<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">thanks for reply <div class=""><br class=""></div><div class="">how about the length of the number?</div><div class=""><br class=""></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class="">1/1000 to which digits should i round ??</font></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class=""><br class=""></font></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class="">4 or 5 6 digits ?</font></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class=""><br class=""></font></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class=""><br class=""></font></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class=""><br class=""></font></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class="">AS AN EXAMPLE the 1/1000 probabilities will have the acls as below :</font></div><div class=""><span style="font-family: -webkit-standard; font-size: medium;" class=""><br class=""></span></div><div class=""><span style="font-family: -webkit-standard; font-size: medium;" class=""><br class=""></span></div><div class=""><span style="font-family: -webkit-standard; font-size: medium;" class="">0.001 0.000999 0.000998001 0.000997002999 0.000996005996001</span></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class=""><br class=""></font></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class=""><br class=""></font></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class="">the question is how many digits should i round ?</font></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class=""><br class=""></font></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class="">will squid understand the long digits ?</font></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class=""><br class=""></font></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class=""><br class=""></font></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class="">cheers</font></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class=""><br class=""></font></div><div class=""><font color="#007700" face="Fira Mono, Source Code Pro, monospace" class=""><br class=""></font><div><blockquote type="cite" class=""><div class="">On Aug 28, 2016, at 2:38 AM, Alex Rousskov <<a href="mailto:rousskov@measurement-factory.com" class="">rousskov@measurement-factory.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">On 08/27/2016 04:34 PM, --Ahmad-- wrote:<br class=""><br class=""><blockquote type="cite" class="">i guess i need to create probability 1/1000 for each ip.<br class=""></blockquote><br class="">Yes, but that is _not_ the same as 1/1000 probability for each<br class="">tcp_outgoing_address rule, unfortunately. tcp_outgoing_address rules are<br class="">evaluated top to bottom until the first matches. If you have N rules and<br class="">each rule has a 1/N probability of a match in isolation, then you will<br class="">get the following probabilities of a match when the rules are combined:<br class=""><br class=""> rule #0: 1/N -- good!<br class=""> rule #1: (1-1/N) * 1/N -- which is not 1/N<br class=""> rule #2: (1-1/N) * (1-1/N) * 1/N -- even less 1/N than rule #2 was<br class=""> rule #3: (1-1/N) * (1-1/N) * (1-1/N) * 1/N -- and getting worse!<br class=""> ...<br class=""><br class="">To simplify equations, let me denote 1/N as p and (1-1/N) as q. With<br class="">your incorrect 1/N ACLs, you get the following probabilities (I am just<br class="">rewriting the above using p and q):<br class=""><br class=""> rule #0: p<br class=""> rule #1: q * p<br class=""> rule #2: q*q * p<br class=""> rule #3: q*q*q * p<br class=""> ...<br class=""><br class="">If you are still unsure, consider the simple case of just 2 rules<br class="">(instead of 1000). You want the second rule to match 50% of the time. If<br class="">you give the second rule ACL the same 1/2 probability of a match, then<br class="">the second rule will only match 1/4 of the time because it will match<br class="">only when the previous rule did _not_ match (1/2) _and_ when its own ACL<br class="">matched (1/2): 1/2*1/2 = 1/4.<br class=""><br class=""><br class="">To compensate for the cumulative effect of rules evaluation, you need<br class="">rule i to have p/(q^i) probability of a match (where "q^i" is "q to the<br class="">power of i"). With that, you will always get the same probability of a<br class="">match (p) for each rule when that rule is evaluated:<br class=""><br class=""> rule #0: p<br class=""> rule #1: q * p/q = p<br class=""> rule #2: q*q * p/(q*q) = p<br class=""> rule #3: q*q*q * p/(q*q*q) = p<br class=""> ...<br class=""> rule #998: q^998 * p/(q^998) = p<br class=""><br class="">To avoid uncertainty, the last rule (rule #999 in the above notation)<br class="">should use the "all" ACL (i.e., it will always match).<br class=""><br class=""><br class=""><blockquote type="cite" class="">how can i create the randomized acls ???<br class=""></blockquote><br class="">I suggest writing a script that generates 999 ACLs with correct p/(q^i)<br class="">probability and the corresponding tcp_outgoing_address lines to match them.<br class=""><br class="">Please note that computing ~500 random ACL matches for each outgoing<br class="">Squid connection (or is it each request?) is not going to be<br class="">instantaneous! If you are worried about Squid performance, then you may<br class="">want to add custom Squid code to select a random or round-robin IP<br class="">address out of a pool of 1000 addresses instead.<br class=""><br class="">[ It is not going to be easy, but if you do it right, the same new<br class="">configuration interface and underlying code can then be applied to other<br class="">similar tasks in Squid (e.g., selecting one of several load-balanced<br class="">ICAP services). In that case, it would be a welcomed feature that may be<br class="">officially accepted. If you decide to make this generally useful, then I<br class="">recommend getting your configuration design pre-approved on squid-dev<br class="">before you implement anything (or before you pay somebody else to<br class="">implement it)! ]<br class=""><br class=""><br class=""><blockquote type="cite" class="">is my settings below is correct ??<br class=""></blockquote><br class="">No. Your ACL(s) and rule probabilities are wrong. See above.<br class=""><br class=""><br class="">HTH,<br class=""><br class="">Alex.<br class=""><br class=""></div></div></blockquote></div><br class=""></div></body></html>