<font size=2 face="sans-serif">I have been attempting to setup a squid
forward proxy with one frontend and two backends as per configuration example
</font><a href="http://wiki.squid-cache.org/ConfigExamples/SmpCarpCluster"><font size=2 color=blue face="sans-serif">http://wiki.squid-cache.org/ConfigExamples/SmpCarpCluster</font></a>
<br>
<br><font size=2 face="sans-serif">My issue is that only the first attempt
comes from the cache and then additional requests are downloaded direct
by the frontend instead of from the backend caches. I suspect it is due
to a detected forwarding loop which shows up in the logs:</font>
<br>
<br><font size=2 face="sans-serif">2015/10/30 13:07:49.239 kid1| 44,3|
peer_select.cc(137) peerSelect: e:=XIWV/0x7f7bfee2e730*2 </font><a href=http://127.0.0.1:40/><font size=2 color=blue face="sans-serif">http://127.0.0.1:40</font></a><font size=2 face="sans-serif">02/squid-internal-dynamic/netdb</font>
<br><font size=2 face="sans-serif">2015/10/30 13:07:49.239 kid1| 20,3|
store.cc(466) lock: peerSelect locked key 64AAA11C8DEF57153B10BA2C9D2F3D60
e:=XIWV/0x7f7bfee2e730*3</font>
<br><font size=2 face="sans-serif">2015/10/30 13:07:49.240 kid1| 44,3|
peer_select.cc(441) peerSelectFoo: GET 127.0.0.1</font>
<br><font size=2 face="sans-serif">2015/10/30 13:07:49.240 kid1| 44,3|
peer_select.cc(468) peerSelectFoo: peerSelectFoo: direct = DIRECT_YES (forwarding
loop detected)</font>
<br><font size=2 face="sans-serif">2015/10/30 13:07:49.240 kid1| 44,3|
peer_select.cc(477) peerSelectFoo: peerSelectFoo: direct = DIRECT_YES</font>
<br><font size=2 face="sans-serif">2015/10/30 13:07:49.240 kid1| 44,2|
peer_select.cc(258) peerSelectDnsPaths: Find IP destination for: </font><a href="http://127.0.0.1:4002/squid-internal-dynamic/netdb'"><font size=2 color=blue face="sans-serif">http://127.0.0.1:4002/squid-internal-dynamic/netdb'</font></a><font size=2 face="sans-serif">
via 127.0.0.1</font>
<br>
<br><font size=2 face="sans-serif">I can force the backend caches to be
used successfully with this option "never_direct allow all" however
I would like to resolve the underlying issue.</font>
<br>
<br><font size=2 face="sans-serif">I have no iptables configured on this
server and have made sure the environment variable http_proxy is not set.
Also I have tested this on Squid 3.4.8 and 3.5.10 on Debian.</font>
<br>
<br><font size=2 face="sans-serif">My config is below:</font>
<br><font size=2 face="sans-serif">#/etc/squid/squid.conf#</font>
<br><font size=2 face="sans-serif">debug_options = ALL,3</font>
<br><font size=2 face="sans-serif">cachemgr_passwd eight22 all</font>
<br><font size=2 face="sans-serif">acl localnet src 10.1.0.0/16</font>
<br><font size=2 face="sans-serif">acl localnet src 10.2.0.0/16</font>
<br><font size=2 face="sans-serif">acl localnet src 192.168.0.0/23</font>
<br><font size=2 face="sans-serif">acl localnet src fe80::/10</font>
<br><font size=2 face="sans-serif">acl squid_servers src 10.1.209.0/24</font>
<br><font size=2 face="sans-serif">acl SSL_ports port 443
# https</font>
<br><font size=2 face="sans-serif">acl SSL_ports port 8443
# Unifi/Non-standard https</font>
<br><font size=2 face="sans-serif">acl SSL_ports port 5222
# Jabber</font>
<br><font size=2 face="sans-serif">acl SSL_ports port 10000
# Webmin</font>
<br><font size=2 face="sans-serif">acl SSL_ports port 10443
# Non-standard https</font>
<br><font size=2 face="sans-serif">acl SSL_ports port 18080
