Re: Two squids on the same cache?

On Tue, 27 Aug 1996, Dirk Lutzebaeck wrote:

> > A. two dynamic IPs connected at the same time? and how do you decide which
> > one to route out from?!
>
> Hopefully one squid takeshis own route by using tcp_outgoing_address
> I suppose.

ahem... problem here.
the tcp_outgoing_address (which realy defines an IP outgoing address,
duh!) does the following:

you machine has addresses a.a.a.a, a.a.a.b and a.a.a.c, and when you
connect the squid to another site/perent squid to poll a page,
tcp_outgoing_address will force this address to look as if it was the
sender and not another address, usually this is more usefull when you have
addresses in different networks, and the parent squid or local intranet
server won't reply your request unless you have an address in his Class C.

in short: this defines what address your squid seems to have when polling
distant sites, it does NOT dictate which line his request exits (that's
for your routing mechanism to decide) but is sure will dictate which route
it will return through. note that this could cause problems depending on
your ISP's setup, and is pretty problematic to set up with dynamic IP...

considder this scenario:

ISP A Network= a.b.0.0
------
\
  \
    \ ________________________________________
      \ | - /dev/eth0
       (`r'andom address a.b.r.r of router - LAN is on
                    | Squid - Internal
                    | Cache - 10.x.x.x
       (`r'andom address c.d.r.r of router - addr. range
      / | -
    / |_______________________________________
  /
------
ISP B Network= c.d.0.0

A. you connect the system, each ISP gives you the random IP address de
        jours (I expect this happens at least 5 times a week when you start the
        business day?)
B. the routing table is set (I still need info on how you perform this
        trick)
C. a smart script updates the two random IP addresses into the squid
        configs and fires them up (assuming they are not up YET)
D. a cache miss produces a request to be sent out. you know the requested
        site is faster through ISP A, so you send it through the squid on the
        a.b.r.r address.
E. the kernel routing table decides there are less hopes to that server
        through ISP B, and sends the packet out there.
F. you are lucky enough and ISP B doesn't have firewall or a smart PPP
        engine on his terminal server, and a packet from a.b.r.r actually
        gets routed even though it was not supposed to come from inside
        his c.d.0.0 network, let alone from your c.d.r.r connection.
G. the remote site recieves the request and replys your squid, naturally
        to a.b.r.r, and so routing the packet through ISP A.
H. ISP A miracleously hasn't installed his firewall very well either and
        doesn't notice a tcp packet just got routed to a host without a
        conversation ever starting (legal, but some firewalls, good
        firewalls, do mind).
I. finally, it miraclously doesn't confuse your machine's routing code
        either that a conversation started with a TCP packet from one
        interface and was replied from another.
J. Squid gets the info and sends it to you...

somehow this seems shaky....

   -------------------------------------------------------------
   Ira Abramov <ira@scso.com> Scalable Solutions
   SITE Web Presence ("webspace for rent") http://www.site.co.il
   Beeper 48484 at 03-610-6666, 02-6294-666 FAX (972)2-643-0471
   POBox 3600, Jerusalem 91035, Israel Tel (972)2-642-6822
   http://www.scso.com/~ira Check out: http://www.linux.org.il
Received on Tue Aug 27 1996 - 07:14:26 MDT