Hello, We are running two squid servers (squid 2.7 stable 9) and want to have cache peering between each other. Both have static real IP addresses and sits in the same LAN. Bandwidth management for users are done by Mikrotik 3.30 which has a WAN IP of the same subnet and also sits in the same LAN as the squid servers. Users are connected from Mikrotik LAN interface running PPPoE servers. We are re-directing HTTP requests from users to the squid server using DNAT to the squid's real IP + port 3128. Also note that we are also using the ZPH facility of Squid to mark cache hit packets in Mikrotik, and allowing unlimited bandwidth for hit objects.
Proxy1 squid.conf :- acl localnet src 10.10.0.0/16 10.15.0.0/16 172.16.0.0/16 192.168.0.0/16 acl gateway02 src XXX.XXX.38.248/32 http_access allow gateway02 icp_access allow gateway02 miss_access deny gateway02 tcp_outgoing_tos 0x30 localnet zph_mode tos zph_local 0x30 zph_sibling 0x31 zph_parent 0 zph_option 136 cache_peer XXX.XXX.38.248 sibling 3128 3130 proxy-only and similarly we have Proxy2 squid.conf :- acl localnet src 10.10.0.0/16 10.15.0.0/16 172.16.0.0/16 192.168.0.0/16 acl gateway01 src XXX.XXX.38.245/32 http_access allow gateway01 icp_access allow gateway01 miss_access deny gateway01 tcp_outgoing_tos 0x30 localnet zph_mode tos zph_local 0x30 zph_sibling 0x31 zph_parent 0 zph_option 136 cache_peer XXX.XXX.38.245 sibling 3128 3130 proxy-only Mikrotik Setting :- /ip firewall mangle add action=mark-packet chain=prerouting disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no comment="Cache Hit Packets" /queue tree add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=0 name=pmark packet-mark=proxy-hit parent=global-out priority=8 queue=default Proxy1 is a new machine, and doesn't have any cache objects in it, because it hasn't been in the service yet. Proxy2 is a old machine, and have a substantial large cache inside it. When I use proxy2 to browse and download, I get the proxy2 objects fast because the zph_local is working and mikrotik can also mark the hit packets properly. Again I clear my browser cache, and tried to browse using proxy1, browsed the same websites are already in cache by proxy2, and I get SIBLING_HIT. Here's the log. 1327761343.689 2663 10.15.180.16 TCP_MISS/200 6299190 GET http://sound21.mp3pk.com/indian/jodibreakers/jodi-breakers08(www.songs.pk).mp3 - SIBLING_HIT/XXX.XXX.38.248 audio/mpeg But, its downloading very slowly, and downloading at the speed where I have set the RX/TX limit for that particular package. That means ZPH is not working. To investigate more, I tried to take tcpdump report from proxy1. Using tcpdump -vni eth1 | grep 'tos 0x31' i got zero results. Its not marking anything with 0x31. AGain I used tcpdump -vni eth1 | grep 'tos 0x30' while browsing those websites which are actually cached by proxy2, but accessed by proxy1. I get results like this:- 20:43:25.324668 IP (tos 0x30, ttl 64, id 27401, offset 0, flags [DF], proto TCP (6), length 40) 20:43:25.324814 IP (tos 0x30, ttl 64, id 7570, offset 0, flags [DF], proto TCP (6), length 40) 20:43:25.324834 IP (tos 0x30, ttl 64, id 51042, offset 0, flags [DF], proto TCP (6), length 40) 20:43:25.325749 IP (tos 0x30, ttl 64, id 17589, offset 0, flags [DF], proto TCP (6), length 290) 20:43:25.325845 IP (tos 0x30, ttl 64, id 47388, offset 0, flags [DF], proto TCP (6), length 290) 20:43:25.325928 IP (tos 0x30, ttl 64, id 46825, offset 0, flags [DF], proto TCP (6), length 290) 20:43:25.326010 IP (tos 0x30, ttl 64, id 27402, offset 0, flags [DF], proto TCP (6), length 290) Proxy1 configuration file says that local hits should be 0x30 .... and sibling hits should be 0x31, so why is proxy1 marking 0x30 for those packets which are actually SIBLING_HITS and not local hits. Even though its marking 0x30 for SIBLING_HIT .. Mikrotik still can't identify the proxy-hit packets, and therefore the download is slow. I may have confused you with lots of information, but the main fact is, I am unable to get the ZPH working with the SIBLING_HIT. Some Additional information : Few months before I used Squid 3.1 in both proxy servers and ZPH did work SIBLING_HIT. But its not working working in Squid 2.7 Please advise. Thanks & Regards, Saiful
