/last-resort (skipped? already tried)
  --> report failure.

Amos

>
> Thanks again,
> Josh
>
> squid.conf:
> --------------
> http_port 8080
> icp_port 0
> cache_peer 10.X.X.X parent 8080 0 default no-query no-digest
> no-netdb-exchange
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> cache_mem 1536 MB
> cache_swap_low 90
> cache_swap_high 95
> maximum_object_size 4096 KB
> maximum_object_size_in_memory 50 KB
> cache_replacement_policy heap LFUDA
> memory_replacement_policy heap GDSF
> cache_dir aufs /usr/local/squid/cache 60000 16 256
> access_log /usr/local/squid/logs/access.log squid
> hosts_file /etc/hosts
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> quick_abort_min 0 KB
> quick_abort_max 0 KB
> half_closed_clients off
> shutdown_lifetime 1 seconds
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 # https
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 8080
> acl purge method PURGE
> acl CONNECT method CONNECT
> acl snmppublic snmp_community public
> acl corpnet dstdomain .corp.local
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access allow CONNECT SSL_ports
> http_access allow Safe_Ports
> http_access deny all
> httpd_suppress_version_string on
> visible_hostname proxy
> memory_pools off
> log_icp_queries off
> client_db off
> buffered_logs on
> never_direct deny corpnet
> never_direct allow all
> snmp_port 3401
> snmp_access allow snmppublic
> snmp_access deny all
> snmp_incoming_address 127.0.0.1
> coredump_dir /usr/local/squid/logs
> pipeline_prefetch on
>
Received on Wed Feb 13 2008 - 17:49:56 MST

This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:05 MST