[squid-users] High-Availability in Squid

[Amos Jeffries]

On 30/08/2015 3:58 p.m., Ashish Mukherjee wrote:
> Why should Squid take care of HA though? Isn't it the responsibility of the
> Website to ensure its uptime? Even if used as a reverse proxy, Apache may
> do a better job at this, since one can do more sophisticated configurations
> with mod_proxy.

The hint is in the name of that module: mod_*proxy*.

HA is an outcome of using any one or more of several _proxy features_.

Squid is a proxy. The purpose of mod_proxy is to hack/squash/ proxy
gateway capabilities (ie Squid functionality) into a piece of origin
server software (Apache).

Would you expect a dedicated/designed piece of proxy software or an
'other' software design with add-on tacked into it to actually be better
at the proxying functionality?

Sure you can use the other softwares add-on *if* it performs the
function correctly and sufficiently for your needs. But that does not
make it the function any less a proxy mechanism.

On the other end Browsers also have HA functionality they call "Happy
Eyeballs". Varuous downloaders and app update serices try to do IP-based
filovers and recovery. And it call causes no end of trouble to the real
proxies in the middle just doing their job properly.

Amos

> 
> On Sun, Aug 30, 2015 at 3:56 AM, Kinkie wrote:
> 
>> Hi,
>>   please see http://wiki.squid-cache.org/Features/MonitorUrl.
>> It's available in squid 2.6 , and is one of the last few features who
>> haven't yet made it to Squid 3.X. If anyone is interested, code and
>> sponsorships are always welcome :)
>>
>> On Thu, Aug 27, 2015 at 12:10 PM, Imaginovskiy wrote:
>>
>>> Hi all,
>>>
>>> Bit of a strange one but I'm wondering if it's possible to have squid
>>> redirect a site to a secondary backend server if the primary is down.

Yes it is. This is one of the core functionalities of proxying and so
well integrated there is *no* special configuration needed. In fact you
have to explicitly configure alternative if you want to avoid it.

>>> Have
>>> been looking into this but haven't seen much similar to this. Currently I
>>> have my setup along the lines of this;
>>>
>>> Client -> Squid -> Backend1
>>>
>>> but in the event that Backend1 is down, the following should be done;
>>>
>>> Client -> Squid -> Backend2
>>>
>>> Is squid capable of monitoring connections to peer or redirecting based on
>>> an ACL looking for some HTTP error code?

I would almost bet you already have it setup in your squid.conf:

 cache_peer Backend1.example.com ...
 cache_peer Backend2.example.com ...


Backend2 will be used only if Backend1 is detected as unavailable, or
starts getting overloaded/slow (yes the HA includes latency optimization
too), or starts returning some retriable status responses (most common
is 502).


Yes, simply the line order itself. Everything else is just tuning of the
HA parameters.

To prevent flapping there is a default of 10 requests that need to have
failed (in a row) before the 'dead' detection kicks in to send 100% to
Backend2. Those 10 will make TCP connect attempts to Backend1 before
retrying with Backend2 (if enough time remains in the forward_timeout).
That is configurable, see cache_peer documentation for timeouts and
failure options. background-ping may also be of interest to you.


You can improve further by using DNS-based HA availability. Pointing
each Backend1 and Backend2 domain names at multiple IPs. But be wary of
those Browsers and their (overly) "Happy eyeballs".

Amos