[squid-users] squid with random outgoing ip from pool of 1000 ips

--Ahmad-- ahmed.zaeem at netstream.ps
Sun Aug 28 09:56:39 UTC 2016


just to tell you 
i updated the acl as below :
acl half10001 random 0.0009980010000000
acl half10006 random 0.0009930209650350
acl half10011 random 0.0009880657804942
acl half10020 random 0.0009792086759647
acl half10037 random 0.0009626946373158
acl half10043 random 0.0009569328906720
acl half10059 random 0.0009417362622232
acl half10079 random 0.0009230793978373
acl half10082 random 0.0009203129279589
acl half10084 random 0.0009184732224159
acl half10094 random 0.0009093297114627
acl half10098 random 0.0009056978449587
acl half10109 random 0.0008957848329039
acl half10113 random 0.0008922070646991
acl half10114 random 0.0008913148576344
acl half10122 random 0.0008842092457380
acl half10137 random 0.0008710385479118
acl half10154 random 0.0008563487636013
acl half10168 random 0.0008444374977929
acl half10171 random 0.0008419067177676
acl half10173 random 0.0008402237462388
acl half10218 random 0.0008032337005613
acl half10221 random 0.0008008264083574
acl half10222 random 0.0008000255819491
acl half10223 random 0.0007992255563671
acl half10227 random 0.0007960334462989
acl half10247 random 0.0007802631200941
acl half10248 random 0.0007794828569740
.
.
.
.
.


but the rotation is very bad and the outgoing ip now is the ip that is on my eth0 ipv6 address  only .
i mean the lists above not working at all and all request go with  1 ipv6 which is the ip that is on my eth0 address .


what wrong did i do ?



> On Aug 28, 2016, at 11:04 AM, --Ahmad-- <ahmed.zaeem at netstream.ps> wrote:
> 
> thanks for reply 
> 
> how about the length of the number?
> 
> 1/1000 to which digits should i round ??
> 
> 4 or 5 6 digits ?
> 
> 
> 
> AS AN EXAMPLE the 1/1000 probabilities will have the acls as below :
> 
> 
> 0.001 0.000999 0.000998001 0.000997002999 0.000996005996001
> 
> 
> the question is how many digits should i round ?
> 
> will squid understand the long digits ?
> 
> 
> cheers
> 
> 
>> On Aug 28, 2016, at 2:38 AM, Alex Rousskov <rousskov at measurement-factory.com <mailto:rousskov at measurement-factory.com>> wrote:
>> 
>> On 08/27/2016 04:34 PM, --Ahmad-- wrote:
>> 
>>> i guess i need to create probability 1/1000 for each ip.
>> 
>> Yes, but that is _not_ the same as 1/1000 probability for each
>> tcp_outgoing_address rule, unfortunately. tcp_outgoing_address rules are
>> evaluated top to bottom until the first matches. If you have N rules and
>> each rule has a 1/N probability of a match in isolation, then you will
>> get the following probabilities of a match when the rules are combined:
>> 
>>  rule #0: 1/N   -- good!
>>  rule #1: (1-1/N) * 1/N  -- which is not 1/N
>>  rule #2: (1-1/N) * (1-1/N) * 1/N  -- even less 1/N than rule #2 was
>>  rule #3: (1-1/N) * (1-1/N) * (1-1/N) * 1/N  -- and getting worse!
>>  ...
>> 
>> To simplify equations, let me denote 1/N as p and (1-1/N) as q. With
>> your incorrect 1/N ACLs, you get the following probabilities (I am just
>> rewriting the above using p and q):
>> 
>>  rule #0: p
>>  rule #1: q * p
>>  rule #2: q*q * p
>>  rule #3: q*q*q * p
>>  ...
>> 
>> If you are still unsure, consider the simple case of just 2 rules
>> (instead of 1000). You want the second rule to match 50% of the time. If
>> you give the second rule ACL the same 1/2 probability of a match, then
>> the second rule will only match 1/4 of the time because it will match
>> only when the previous rule did _not_ match (1/2) _and_ when its own ACL
>> matched (1/2): 1/2*1/2 = 1/4.
>> 
>> 
>> To compensate for the cumulative effect of rules evaluation, you need
>> rule i to have p/(q^i) probability of a match (where "q^i" is "q to the
>> power of i"). With that, you will always get the same probability of a
>> match (p) for each rule when that rule is evaluated:
>> 
>>  rule #0: p
>>  rule #1: q * p/q = p
>>  rule #2: q*q * p/(q*q) = p
>>  rule #3: q*q*q * p/(q*q*q) = p
>>  ...
>>  rule #998: q^998 * p/(q^998) = p
>> 
>> To avoid uncertainty, the last rule (rule #999 in the above notation)
>> should use the "all" ACL (i.e., it will always match).
>> 
>> 
>>> how can i create the randomized acls ???
>> 
>> I suggest writing a script that generates 999 ACLs with correct p/(q^i)
>> probability and the corresponding tcp_outgoing_address lines to match them.
>> 
>> Please note that computing ~500 random ACL matches for each outgoing
>> Squid connection (or is it each request?) is not going to be
>> instantaneous! If you are worried about Squid performance, then you may
>> want to add custom Squid code to select a random or round-robin IP
>> address out of a pool of 1000 addresses instead.
>> 
>> [ It is not going to be easy, but if you do it right, the same new
>> configuration interface and underlying code can then be applied to other
>> similar tasks in Squid (e.g., selecting one of several load-balanced
>> ICAP services). In that case, it would be a welcomed feature that may be
>> officially accepted. If you decide to make this generally useful, then I
>> recommend getting your configuration design pre-approved on squid-dev
>> before you implement anything (or before you pay somebody else to
>> implement it)! ]
>> 
>> 
>>> is my settings below is correct ??
>> 
>> No. Your ACL(s) and rule probabilities are wrong. See above.
>> 
>> 
>> HTH,
>> 
>> Alex.
>> 
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160828/448d80c1/attachment-0001.html>


More information about the squid-users mailing list