Automatic switching of squid to a second internet link?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Automatic switching of squid to a second internet link?

Danish Siddiqui

Hi,
Ive got squid proxy server running on a CentOS 4.4 machine. This proxy
server is connected to the internet through a Sonicwall PRO3060
firewall machine.

We have got three different ISP lines, one of which is used by squid.
All the three lines terminate at the firewall. One of these links then
goes to the squid server.
Many a times it happens that the internet link on the squid line goes
down, because of which we have to switch the squid server on to one of
the remaining ISP lines.

I was planning a setup in which an extra NIC would be attached to the
squid server. This NIC would be connected to a different ISP line, so
that when one link goes down, the squid proxy server automatically
switches on to the next line, wherein the LAN users dont get to feel
the difference while browsing. Also, when the original link gets
restored, the squid server automatically switches back on to the
original link

My current setup requires me to deny access to the squid server till
the time it is up again.

Is this setup possible? And if yes, can you please tell me how or
point me to the necessary resources.

Thanks
Danish The information contained in this electronic message and any
attachments to this message are intended for the exclusive use of the
addressee(s) and may contain proprietary, confidential or privileged
information. If you are not the intended recipient, you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately and destroy the original message all copies of this message
and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient
should check this email and any attachments for the presence of
viruses. The company accepts no liability for any damage caused by any
virus transmitted by this email.

Reply | Threaded
Open this post in threaded view
|

Re: Automatic switching of squid to a second internet link?

Tek Bahadur Limbu
Danish Siddiqui wrote:

>
> Hi,
> Ive got squid proxy server running on a CentOS 4.4 machine. This proxy
> server is connected to the internet through a Sonicwall PRO3060
> firewall machine.
>
> We have got three different ISP lines, one of which is used by squid.
> All the three lines terminate at the firewall. One of these links then
> goes to the squid server.
> Many a times it happens that the internet link on the squid line goes
> down, because of which we have to switch the squid server on to one of
> the remaining ISP lines.

Hi Danish Siddiqui,

When the 1st ISP goes down, does that mean that you actually have to
switch the cable from your squid box to the 2nd or 3rd ISP link on your
Sonicwall machine?

>
> I was planning a setup in which an extra NIC would be attached to the
> squid server. This NIC would be connected to a different ISP line, so
> that when one link goes down, the squid proxy server automatically
> switches on to the next line, wherein the LAN users dont get to feel
> the difference while browsing. Also, when the original link gets
> restored, the squid server automatically switches back on to the
> original link

If your Sonicwall firewall and routing policy allows you to access all 3
ISPs lines from your Squid box, I think that you can use the
"tcp_outgoing_address" parameter to switch to either the 2nd or 3rd ISP
connection when the 1st ISP goes down.

Of course, you must have a small script in Crontab to check for internet
connectivity to your 1st ISP at regular intervals, say every 2 minutes.

If the 1st ISP gets internet connectivity again, then let the script
restore connectivity from the 2nd or 3rd ISP back to the 1st ISP again.

But again, adding 2 extra NIC cards to your Squid box will provide you
more control and fail over. In my opinion, it will be a very interesting
option.

If your Squid box is running on Linux with a kernel greater than 2.4.20,
then you can apply traffic and routing rules.

Please see the following link:

http://lartc.org/howto/lartc.rpdb.multiple-links.html

This guys really seem to perform some kind of magic with advanced
routing and traffic control!


>
> My current setup requires me to deny access to the squid server till
> the time it is up again.

I suppose that you can't access all 3 ISPs lines from your Squid box?

>
> Is this setup possible? And if yes, can you please tell me how or
> point me to the necessary resources.

I definitely think it is possible. Let's wait and get more help and
input from other experts and professionals from the Squid mailing list.


Thanking you...

>
> Thanks
> Danish The information contained in this electronic message and any
> attachments to this message are intended for the exclusive use of the
> addressee(s) and may contain proprietary, confidential or privileged
> information. If you are not the intended recipient, you should not
> disseminate, distribute or copy this e-mail. Please notify the sender
> immediately and destroy the original message all copies of this message
> and any attachments.
> WARNING: Computer viruses can be transmitted via email. The recipient
> should check this email and any attachments for the presence of viruses.
> The company accepts no liability for any damage caused by any virus
> transmitted by this email.
>
>
>
>


--

With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal

http://www.wlink.com.np
Reply | Threaded
Open this post in threaded view
|

Re: Automatic switching of squid to a second internet link?

