Re: [squid-users] tcp_outgoing_address issue how to deny traffic to other IPs
Hi Alex, Ivan, I finally found time to change/test the squid config to load balance on outgoing IPs, and thanks you very much it works very good. All traffic is not output according to the rules to the right IPs. Other question I will open a new thread. Many many thanks. Patrick Le 23/02/2018 à 00:09, Alex Rousskov a écrit : On 02/22/2018 02:52 PM, Ivan Larionov wrote: Your balancing rules are incorrect. This is how we balance 30% per IP: You won the race! Perhaps our similar emails will increase the page rank of the correct answers to this FAQ. :-). Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] tcp_outgoing_address issue how to deny traffic to other IPs
On 02/22/2018 02:52 PM, Ivan Larionov wrote: > Your balancing rules are incorrect. This is how we balance 30% per IP: You won the race! Perhaps our similar emails will increase the page rank of the correct answers to this FAQ. :-). Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] tcp_outgoing_address issue how to deny traffic to other IPs
On 02/22/2018 11:15 AM, Patrick Chemla wrote: > acl Percent001 random 1/5 > acl Percent002 random 1/5 > acl Percent003 random 1/5 > acl Percent004 random 1/5 > acl Percent005 random 1/5 It is trivial to google up wrong configurations. Think about it: Giving the same "random 1/5" ACL five different names does not make sense, regardless of what you are trying to do! As I will show below, you need 4 different ACLs instead (plus "all"): acl OneFifth random 1/5 acl OneFourth random 1/4 acl OneThird random 1/3 acl OneHalf random 1/2 > tcp_outgoing_address XX.3X.YYY.10 Percent001 > tcp_outgoing_address XX.X3.YYY.21 Percent002 > tcp_outgoing_address XX.5X.YYY.31 Percent003 > tcp_outgoing_address XX.X9.YYY.34 Percent004 > tcp_outgoing_address XX.5X.YYY.38 Percent005 ... and if none of the *random* ACLs match? You need to make sure that one of the ACLs matches. That cannot be done with random ACLs alone. You also need to get your probabilities right: tcp_outgoing_address XX.3X.YYY.10 OneFifth tcp_outgoing_address XX.X3.YYY.21 OneFourth tcp_outgoing_address XX.5X.YYY.31 OneThird tcp_outgoing_address XX.X9.YYY.34 OneHalf tcp_outgoing_address XX.5X.YYY.38 all If the above looks strange, recall that the first matching tcp_outgoing_address rule/line wins, and the rules are tested individually and independently in the order they appear in squid.conf. The rest is basic probability theory, but it may also think about it in step-by-steps terms: 1. Given that there are five possible addresses, how much traffic should the first out of those five address receive? Obviously 1/5. 2. Now, if the first rule did not match, then there are four addresses left. Given that there are four possible addresses, how much traffic should the first out of those four address receive? Obviously 1/4. ... > When I look at the log, or using network tcpdump analyzer, I can see > that there is squid outgoing traffic on this IP Yes, AFAICT, your rules did not tell Squid to use a specific secondary IP in 33% of cases: (1-1/5)^5 = 0.33 HTH, Alex. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] tcp_outgoing_address issue how to deny traffic to other IPs
Your balancing rules are incorrect. This is how we balance 30% per IP: # 33% of traffic per local IP acl third random 1/3 acl half random 1/2 tcp_outgoing_address X.X.X.2 third tcp_outgoing_address X.X.X.3 half tcp_outgoing_address X.X.X.4 Read https://wiki.squid-cache.org/Features/AclRandom. Basically for 1/5 you need something like this: acl fifth random 1/5 acl fourth random 1/4 acl third random 1/3 acl half random 1/2 tcp_outgoing_address XX.3X.YYY.10 fifth tcp_outgoing_address XX.X3.YYY.21 fourth tcp_outgoing_address XX.5X.YYY.31 third tcp_outgoing_address XX.X9.YYY.34 half tcp_outgoing_address XX.5X.YYY.38 On Thu, Feb 22, 2018 at 10:15 AM, Patrick Chemla < patrick.che...@performance-managers.com> wrote: > Hi, > > I have googled for days and can't find the right settings to distribut > outgoing requests over part on local IPs of my server. > > This is my conf I built according to what I found on docs and forums: > > > Squid Cache: Version 4.0.17 > > > > blablabla > > blablabla > > blablabla > > > > acl Percent001 random 1/5 > acl Percent002 random 1/5 > acl Percent003 random 1/5 > acl Percent004 random 1/5 > acl Percent005 random 1/5 > > server_persistent_connections off > > > tcp_outgoing_address XX.3X.YYY.10 Percent001 > tcp_outgoing_address XX.X3.YYY.21 Percent002 > tcp_outgoing_address XX.5X.YYY.31 Percent003 > tcp_outgoing_address XX.X9.YYY.34 Percent004 > tcp_outgoing_address XX.5X.YYY.38 Percent005 > > balance_on_multiple_ip on > > forwarded_for delete > via off > > My problem is that this server as > > - a main IP MA.IN.IP.00 of course > > - a locahost 127.0.0.1 of course > > - some secondary IPs attached to the same interface as the main IP > > > The input traffic comes through one of the secondaries, and I need the > output traffic to get out randomly through other secondaries IPs, not any > squid traffic from the main IP. > > When I look at the log, or using network tcpdump analyzer, I can see that > there is squid outgoing traffic on this IP, and I can't find how to deny > tcp_outgoing_address to be on the main IP. > > I hope it's clear, and I need help after I searched for days many > combinations. > > Many thanks > > Patrick > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -- With best regards, Ivan Larionov. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] tcp_outgoing_address issue how to deny traffic to other IPs
Hi, I have googled for days and can't find the right settings to distribut outgoing requests over part on local IPs of my server. This is my conf I built according to what I found on docs and forums: Squid Cache: Version 4.0.17 blablabla blablabla blablabla acl Percent001 random 1/5 acl Percent002 random 1/5 acl Percent003 random 1/5 acl Percent004 random 1/5 acl Percent005 random 1/5 server_persistent_connections off tcp_outgoing_address XX.3X.YYY.10 Percent001 tcp_outgoing_address XX.X3.YYY.21 Percent002 tcp_outgoing_address XX.5X.YYY.31 Percent003 tcp_outgoing_address XX.X9.YYY.34 Percent004 tcp_outgoing_address XX.5X.YYY.38 Percent005 balance_on_multiple_ip on forwarded_for delete via off My problem is that this server as - a main IP MA.IN.IP.00 of course - a locahost 127.0.0.1 of course - some secondary IPs attached to the same interface as the main IP The input traffic comes through one of the secondaries, and I need the output traffic to get out randomly through other secondaries IPs, not any squid traffic from the main IP. When I look at the log, or using network tcpdump analyzer, I can see that there is squid outgoing traffic on this IP, and I can't find how to deny tcp_outgoing_address to be on the main IP. I hope it's clear, and I need help after I searched for days many combinations. Many thanks Patrick ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
