[squid-users] tcp_outgoing_address issue how to deny traffic to other IPs

Ivan Larionov xeron.oskom at gmail.com
Thu Feb 22 21:52:12 UTC 2018 

Your balancing rules are incorrect. This is how we balance 30% per IP:

# 33% of traffic per local IP
acl third random 1/3
acl half random 1/2

tcp_outgoing_address X.X.X.2 third
tcp_outgoing_address X.X.X.3 half
tcp_outgoing_address X.X.X.4

Read https://wiki.squid-cache.org/Features/AclRandom.

Basically for 1/5 you need something like this:

acl fifth random 1/5
acl fourth random 1/4
acl third random 1/3
acl half random 1/2

tcp_outgoing_address XX.3X.YYY.10 fifth
tcp_outgoing_address XX.X3.YYY.21 fourth
tcp_outgoing_address XX.5X.YYY.31 third
tcp_outgoing_address XX.X9.YYY.34 half
tcp_outgoing_address XX.5X.YYY.38


On Thu, Feb 22, 2018 at 10:15 AM, Patrick Chemla <
patrick.chemla at performance-managers.com> wrote:

> Hi,
>
> I have googled for days and can't find the right settings to distribut
> outgoing requests over part on local IPs of my server.
>
> This is my conf I built according to what I found on docs and forums:
>
>
> Squid Cache: Version 4.0.17
>
> ------------
>
> blablabla
>
> blablabla
>
> blablabla
>
> ------------
>
> acl Percent001 random 1/5
> acl Percent002 random 1/5
> acl Percent003 random 1/5
> acl Percent004 random 1/5
> acl Percent005 random 1/5
>
> server_persistent_connections off
>
>
> tcp_outgoing_address XX.3X.YYY.10 Percent001
> tcp_outgoing_address XX.X3.YYY.21 Percent002
> tcp_outgoing_address XX.5X.YYY.31 Percent003
> tcp_outgoing_address XX.X9.YYY.34 Percent004
> tcp_outgoing_address XX.5X.YYY.38 Percent005
>
> balance_on_multiple_ip on
>
> forwarded_for delete
> via off
>
> My problem is that this server as
>
> - a main IP MA.IN.IP.00 of course
>
> - a locahost 127.0.0.1 of course
>
> - some secondary IPs attached to the same interface as the main IP
>
>
> The input traffic comes through one of the secondaries, and I need the
> output traffic to get out randomly through other secondaries IPs, not any
> squid traffic from the main IP.
>
> When I look at the log, or using network tcpdump analyzer, I can see that
> there is squid outgoing traffic on this IP, and I can't find how to deny
> tcp_outgoing_address to be on the main IP.
>
> I hope it's clear, and I need help after I searched for days many
> combinations.
>
> Many thanks
>
> Patrick
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>



-- 
With best regards, Ivan Larionov.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180222/a2e47716/attachment.html>

More information about the squid-users mailing list