[squid-users] help with tcp_outgoing_address trying to balace traffic based on username

Alberto Perez alberto2perez at gmail.com
Mon Apr 6 21:01:26 UTC 2015


Hi everyone
I've been trying to make a traffic load balancing between two links
based on username using tcp_outgoing_address

My squid setup only use authorization with an external_acl which
returns the username based on the client ip.

In my first failure trying to setup this, I found (with the help of
Amos) that tcp_outgoing_address only works with fast acls, so ext_user
acl doesn't work there, Amos recommend me to use NOTE acl for matching
annotations in transactions, at first it looks to work fine but now I
am realizing that only a very small part of the traffic is been going
through the correct link.

I can't find any good documentation related to note acl with some
samples or cases of usage, so I hope some one can correct my config
and/or point me the right direction to achieve this.


Inside my external acl I mark some users like this.
// if username is one of fast users
fwrite(STDOUT, "OK user=$username clt_conn_tag=55\n");

So theoretically both user and clt_conn_tag values can be matched with
NOTE ACL, as far as i know, I use also clt_conn_tag for testing but it
should be enough with user mark.


#this is fast users declaration tests ive tried with both commented
and uncommented acl.
acl nodo_users ext_user "/etc/squid3/users/nodo_users"
#acl fast_users note clt_conn_tag 55
acl fast_users note user "/etc/squid3/users/nodo_users"

nodo_users is a list of fast users,  the tcp_outgoing_address is used
like this

#fast link for fast users
tcp_outgoing_address xx.xx.xx.01 fast_users
# default slow link
tcp_outgoing_address xx.xx.xx.02

Traffic of fast users is intermitent between the two links and much
more using the slow link than the fast link (opposite than expected).
External ACL TTL is 3 sec, so I asume that the correct balancing is
made only when squid checks de acl and mark the request, but this mark
isnt persistent.

Please, any help with this will be appreciated.

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150406/70c9ca0b/attachment.html>


More information about the squid-users mailing list