[squid-users] Centralized Squid - design and implementation
Carlos Defoe
carlosdefoe at gmail.com
Tue Nov 18 11:35:39 UTC 2014
Well, you just wrote a load balancer in PHP, with a load balancing
algorithm in it. It serves the same purpose as HAproxy (I don't really
use HAproxy, so I don't know, but I use the F5 big-ip which is
perfectly capable of testing Internet links behind squid). In you
scheme, WPAD is being used to tell the clients where the load balancer
(a webserver with a php script) is, and PAC probably as the answer
format, which returns a currently valid proxy node address directly to
the client. But as far as I know, once the client gets the PAC answer,
it willl not refresh until the browser is restarted, so it might be a
small problem there.
But it is a good solution, as proved by your decade of using it, and
much cheaper than a F5. As for the DNS trick, it is intended to
increase high availability of the web servers that are serving
wpad.dat (or your php script), because if it runs on only one
webserver, at some point no clients will find anything at all.
Well, there's a lot of ways of doing the same thing, including ucarp,
squid cache_peer as Amos said... It's just a matter of picking the one
that fits.
On Tue, Nov 18, 2014 at 3:31 AM, Jason Haar <Jason_Haar at trimble.com> wrote:
> On 18/11/14 16:07, Carlos Defoe wrote:
>> As for my scenario, I also use wpad to configure some exceptions, some
>> clients that will use a completely different proxy, etc...
> Our "wpad.dat" is actually a PHP script which tests that the "official"
> proxy (per client subnet) is actually working (with caching of the
> results for performance reasons of course), if not it flicks them off to
> another site's proxy server. Much better than trying to do dynamic DNS
> tricks with a local HAproxy. ie if you have actually lost local Internet
> access due to an ISP outage, HAproxy isn't going to help. But if WPAD
> knows that a WAN-connected proxy is still working - why not point your
> users at that instead
>
> We've been doing this for 10+ years, 99% of the time it's never needed,
> but when it's needed, it works :-)
>
> --
> Cheers
>
> Jason Haar
> Corporate Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list