[squid-users] "NF getsockopt(SO_ORIGINAL_DST)" filling cache.log due to AWS ELB healthchecks

John Smith burnncrashnow at gmail.com
Wed Nov 4 17:58:51 UTC 2015


Just to close the loop on this issue, I worked offline with Amos.  He was
able to help me to eliminate all the noise from cache.log, but only for
http traffic, not both http and https traffic using the same port, so I
ended up using my original configuration.  Amos indicated that I would need
to have http and https on different ports to make this work properly, but I
can't make that change.

My end result is that the AWS ELB healthcheck traffic is now pointed to a
different port so it does not get logged as 'noise' in cache.log, but every
single squid request still gets logged as 'noise'.  Still quite an

Thanks Amos and Eliezer for reaching out!

On Thu, Oct 29, 2015 at 2:31 PM, Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 30/10/2015 9:51 a.m., John Smith wrote:
> > The outbound traffic from the L1proxy instance in question connects to a
> > public IP / DNS name of an ELB in another AWS region.
> > We need to send some traffic to a different AWS region, thus the mess
> below:
> >
> > AWS instances (clients) ->
> > AWS internal ELB for L1 proxies -> AWS L1 proxy instances ->
> > a different AWS internal ELB for  L1 proxy cluster -> a different AWS L1
> > proxy instance (this is where we have the problem is with 'intercept or
> > transparent) ->
> > *One AWS region above, a different AWS region below*
> > AWS external (publicly addressable) ELB for L2 proxies in a different AWS
> > region -> AWS L2 proxy instances -> the Internet
> >
> > These AWS instances have both internal IPs and public IPs, and they don't
> > really know about their own public IPs.  That may be part or all of the
> > confusion.
> >
> > AWS ELBs are published as DNS names, they have multiple IPs, and we are
> > using DNS to connect to them.
> Okay. I suspect I know what is going on now. Before I confuse things any
> more by mentioning it...
> Could you send me a wireshark trace of a small bunch of the connections
> coming to Squid?  Along with the DNS name for the ELB the clients are
> connecting to.
> Amos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151104/55e8534a/attachment.html>

More information about the squid-users mailing list