[squid-users] High-availability and load-balancing between N squid servers
Alex Samad
alex at samad.com.au
Wed Jun 10 03:59:03 UTC 2015
Hi
I run 2 squid boxes, and I use pacemaker to float 2 VIP's between the 2 boxes.
Basically I just run squid on both and I create a VIP resource that
test if squid is running to allocate the VIP.
But this doesn't really give you load balancing. but very good resilience.
Pacemaker and Linux have the ability to do load balancing, by using a
share IP and some hashing algo , I haven't tested it though
On 9 June 2015 at 22:51, Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 9/06/2015 7:15 p.m., Rafael Akchurin wrote:
>> Hi Amos,
>>
>> <snip>
>>
>>> There seems to be a bit of a myth going around about how HAProxy does
>>> load balancing. HAProxy is an HTTP layer proxy. Just like Squid.
>>>
>>> They both do the same things to received TCP connections. But HAProxy
>>> supports less HTTP features, so its somewhat simpler processing is also
>>> a bit faster when you want it to be a semi-dumb load balancer.
>>
>>> We are somewhat recently added basic support for the PROXY protocol to Squid.
>>> So HAProxy can relay port 80 connections to Squid-3.5+ without
>>> processing them fully. However Squid does not yet support that on
>>> https_port, which means the TLS connections still wont have client IP
>>> details passed through.
>>
>> So what would be your proposition for the case of SSL Bump?
>> How to get the connecting client IP and authenticated user name passed to the ICAP server when a cluster of squids somehow getting the CONNECT tunnel established?
>>
>> Assume we left away the haproxy and rely solely on squid - how would you approach this and how many instances of squid would you deploy?
>>
>> From my limited knowledge the FQDN proxy name being resolved to a number of IP addresses running one squid per IP address is the simplest approach.
>>
>
> Yes, it would seem to be the only form which meets all your criteria
> too. Everything else runs up against the HTTPS brick wall.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list