[squid-users] re-forwarding questions

Alex Rousskov rousskov at measurement-factory.com
Wed Oct 9 20:35:44 UTC 2019 

On 10/9/19 1:34 PM, Antonio SJ Musumeci wrote:
> I've a setup with N origin servers and N squid instances setup with the
> intent that each squid instance is logically associated with one of the
> origin servers and lists the other N-1 origin servers as other parents.
> Each origin has the same immutable data but spread across buildings. I
> only want them to reach out across buildings if the initial forward
> fails (or perhaps is overloaded). Initial tests seem to work but they
> always try the first origin server and when it fails (in this case with
> a 502 as the backend of a webservice is down) it tries the second.

Sounds good.


> It doesn't appear that there is a negative cache on the failure.

The peer up/down state is "cached", but

1) Squid does not treat an HTTP 502 response as a peer failure (even
though the request may be re-forwarded after a 502 response). Roughly
speaking, only TCP- and TLS-level failures are considered to be peer
failures. HTTP responses, regardless of their status code, do not
increment the peer failure counter AFAICT.

2) By default, a peer is not considered down after the first 9 peer
failures. See cache_peer connect-fail-limit.

There is also a (complicated) peer revival mechanism that may mark a
previously "down" peer as "up" even though there were no HTTP requests
sent to that peer IIRC. The details are complex and depend on the Squid
version.


> it doesn't cache the re-forward response (a 200). Is that expected?

I do not think it should be expected. The number of past/failed
forwarding attempts should not affect response cachability IMO.


> is it possible from the logs to see the name or hostname:port of the
> cache_peer being forwarded to?

The following logformat %codes may be helpful here (%<a is logged by
default and is given here for completeness sake):

  %<a  Server IP address of the last server or peer connection
  %<A  Server FQDN or peer name
  %<p  Server port number of the last server or peer connection

To log the last cache_peer_access match, you will need to use
annotate_transaction ACL and %note logformat code (where available).
However, IIRC, official Squids may evaluate the same matching
cache_peer_access rule many times per transaction, which may result in
confusing annotations.


HTH,

Alex.

More information about the squid-users mailing list