[squid-users] Squid in Private Network and Multiple WAN (Best Load Balance Solution).

[Amos Jeffries]

On 14/03/2017 6:33 a.m., Darvin Rivera Aguilar wrote:
> Hi,
> I have my public squid ip (1.1.1.1:3128) on my local network and 4 wan
> address. Two wan address (2.2.2.1 and 2.2.2.3) for Education Network
> (example: acl for .edu site); and other two network (3.3.3.1 and
> 4.4.4.1) for General Porpuse (example: the rest of navegation... .com,
> .org...)

Load Balancing in the proxy is the wrong solution for this. There is
nothing to balance. What you are looking for is routing.

Do you have 2 or 4 physical WAN uplinks being used for this?

If 2 uplinks;

Then having two IPs on each does not matter. Just pick one IP that Squid
will use for each traffic type and select it with tcp_outgoing_address
like so:

 acl Education_Network dstdomain .edu
 tcp_outgoing_address 2.2.2.1 Education_Network
 # other traffic
 tcp_outgoing_address 3.3.3.1



If 4 uplinks - i.e. by two IP's you actually mean there are two uplinks
for each type of traffic;

The best approach here is to leave the load balancing in the TCP stack,
but have the proxy doing traffic classification so that TCP stack knows
where each connection / flow is needing to go.

In squid.conf use tcp_outgoing_tos directive with a dstdomain ACL
matching the Education to classify the traffic types (Education vs
General). Like so:

 acl Education_Network dstdomain .edu
 tcp_outgoing_tos 0x10 Education_Network
 # other traffic
 tcp_outgoing_tos 0x20


Then you just need TCP networking rules to use the 0x10 or 0x20 to load
balance between the two uplinks for that type of traffic.

The exact outgoing IP address does not matter to the proxy, so long as
the kernel assigns a correct one for the uplink which is going to be used.


HTH
Amos