[squid-users] Mutliple Instance CARP Setup from Markus Meyer on 2010-02-26 (squid-users)

From: Markus Meyer <markus.meyer_at_koeln.de>
Date: Fri, 26 Feb 2010 11:13:40 +0100

Hi all,

I'm running tests with two CARP-Squids running on the same host and
followed the guidelines from below Wiki pages:
http://wiki.squid-cache.org/MultipleInstances
http://wiki.squid-cache.org/ConfigExamples/ExtremeCarpFrontend

This is my setup and some of those things I haven't found in the Wiki
articles. Beware that this is a setup for Debian! So some paths might be
different, especially the Init-script. I added the SNMP stuff since I
use Cacti to paint some nice graphs ;) I had to raise
net.ipv4.netfilter.ip_conntrack_max to a much higher value. Otherwise
you get into trouble and loose connections. In kern.log|dmesg it looks
like this: kernel: ip_conntrack: table full, dropping packet.

When I'm done torturing this set up I'll share the results.

Squid Configuration
===================
/etc/squid/squid.conf:
http_port 80 accel vport
snmp_port 4711
acl port80 port 80
http_access allow port80
access_log /var/log/squid/access.log

/etc/squid/squid81.conf:
http_port 81 accel vport
snmp_port 4766
acl port81 port 81
http_access allow port81
cache_log /var/log/squid/cache81.log
access_log /var/log/squid/access81.log
pid_filename /var/run/squid81.pid

Squid Init.d Scripts
====================
carp1:/etc/init.d# diff squid squid81
18c18
< NAME=squid

---
> NAME=squid81
22c22
< SQUID_ARGS="-D -YC"
---
> SQUID_ARGS="-D -YC -f /etc/squid/squid81.conf"
34c34
<       sq=/etc/squid/squid.conf
---
>       sq=/etc/squid/$NAME.conf
155c155
<       $DAEMON -k reconfigure
---
>       $DAEMON -k reconfigure -f /etc/squid/squid81.conf
SNMPD
=====
/etc/snmp/snmpd.conf:
# Squid on port 80
proxy -v 1 -c public localhost:4711 .1.3.6.1.4.1.3495.1
# Squid on port 81
proxy -v 1 -c public localhost:4766 .1.3.6.1.4.1.3496.1 .1.3.6.1.4.1.3495.1
IPTABLES
========
carp1:~# iptables -t nat -A PREROUTING -m tcp -p tcp --dport 80 -m
conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
carp1:~# iptables -t nat -A PREROUTING -p tcp -m statistic --mode random
--probability 0.5 -m tcp --dport 80 -j REDIRECT --to-ports 81
carp1:~#  iptables -t nat -n -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
ctstate RELATED,ESTABLISHED
REDIRECT   tcp  --  0.0.0.0/0            0.0.0.0/0           statistic
mode random probability 0.500000 tcp dpt:80 redir ports 81
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
KERNEL TUNING
=============
carp1:~# cat /etc/sysctl.conf
[...]
# drastically reduced TIME_WAITs!!!!!!!!!!
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
# keep track of a *lot* of connections
net.ipv4.netfilter.ip_conntrack_max = 131072
Peace and cheers,
Markus

Received on Fri Feb 26 2010 - 10:13:52 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 26 2010 - 12:00:11 MST