On 24/09/2013 9:06 a.m., Martín Ferco wrote:
> Hello,
>
> I'm trying to use DansGuardian together with Squid and load-balancing
> to use more than one ISP.
>
> I've been able to achieve this by using cache_peer, and I should be
> able to perform load balancing with the following two lines:
>
> {{{
> cache_peer squid-isp1 parent 13128 0 no-query round-robin sourcehash proxy-only
> cache_peer squid-isp2 parent 23128 0 no-query round-robin sourcehash proxy-only
> }}}
>
> These two cache-peers run on the same box, as you can see.
Problem #1:
round-robin is one type of peer selection, sourcehash is a different
type. Only one method will be used to select between these peers.
> I've also made sure that indirect options are set properly like this:
>
> acl_uses_indirect_client on
> delay_pool_uses_indirect_client on
> log_uses_indirect_client on
> follow_x_forwarded_for allow localhost
Problem #2:
notice how none of these options mention cache_peer or outbound
connections.
> I'm sure that's working fine as the logs show the correct information
> for different IP addresses (and not 127.0.0.1, where DansGuardian is
> running as well).
>
> Now, the problem with the original two lines is "sourcehash". It lookw
> like it's *NOT* using the 'indirect' feature. I've set squid debug
> options to "39,2", and the following is shown in the logs:
>
> {{{
> 2013/09/23 15:10:20| peerSourceHashSelectParent: Calculating hash for 127.0.0.1
> 2013/09/23 15:10:20| peerSourceHashSelectParent: selected squid-isp1
> 2013/09/23 15:10:20| peerSourceHashSelectParent: Calculating hash for 127.0.0.1
> 2013/09/23 15:10:20| peerSourceHashSelectParent: selected squid-isp1
> 2013/09/23 15:10:20| peerSourceHashSelectParent: Calculating hash for 127.0.0.1
> 2013/09/23 15:10:20| peerSourceHashSelectParent: selected squid-isp1
> 2013/09/23 15:10:21| peerSourceHashSelectParent: Calculating hash for 127.0.0.1
> 2013/09/23 15:10:21| peerSourceHashSelectParent: selected squid-isp1
> 2013/09/23 15:10:21| peerSourceHashSelectParent: Calculating hash for 127.0.0.1
> }}}
>
> So, basically, the IP where DansGuardian is running is being hashed,
> instead of the original one. When looking at the sourcecode for
> version 2.7.STABLE9 (the one I'm using), it looks like client_addr is
> used instead of the indirect one as the key in
> "src/peer_sourcehash.c":
>
> {{{
> key = inet_ntoa(request->client_addr);
> }}}
>
> This also seems to happen in the latest 3.3 version of squid.
>
> Could this be fixed by adding the following lines to that file, after
> that line shown above:
>
> {{{
> #if FOLLOW_X_FORWARDED_FOR
> key = inet_ntoa(request->indirect_client_addr;
> #endif /* FOLLOW_X_FORWARDED_FOR */
> }}}
>
> Are you aware of this problem, or am I doing something wrong?
It is not a problem per-se.
* sourcehash is a hashing algorithm based in inbound TCP connection details.
* "indirect client" feature is about network state of a TCP connection
unrelated to Squid.
If round-robin is sufficient for your needs I suggest dropping the
sourcehash entirely.
Also, I recommend an upgrade to the 3.3 Squid if you can. 2.7 is getting
very outdated.
Amos
Received on Tue Sep 24 2013 - 00:59:54 MDT
This archive was generated by hypermail 2.2.0 : Tue Sep 24 2013 - 12:00:04 MDT