[squid-users] Squid Cache_peer

Amos Jeffries squid3 at treenet.co.nz
Sun Sep 3 08:20:58 UTC 2017


On 03/09/17 17:37, Jonathan thomas Cho wrote:
> Hello, I seem to have a issue with cache peer. I have 2 parent IPS, 
> however, I want port 3128 to go to 1 parent while 3129 go to the second 
> parent.  Here is my current config, I hope you can adjust it for me. 

Not without understanding what it is you are actually trying to achieve. 
What you ask for above is satisfied by adding cache_peer_access rules.

BUT your explanation below of _why_ you want it indicates you may 
actually need something entirely different to what you are asking about.


> Thank you
> 
> Http_port 3128
> 
> http_port 3129
> 
> coredump_dir /var/spool/squid3
> 
> refresh_pattern ^ftp:       1440    20% 10080
> 
> refresh_pattern ^gopher:    1440    0%  1440
> 
> refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
> 
> refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
> 
> refresh_pattern .       0   20% 4320
> 
> cache_peer 1xx.xxx.xxx.xxx parent 3128 0 proxy-only no-query default 
> login=username:password name=user1
> 
> cache_peer 1xx.xxx.xxx.xxx parent 3128 0 proxy-only no-query default 
> login=username:password name=user2
> 
> never_direct allow all
> 
> as you can see, I’m not entirely sure on what to do to route each parent 
> ip to specific port so users cant use more ports than needed.
> 

That sentence does not compute.

a) there is no sign of any "user" in your config.

Squid does have credentials that is sends to each peer - but that has 
nothing to do with any human / user. It is a pair of *machine* 
credentials for Basic auth representing Squid itself.


b) You have not configured the standby= parameters which force Squid to 
open more connections than it needs. So your Squid already does require 
every single port it opens to those peers.
  ie It is not possible for this Squid to be encountering the problem 
you say your are trying to avoid.


Also, Squid uses the multiplexing and pipeline mechanisms in HTTP. So 
any port opens to the peer *will* be used for multiple messages until 
one requires it to be closed.
  By manually configuring specific routing you are add limits to those 
mechanisms which are likely to result in *more* ports being used to each 
peer. Since Squid can no longer pipeline traffic contradictory to your 
rules even if peer #1 has no open ports and peer #2 has an open and 
available port waiting for messages such as the one your rules send to 
peer #1 - and vice versa.

So, you are apparently trying to work around a problem that this Squid 
cannot encounter by adding complexity that will cause it to happen.


Can you more clearly describe what exactly you are trying to achieve here?
  and what problem you have encountered (or think you might) that is 
behind your request?


Amos


More information about the squid-users mailing list