Danish Siddiqui


Tek Bahadur Limbu wrote:

> Danish Siddiqui wrote:
>>
>> Hi,
>> Ive got squid proxy server running on a CentOS 4.4 machine. This proxy
>> server is connected to the internet through a Sonicwall PRO3060
>> firewall machine.
>>
>> We have got three different ISP lines, one of which is used by squid.
>> All the three lines terminate at the firewall. One of these links then
>> goes to the squid server.
>> Many a times it happens that the internet link on the squid line goes
>> down, because of which we have to switch the squid server on to one of
>> the remaining ISP lines.
>
> Hi Danish Siddiqui,
>
> When the 1st ISP goes down, does that mean that you actually have to
> switch the cable from your squid box to the 2nd or 3rd ISP link on
> your Sonicwall machine?
>
No, the only cable that is connected to the squid box is from the
Sonicwall firewall.

>>
>> I was planning a setup in which an extra NIC would be attached to the
>> squid server. This NIC would be connected to a different ISP line, so
>> that when one link goes down, the squid proxy server automatically
>> switches on to the next line, wherein the LAN users dont get to feel
>> the difference while browsing. Also, when the original link gets
>> restored, the squid server automatically switches back on to the
>> original link
>
> If your Sonicwall firewall and routing policy allows you to access all
> 3 ISPs lines from your Squid box, I think that you can use the
> "tcp_outgoing_address" parameter to switch to either the 2nd or 3rd
> ISP connection when the 1st ISP goes down.
>
> Of course, you must have a small script in Crontab to check for
> internet connectivity to your 1st ISP at regular intervals, say every
> 2 minutes.
>
How will the script go. Can you give me some pointers till the time I
look around for it.
> If the 1st ISP gets internet connectivity again, then let the script
> restore connectivity from the 2nd or 3rd ISP back to the 1st ISP again.
>
> But again, adding 2 extra NIC cards to your Squid box will provide you
> more control and fail over. In my opinion, it will be a very
> interesting option.
>
Seems interesting to me too
> If your Squid box is running on Linux with a kernel greater than
> 2.4.20, then you can apply traffic and routing rules.
Its running on a CentOS 4.4 with kernel 2.6.9-42.ELsmp

>
> Please see the following link:
>
> http://lartc.org/howto/lartc.rpdb.multiple-links.html
>
> This guys really seem to perform some kind of magic with advanced
> routing and traffic control!
>
>
>>
>> My current setup requires me to deny access to the squid server till
>> the time it is up again.
>
> I suppose that you can't access all 3 ISPs lines from your Squid box?
Ill have to go according to your suggestions. But at the moment the
squid box can access only 1 ISP line

>
>>
>> Is this setup possible? And if yes, can you please tell me how or
>> point me to the necessary resources.
>
> I definitely think it is possible. Let's wait and get more help and
> input from other experts and professionals from the Squid mailing list.
>
>
> Thanking you...
>
>>
>> Thanks
>> Danish The information contained in this electronic message and any
>> attachments to this message are intended for the exclusive use of the
>> addressee(s) and may contain proprietary, confidential or privileged
>> information. If you are not the intended recipient, you should not
>> disseminate, distribute or copy this e-mail. Please notify the sender
>> immediately and destroy the original message all copies of this
>> message and any attachments.
>> WARNING: Computer viruses can be transmitted via email. The recipient
>> should check this email and any attachments for the presence of
>> viruses. The company accepts no liability for any damage caused by
>> any virus transmitted by this email.
>>
>>
>>
>>
>
>


The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy the original message all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
Reply | Threaded
Open this post in threaded view
|

RE: Automatic switching of squid to a second internet link?

SSCR Internet Admin
Hi,

It seems that you need the iproute2 package, try finding out on the
www.lartc.org. I don't remember though, I guess theres a guide on how to
accomplish this.  Hope that helps

Nats
-----Original Message-----
From: Danish Siddiqui [mailto:[hidden email]]
Sent: Wednesday, July 04, 2007 3:37 PM
To: [hidden email]
Cc: Tek Bahadur Limbu
Subject: Re: [squid-users] Automatic switching of squid to a second internet
link?



Tek Bahadur Limbu wrote:

> Danish Siddiqui wrote:
>>
>> Hi,
>> Ive got squid proxy server running on a CentOS 4.4 machine. This proxy
>> server is connected to the internet through a Sonicwall PRO3060
>> firewall machine.
>>
>> We have got three different ISP lines, one of which is used by squid.
>> All the three lines terminate at the firewall. One of these links then
>> goes to the squid server.
>> Many a times it happens that the internet link on the squid line goes
>> down, because of which we have to switch the squid server on to one of
>> the remaining ISP lines.
>
> Hi Danish Siddiqui,
>
> When the 1st ISP goes down, does that mean that you actually have to
> switch the cable from your squid box to the 2nd or 3rd ISP link on
> your Sonicwall machine?
>
No, the only cable that is connected to the squid box is from the
Sonicwall firewall.

