Hello,
I'm trying to configure squid to use a random ip for outgoing packets.
My hardware configuration is :
(internet)-----(gateway)-----(proxy squid)
Gateway only translates 192.168.1.X addresses to public addresses. I
have tested that a simple squid configuration (without round robin)
works like a charm. When I try to add round robin, all requests always
use the same outgoing address (!). Proxy has one ethernet interface with
one real address (192.168.1.72) and four virtual addresses (192.168.1.73
to 192.168.1.76). Squid (2.7) runs on a linux sparc operatic system.
In log file, I have :
1359971947.744 183 62.240.247.32 TCP_MISS/200 8206 GET
http://www.rpl2.org/img/gotcha.png - ROUNDROBIN_PARENT/192.168.1.74
image/png
1359971948.575 1004 192.168.1.73 TCP_MISS/301 890 GET
http://www.rpl2.fr/cgi-bin/cvsweb/rpl - DIRECT/213.41.184.253 text/html
1359971948.576 1006 62.240.247.32 TCP_MISS/301 1047 GET
http://www.rpl2.fr/cgi-bin/cvsweb/rpl - ROUNDROBIN_PARENT/192.168.1.73
text/html
1359971949.217 613 192.168.1.73 TCP_MISS/200 3044 GET
http://www.rpl2.fr/cgi-bin/cvsweb/rpl/ - DIRECT/213.41.184.253 text/html
1359971949.218 614 62.240.247.32 TCP_MISS/200 3201 GET
http://www.rpl2.fr/cgi-bin/cvsweb/rpl/ - ROUNDROBIN_PARENT/192.168.1.76
text/html
1359971949.341 104 192.168.1.73 TCP_MISS/200 1574 GET
http://www.rpl2.fr/cvsweb/css/cvsweb.css - DIRECT/213.41.184.253 text/css
1359971949.369 132 62.240.247.32 TCP_MISS/200 1731 GET
http://www.rpl2.fr/cvsweb/css/cvsweb.css -
ROUNDROBIN_PARENT/192.168.1.75 text/css
1359971949.370 122 192.168.1.73 TCP_MISS/200 657 GET
http://www.rpl2.fr/cvsweb/icons/back.gif - DIRECT/213.41.232.237 image/gif
1359971949.395 148 62.240.247.32 TCP_MISS/200 814 GET
http://www.rpl2.fr/cvsweb/icons/back.gif -
ROUNDROBIN_PARENT/192.168.1.74 image/gif
1359971949.436 40 192.168.1.73 TCP_MISS/200 666 GET
http://www.rpl2.fr/cvsweb/icons/dir.gif - DIRECT/213.41.232.237 image/gif
1359971949.470 74 62.240.247.32 TCP_MISS/200 823 GET
http://www.rpl2.fr/cvsweb/icons/dir.gif - ROUNDROBIN_PARENT/192.168.1.73
image/gif
1359971949.470 48 192.168.1.73 TCP_MISS/200 670 GET
http://www.rpl2.fr/cvsweb/icons/text.gif - DIRECT/213.41.184.253 image/gif
1359971949.505 84 62.240.247.32 TCP_MISS/200 827 GET
http://www.rpl2.fr/cvsweb/icons/text.gif -
ROUNDROBIN_PARENT/192.168.1.76 image/gif
1359971949.538 32 192.168.1.73 TCP_MISS/200 626 GET
http://www.rpl2.fr/cvsweb/icons/minigraph.png - DIRECT/213.41.184.253
image/png
1359971949.556 51 62.240.247.32 TCP_MISS/200 783 GET
http://www.rpl2.fr/cvsweb/icons/minigraph.png -
ROUNDROBIN_PARENT/192.168.1.75 image/png
If I understand this log file, round robin capability works fine and
first requests are sent to random peers. But why all second requests are
always routed to 192.1681.73 ? For example, the first line of my log
extract try to contact 192.168.1.74 peer and answer is returned by
192.168.1.73 and not by 192.168.1.74. Why ?
My configuration file is :
acl utilisateurs src <snip>
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 192.168.1.0/24
acl SSL_ports port 443 # https
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow utilisateurs
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 192.168.1.72:3128
http_port 192.168.1.73:3128
http_port 192.168.1.74:3128
http_port 192.168.1.75:3128
http_port 192.168.1.76:3128
acl src_73 src 192.168.1.73
acl src_74 src 192.168.1.74
acl src_75 src 192.168.1.75
acl src_76 src 192.168.1.76
tcp_outgoing_address 192.168.1.73 src_73
tcp_outgoing_address 192.168.1.74 src_74
tcp_outgoing_address 192.168.1.75 src_75
tcp_outgoing_address 192.168.1.76 src_76
acl first_req src 192.168.1.72
acl second_req src 192.168.1.73
acl second_req src 192.168.1.74
acl second_req src 192.168.1.75
acl second_req src 192.168.1.76
cache_peer 192.168.1.73 parent 3128 0 round-robin no-query
cache_peer 192.168.1.74 parent 3128 0 round-robin no-query
cache_peer 192.168.1.75 parent 3128 0 round-robin no-query
cache_peer 192.168.1.76 parent 3128 0 round-robin no-query
cache_peer_access 192.168.1.73 allow first_req
cache_peer_access 192.168.1.74 allow first_req
cache_peer_access 192.168.1.75 allow first_req
cache_peer_access 192.168.1.76 allow first_req
cache_peer_access 192.168.1.73 deny second_req
cache_peer_access 192.168.1.74 deny second_req
cache_peer_access 192.168.1.75 deny second_req
cache_peer_access 192.168.1.76 deny second_req
never_direct allow first_req
never_direct deny second_req
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid
balance_on_multiple_ip on
negative_ttl 0
Any help is welcome,
JB
