On 11/07/2013 2:54 a.m., Nishant Sharma wrote:
> Hi,
>
> I have two parent proxies configured. Parent 1 is on a faster link while
> Parent 2 is on a DSL.
>
> Squid 3.1.20 is the child proxy while Parent proxies are 3.1.6.
>
> I have some domains which need higher priority and should be failed-over
> and rest all of the traffic can be load-balanced.
>
> Here is my configuration snippet:
>
> -----------------
> cache_peer 10.27.0.1 parent 8082 0 no-query no-digest connection-auth=on
> login=PASSTHRU round-robin proxy-only
>
> cache_peer 10.28.0.1 parent 8082 0 no-query no-digest connection-auth=on
> login=PASSTHRU round-robin proxy-only
>
> prefer_direct off
> nonhierarchical_direct off
>
> cache_peer_access 10.27.0.1 allow highpriodomains
> cache_peer_access 10.27.0.1 deny bulkupdatedomains
>
> cache_peer_access 10.28.0.1 allow bulkupdatedomains
>
> cache_peer_access 10.27.0.1 allow all
> cache_peer_access 10.28.0.1 allow all
> ------------------
>
> I would like highpriodomains to go to Parent 1 (10.27.0.1) and only go
> to Parent 2 (10.28.0.1) when Parent 1 is detected dead. But when I see
> the logs on the Parents, I see requests to highpriodomains also getting
> load-balanced.
You configured "round-robin".
http://wiki.squid-cache.org/Features/LoadBalance#Round-Robin
>
> Also, when either of the parent is detected dead, all traffic should go
> to the live Parent, while bulkupdatedomains can take a hit for the time
> while faster link Parent is down.
>
> Could someone please suggest the ACLs/configuration that I can put in
> place to achieve what I want to?
I don't think that will be possible in exactly that way.
You can set a failover preference by ordering the peers in squid.conf
like above and also push the bulk traffic to using the #2 peer with a
deny like above. But you cannot "undo" that denial once it has been
configured.
To achieve your policy, but without bulk being able to failover, simply:
* remove the "round-robin" option from your cache_peer lines.
NOTE: for better performance you can remove cache_peer_access rule sets
which *only* contain "allow" rules. Such as the rules for peer
10.28.0.1. Squid default is to allow so processing a lot of ACL checks
to do the default operation is just a waste of CPU cycles.
Also, unless highpriodomains is whitelisting some sub-domains in
bulkupdatedomains you can remove the two allow rules on peer 10.27.0.1
as well. Just deny the bulk sites and let the rest of the traffic go to
that peer.
Amos
Received on Thu Jul 11 2013 - 02:18:58 MDT
This archive was generated by hypermail 2.2.0 : Thu Jul 11 2013 - 12:00:24 MDT