>>
>> I was planning a setup in which an extra NIC would be attached to the
>> squid server. This NIC would be connected to a different ISP line, so
>> that when one link goes down, the squid proxy server automatically
>> switches on to the next line, wherein the LAN users dont get to feel
>> the difference while browsing. Also, when the original link gets
>> restored, the squid server automatically switches back on to the
>> original link
>
> If your Sonicwall firewall and routing policy allows you to access all
> 3 ISPs lines from your Squid box, I think that you can use the
> "tcp_outgoing_address" parameter to switch to either the 2nd or 3rd
> ISP connection when the 1st ISP goes down.
>
> Of course, you must have a small script in Crontab to check for
> internet connectivity to your 1st ISP at regular intervals, say every
> 2 minutes.
>
How will the script go. Can you give me some pointers till the time I
look around for it.
> If the 1st ISP gets internet connectivity again, then let the script
> restore connectivity from the 2nd or 3rd ISP back to the 1st ISP again.
>
> But again, adding 2 extra NIC cards to your Squid box will provide you
> more control and fail over. In my opinion, it will be a very
> interesting option.
>
Seems interesting to me too
> If your Squid box is running on Linux with a kernel greater than
> 2.4.20, then you can apply traffic and routing rules.
Its running on a CentOS 4.4 with kernel 2.6.9-42.ELsmp

>
> Please see the following link:
>
> http://lartc.org/howto/lartc.rpdb.multiple-links.html
>
> This guys really seem to perform some kind of magic with advanced
> routing and traffic control!
>
>
>>
>> My current setup requires me to deny access to the squid server till
>> the time it is up again.
>
> I suppose that you can't access all 3 ISPs lines from your Squid box?
Ill have to go according to your suggestions. But at the moment the
squid box can access only 1 ISP line

>
>>
>> Is this setup possible? And if yes, can you please tell me how or
>> point me to the necessary resources.
>
> I definitely think it is possible. Let's wait and get more help and
> input from other experts and professionals from the Squid mailing list.
>
>
> Thanking you...
>
>>
>> Thanks
>> Danish The information contained in this electronic message and any
>> attachments to this message are intended for the exclusive use of the
>> addressee(s) and may contain proprietary, confidential or privileged
>> information. If you are not the intended recipient, you should not
>> disseminate, distribute or copy this e-mail. Please notify the sender
>> immediately and destroy the original message all copies of this
>> message and any attachments.
>> WARNING: Computer viruses can be transmitted via email. The recipient
>> should check this email and any attachments for the presence of
>> viruses. The company accepts no liability for any damage caused by
>> any virus transmitted by this email.
>>
>>
>>
>>
>
>



The information contained in this electronic message and any attachments to
this message are intended for the exclusive use of the addressee(s) and may
contain proprietary, confidential or privileged information. If you are not
the intended recipient, you should not disseminate, distribute or copy this
e-mail. Please notify the sender immediately and destroy the original
message all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should
check this email and any attachments for the presence of viruses. The
company accepts no liability for any damage caused by any virus transmitted
by this email.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Reply | Threaded
Open this post in threaded view
|

Re: Automatic switching of squid to a second internet link?

Tek Bahadur Limbu
In reply to this post by Danish Siddiqui
Danish Siddiqui wrote:

>
> Tek Bahadur Limbu wrote:
>> Danish Siddiqui wrote:
>>> Hi,
>>> Ive got squid proxy server running on a CentOS 4.4 machine. This proxy
>>> server is connected to the internet through a Sonicwall PRO3060
>>> firewall machine.
>>>
>>> We have got three different ISP lines, one of which is used by squid.
>>> All the three lines terminate at the firewall. One of these links then
>>> goes to the squid server.
>>> Many a times it happens that the internet link on the squid line goes
>>> down, because of which we have to switch the squid server on to one of
>>> the remaining ISP lines.
>> Hi Danish Siddiqui,
>>
>> When the 1st ISP goes down, does that mean that you actually have to
>> switch the cable from your squid box to the 2nd or 3rd ISP link on
>> your Sonicwall machine?
>>
> No, the only cable that is connected to the squid box is from the
> Sonicwall firewall.
>>> I was planning a setup in which an extra NIC would be attached to the
>>> squid server. This NIC would be connected to a different ISP line, so
>>> that when one link goes down, the squid proxy server automatically
>>> switches on to the next line, wherein the LAN users dont get to feel
>>> the difference while browsing. Also, when the original link gets
>>> restored, the squid server automatically switches back on to the
>>> original link
>> If your Sonicwall firewall and routing policy allows you to access all
>> 3 ISPs lines from your Squid box, I think that you can use the
>> "tcp_outgoing_address" parameter to switch to either the 2nd or 3rd
>> ISP connection when the 1st ISP goes down.
>>
>> Of course, you must have a small script in Crontab to check for
>> internet connectivity to your 1st ISP at regular intervals, say every
>> 2 minutes.
>>
> How will the script go. Can you give me some pointers till the time I
> look around for it.

