[squid-users] squid with random outgoing ip from pool of 1000 ips

Sun Aug 28 08:04:27 UTC 2016

thanks for reply 

how about the length of the number?

1/1000 to which digits should i round ??

4 or 5 6 digits ?

AS AN EXAMPLE the 1/1000 probabilities will have the acls as below :

0.001 0.000999 0.000998001 0.000997002999 0.000996005996001

the question is how many digits should i round ?

will squid understand the long digits ?

cheers

> On Aug 28, 2016, at 2:38 AM, Alex Rousskov <rousskov at measurement-factory.com> wrote:
> 
> On 08/27/2016 04:34 PM, --Ahmad-- wrote:
> 
>> i guess i need to create probability 1/1000 for each ip.
> 
> Yes, but that is _not_ the same as 1/1000 probability for each
> tcp_outgoing_address rule, unfortunately. tcp_outgoing_address rules are
> evaluated top to bottom until the first matches. If you have N rules and
> each rule has a 1/N probability of a match in isolation, then you will
> get the following probabilities of a match when the rules are combined:
> 
>  rule #0: 1/N   -- good!
>  rule #1: (1-1/N) * 1/N  -- which is not 1/N
>  rule #2: (1-1/N) * (1-1/N) * 1/N  -- even less 1/N than rule #2 was
>  rule #3: (1-1/N) * (1-1/N) * (1-1/N) * 1/N  -- and getting worse!
>  ...
> 
> To simplify equations, let me denote 1/N as p and (1-1/N) as q. With
> your incorrect 1/N ACLs, you get the following probabilities (I am just
> rewriting the above using p and q):
> 
>  rule #0: p
>  rule #1: q * p
>  rule #2: q*q * p
>  rule #3: q*q*q * p
>  ...
> 
> If you are still unsure, consider the simple case of just 2 rules
> (instead of 1000). You want the second rule to match 50% of the time. If
> you give the second rule ACL the same 1/2 probability of a match, then
> the second rule will only match 1/4 of the time because it will match
> only when the previous rule did _not_ match (1/2) _and_ when its own ACL
> matched (1/2): 1/2*1/2 = 1/4.
> 
> 
> To compensate for the cumulative effect of rules evaluation, you need
> rule i to have p/(q^i) probability of a match (where "q^i" is "q to the
> power of i"). With that, you will always get the same probability of a
> match (p) for each rule when that rule is evaluated:
> 
>  rule #0: p
>  rule #1: q * p/q = p
>  rule #2: q*q * p/(q*q) = p
>  rule #3: q*q*q * p/(q*q*q) = p
>  ...
>  rule #998: q^998 * p/(q^998) = p
> 
> To avoid uncertainty, the last rule (rule #999 in the above notation)
> should use the "all" ACL (i.e., it will always match).
> 
> 
>> how can i create the randomized acls ???
> 
> I suggest writing a script that generates 999 ACLs with correct p/(q^i)
> probability and the corresponding tcp_outgoing_address lines to match them.
> 
> Please note that computing ~500 random ACL matches for each outgoing
> Squid connection (or is it each request?) is not going to be
> instantaneous! If you are worried about Squid performance, then you may
> want to add custom Squid code to select a random or round-robin IP
> address out of a pool of 1000 addresses instead.
> 
> [ It is not going to be easy, but if you do it right, the same new
> configuration interface and underlying code can then be applied to other
> similar tasks in Squid (e.g., selecting one of several load-balanced
> ICAP services). In that case, it would be a welcomed feature that may be
> officially accepted. If you decide to make this generally useful, then I
> recommend getting your configuration design pre-approved on squid-dev
> before you implement anything (or before you pay somebody else to
> implement it)! ]
> 
> 
>> is my settings below is correct ??
> 
> No. Your ACL(s) and rule probabilities are wrong. See above.
> 
> 
> HTH,
> 
> Alex.
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160828/3598e14d/attachment.html>