# PMX</font>
<br><font size=2 face="sans-serif">acl SSL_ports port 28443
# PMX</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 80
# http</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 21
# ftp</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 443
# https</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 70
# gopher</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 210
# wais</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 1025-65535 #
unregistered ports</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 280
# http-mgmt</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 488
# gss-http</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 591
# filemaker</font>
<br><font size=2 face="sans-serif">acl Safe_ports port 777
# multiling http</font>
<br><font size=2 face="sans-serif">acl CONNECT method CONNECT</font>
<br><font size=2 face="sans-serif">http_access deny !Safe_ports</font>
<br><font size=2 face="sans-serif">http_access deny CONNECT !SSL_ports</font>
<br><font size=2 face="sans-serif">workers 3</font>
<br><font size=2 face="sans-serif">if ${process_number} = 1</font>
<br><font size=2 face="sans-serif">include /etc/squid/squid-frontend.conf</font>
<br><font size=2 face="sans-serif">else</font>
<br><font size=2 face="sans-serif">include /etc/squid/squid-backend.conf</font>
<br><font size=2 face="sans-serif">endif</font>
<br><font size=2 face="sans-serif">http_access deny all</font>
<br><font size=2 face="sans-serif">refresh_pattern ^ftp:
1440 20% 10080</font>
<br><font size=2 face="sans-serif">refresh_pattern ^gopher:
1440 0% 1440</font>
<br><font size=2 face="sans-serif">refresh_pattern -i (/cgi-bin/|\?) 0
0% 0</font>
<br><font size=2 face="sans-serif">refresh_pattern .
0 20% 4320</font>
<br>
<br><font size=2 face="sans-serif">#/etc/squid/squid-frontend.conf#</font>
<br><font size=2 face="sans-serif">http_port 3128</font>
<br><font size=2 face="sans-serif">http_port 3129 tproxy</font>
<br><font size=2 face="sans-serif">http_access allow localhost manager</font>
<br><font size=2 face="sans-serif">http_access deny manager</font>
<br><font size=2 face="sans-serif">http_access allow localhost</font>
<br><font size=2 face="sans-serif">http_access allow localnet</font>
<br><font size=2 face="sans-serif">http_access allow squid_servers</font>
<br><font size=2 face="sans-serif">htcp_access allow squid_servers</font>
<br><font size=2 face="sans-serif">htcp_access deny all</font>
<br><font size=2 face="sans-serif">cache_peer 127.0.0.1 parent 4002 0 carp
login=PASS name=backend-kid2 no-query</font>
<br><font size=2 face="sans-serif">cache_peer 127.0.0.1 parent 4003 0 carp
login=PASS name=backend-kid3 no-query</font>
<br><font size=2 face="sans-serif">prefer_direct off</font>
<br><font size=2 face="sans-serif">nonhierarchical_direct off</font>
<br><font size=2 face="sans-serif">memory_replacement_policy heap LRU</font>
<br><font size=2 face="sans-serif">cache_mem 2048 MB</font>
<br><font size=2 face="sans-serif">access_log /var/log/squid3/frontend.access.log</font>
<br><font size=2 face="sans-serif">cache_log /var/log/squid3/frontend.cache.log</font>
<br><font size=2 face="sans-serif">visible_hostname frontend.cloud.solnet.nz</font>
<br>
<br><font size=2 face="sans-serif">#/etc/squid/squid-backend.conf#</font>
<br><font size=2 face="sans-serif">http_port 127.0.01:400${process_number}</font>
