[squid-users] Use ICP RTT with HTTPS request
Alex Rousskov
rousskov at measurement-factory.com
Fri Sep 23 14:52:38 UTC 2022
On 9/23/22 10:30, Théo BARRAGUE wrote:
> How can I say "please, use ICP for RTT sharing like you did with
> HTTP" ?
AFAICT, Squid tries to use NetDB on both HTTP and HTTPS paths, but
something probably goes wrong somewhere. The easiest way to figure this
out may be to analyze debugging cache.log while reproducing the problem
with a single transaction.
https://wiki.squid-cache.org/SquidFaq/BugReporting#Debugging_a_single_transaction
Beyond that, I do not have any good triage ideas. You may want to share
Cache Manager mgr:server_list page for additional clues. Does changing
the order of cache_peer lines in squid.conf change the outcome?
Cheers,
Alex.
> I'm trying to setup ICP exchange with HTTPS request.
> With my current setup (no ssl bumping) I can't use ICP for cache but it
> may be possible for RTT.
> My goal is to use the closest parent to establish the connection.
>
> My configuration look like :
>
> cache_peer 127.0.0.1 parent 3129 3131 no-digest proxy-only
> name=same-server
> cache_peer_access same-server allow all
>
> cache_peer w.x.y.z parent 3129 3131 no-digest proxy-only
> name=pair-server
> cache_peer_access pair-server allow all
>
> query_icmp on
> never_direct allow all
>
>
> It works great for http, when I curl for the first time i got that :
>
> same-server
> Network recv/sent RTT
> Hops Hostnames
> 142.251.40.0 1/ 1 121.0
> 14.0 www.google.fr
>
> pair-server
> Network recv/sent RTT
> Hops Hostnames
> 172.253.122.0 1/ 1 94.0
> 23.0 www.google.fr <http://www.google.fr>
>
>
> Next requests will go through pair-server, example :
>
> same-server
> Network recv/sent RTT
> Hops Hostnames
> 142.251.40.0 1/ 1 121.0
> 14.0 www.google.fr
>
> pair-server
> Network recv/sent RTT
> Hops Hostnames
> 172.253.122.0 10/ 10 93.1
> 23.0 www.google.fr <http://www.google.fr>
>
>
> But for HTTPS, squid is able to determine hostname and network but
> doesn't care about RTT sharing :
>
> same-server
> Network recv/sent RTT
> Hops Hostnames
> 149.202.190.0 10/ 1 6.0
> 15.0 api.gouv.fr
>
> pair-server
> Network recv/sent RTT
> Hops Hostnames
>
>
> Even if I force a request though the pair-server to initiate NetDB, ICP
> not used.
More information about the squid-users
mailing list