[squid-users] Use ICP RTT with HTTPS request

Alex Rousskov rousskov at measurement-factory.com
Fri Sep 23 14:52:38 UTC 2022 

On 9/23/22 10:30, Théo BARRAGUE wrote:

> How can I say "please, use ICP for RTT sharing like you did with
> HTTP" ?

AFAICT, Squid tries to use NetDB on both HTTP and HTTPS paths, but 
something probably goes wrong somewhere. The easiest way to figure this 
out may be to analyze debugging cache.log while reproducing the problem 
with a single transaction.

https://wiki.squid-cache.org/SquidFaq/BugReporting#Debugging_a_single_transaction

Beyond that, I do not have any good triage ideas. You may want to share 
Cache Manager mgr:server_list page for additional clues. Does changing 
the order of cache_peer lines in squid.conf change the outcome?


Cheers,

Alex.



> I'm trying to setup ICP exchange with HTTPS request.
> With my current setup (no ssl bumping) I can't use ICP for cache but it 
> may be possible for RTT.
> My goal is to use the closest parent to establish the connection.
> 
> My configuration look like :
> 
>     cache_peer 127.0.0.1 parent 3129 3131 no-digest proxy-only
>     name=same-server
>     cache_peer_access same-server allow all
> 
>     cache_peer w.x.y.z parent 3129 3131 no-digest proxy-only
>     name=pair-server
>     cache_peer_access pair-server allow all
> 
>     query_icmp on
>     never_direct allow all
> 
> 
> It works great for http, when I curl for the first time i got that :
> 
>     same-server
>     Network                                        recv/sent     RTT
>       Hops Hostnames
>     142.251.40.0                                      1/   1   121.0
>       14.0 www.google.fr
> 
>     pair-server
>     Network                                        recv/sent     RTT
>       Hops Hostnames
>     172.253.122.0                                     1/   1    94.0
>       23.0 www.google.fr <http://www.google.fr>
> 
> 
> Next requests will go through pair-server, example :
> 
>     same-server
>     Network                                        recv/sent     RTT
>       Hops Hostnames
>     142.251.40.0                                      1/   1   121.0
>       14.0 www.google.fr
> 
>     pair-server
>     Network                                        recv/sent     RTT
>       Hops Hostnames
>     172.253.122.0                                    10/  10    93.1
>       23.0 www.google.fr <http://www.google.fr>
> 
> 
> But for HTTPS, squid is able to determine hostname and network but 
> doesn't care about RTT sharing :
> 
>     same-server
>     Network                                        recv/sent     RTT
>       Hops Hostnames
>     149.202.190.0                                    10/   1     6.0
>       15.0 api.gouv.fr
> 
>     pair-server
>     Network                                        recv/sent     RTT
>       Hops Hostnames
> 
> 
> Even if I force a request though the pair-server to initiate NetDB, ICP 
> not used.

More information about the squid-users mailing list