<br><font size=2 face="sans-serif">http_access allow localhost</font>
<br><font size=2 face="sans-serif">cache_mem 5 MB</font>
<br><font size=2 face="sans-serif">cache_replacement_policy heap LFUDA</font>
<br><font size=2 face="sans-serif">maximum_object_size 1 GB</font>
<br><font size=2 face="sans-serif">cache_dir rock /cache/rock 20480 max-size=32768</font>
<br><font size=2 face="sans-serif">cache_dir aufs /cache/${process_number}
20480 128 128 min-size=32769</font>
<br><font size=2 face="sans-serif">visible_hostname backend${process_number}.cloud.solnet.nz</font>
<br><font size=2 face="sans-serif">access_log /var/log/squid3/backend${process_number}.access.log</font>
<br><font size=2 face="sans-serif">cache_log /var/log/squid3/backend${process_number}.cache.log</font>
<br>
<br><font size=2 face="sans-serif">I did have visible_hostname set to backend.cloud.solnet.nz
but that did not help either.</font>
<br>
<br><font size=2 face="sans-serif">#/var/log/squid3/frontend.access.log#</font>
<br><font size=2 face="sans-serif">1446163673.780 491 10.1.209.33
TCP_MISS/200 756381 GET </font><a href="http://asylum-inc.net/WoT/2013-03-03_00006.jpg"><font size=2 color=blue face="sans-serif">http://asylum-inc.net/WoT/2013-03-03_00006.jpg</font></a><font size=2 face="sans-serif">
- CARP/127.0.0.1 image/jpeg</font>
<br><font size=2 face="sans-serif">1446163676.750 1580 10.1.209.33
TCP_MISS/200 756224 GET </font><a href="http://asylum-inc.net/WoT/2013-03-03_00006.jpg"><font size=2 color=blue face="sans-serif">http://asylum-inc.net/WoT/2013-03-03_00006.jpg</font></a><font size=2 face="sans-serif">
- HIER_DIRECT/69.73.181.160 image/jpeg</font>
<br><font size=2 face="sans-serif">1446163681.498 3059 10.1.209.33
TCP_MISS/200 756224 GET </font><a href="http://asylum-inc.net/WoT/2013-03-03_00006.jpg"><font size=2 color=blue face="sans-serif">http://asylum-inc.net/WoT/2013-03-03_00006.jpg</font></a><font size=2 face="sans-serif">
- HIER_DIRECT/69.73.181.160 image/jpeg</font>
<br>
<br><font size=2 face="sans-serif">Any assistance is appreciated.</font>
<br>
<br><font size=2 face="sans-serif">Cheers</font>
<br>
<br><font size=2 color=#0000a1 face="Verdana"><b>Mike Hodgkinson</b></font>
<br><font size=2 color=#4f4f4f face="Verdana"><b>Internal Support Engineer</b></font>
<br>
<br><font size=2 color=#4f4f4f face="Verdana">Mobile +64 21 754 339</font>
<br><font size=2 color=#4f4f4f face="Verdana">Phone +64 4 462 5064</font>
<br><font size=2 color=#4f4f4f face="Verdana">Email mike.hodgkinson@solnet.co.nz</font>
<br>
<br><font size=2 color=#4f4f4f face="Verdana"><b>Solnet Solutions Limited</b><br>
Level 12, Solnet House</font>
<br><font size=2 color=#4f4f4f face="Verdana">70 The Terrace, Wellington
6011<br>
PO Box 397, Wellington 6140</font>
<br>
<br><a href=http://www.solnet.co.nz/ target=blank><font size=2 color=#0000a1 face="Verdana"><b>www.solnet.co.nz</b></font></a><font size=2 color=#a2a2a2 face="Verdana"> </font>
<br>Attention:
This email may contain information intended for the sole use of
the original recipient. Please respect this when sharing or
disclosing this email's contents with any third party. If you
believe you have received this email in error, please delete it
and notify the sender or postmaster@solnetsolutions.co.nz as
soon as possible. The content of this email does not necessarily
reflect the views of Solnet Solutions Ltd.