Hi,

I think a simple script such as PING should suffice. If your 1st ISP
goes down, can you ping your Sonicwall Firewall WAN port?



>> If the 1st ISP gets internet connectivity again, then let the script
>> restore connectivity from the 2nd or 3rd ISP back to the 1st ISP again.
>>
>> But again, adding 2 extra NIC cards to your Squid box will provide you
>> more control and fail over. In my opinion, it will be a very
>> interesting option.
>>
> Seems interesting to me too
>> If your Squid box is running on Linux with a kernel greater than
>> 2.4.20, then you can apply traffic and routing rules.
> Its running on a CentOS 4.4 with kernel 2.6.9-42.ELsmp
>> Please see the following link:
>>
>> http://lartc.org/howto/lartc.rpdb.multiple-links.html
>>
>> This guys really seem to perform some kind of magic with advanced
>> routing and traffic control!
>>

Have you given any thoughts to implementing such a feature suggested by
lartc.org ?
I think it's ideal for your case where you have 3 internet providers
where you can split the load among the 3 providers?

Thanking you...

>>
>>> My current setup requires me to deny access to the squid server till
>>> the time it is up again.
>> I suppose that you can't access all 3 ISPs lines from your Squid box?
> Ill have to go according to your suggestions. But at the moment the
> squid box can access only 1 ISP line
>>> Is this setup possible? And if yes, can you please tell me how or
>>> point me to the necessary resources.
>> I definitely think it is possible. Let's wait and get more help and
>> input from other experts and professionals from the Squid mailing list.
>>
>>
>> Thanking you...
>>
>>> Thanks
>>> Danish The information contained in this electronic message and any
>>> attachments to this message are intended for the exclusive use of the
>>> addressee(s) and may contain proprietary, confidential or privileged
>>> information. If you are not the intended recipient, you should not
>>> disseminate, distribute or copy this e-mail. Please notify the sender
>>> immediately and destroy the original message all copies of this
>>> message and any attachments.
>>> WARNING: Computer viruses can be transmitted via email. The recipient
>>> should check this email and any attachments for the presence of
>>> viruses. The company accepts no liability for any damage caused by
>>> any virus transmitted by this email.
>>>
>>>
>>>
>>>
>>
>
>
>
> The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy the original message all copies of this message and any attachments.
> WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
>
>
>


--

With best regards and good wishes,

Yours sincerely,

Tek Bahadur Limbu

(TAG/TDG Group)
Jwl Systems Department

Worldlink Communications Pvt. Ltd.

Jawalakhel, Nepal

http://www.wlink.com.np
Reply | Threaded
Open this post in threaded view
|

Re: Automatic switching of squid to a second internet link?

Danish Siddiqui


Tek Bahadur Limbu wrote:

> Danish Siddiqui wrote:
>>
>> Tek Bahadur Limbu wrote:
>>> Danish Siddiqui wrote:
>>>> Hi,
>>>> Ive got squid proxy server running on a CentOS 4.4 machine. This proxy
>>>> server is connected to the internet through a Sonicwall PRO3060
>>>> firewall machine.
>>>>
>>>> We have got three different ISP lines, one of which is used by squid.
>>>> All the three lines terminate at the firewall. One of these links then
>>>> goes to the squid server.
>>>> Many a times it happens that the internet link on the squid line goes
>>>> down, because of which we have to switch the squid server on to one of
>>>> the remaining ISP lines.
>>> Hi Danish Siddiqui,
>>>
>>> When the 1st ISP goes down, does that mean that you actually have to
>>> switch the cable from your squid box to the 2nd or 3rd ISP link on
>>> your Sonicwall machine?
>>>
>> No, the only cable that is connected to the squid box is from the
>> Sonicwall firewall.
>>>> I was planning a setup in which an extra NIC would be attached to the
>>>> squid server. This NIC would be connected to a different ISP line, so
>>>> that when one link goes down, the squid proxy server automatically
>>>> switches on to the next line, wherein the LAN users dont get to feel
>>>> the difference while browsing. Also, when the original link gets
>>>> restored, the squid server automatically switches back on to the
>>>> original link
>>> If your Sonicwall firewall and routing policy allows you to access
>>> all 3 ISPs lines from your Squid box, I think that you can use the
>>> "tcp_outgoing_address" parameter to switch to either the 2nd or 3rd
>>> ISP connection when the 1st ISP goes down.
>>>
>>> Of course, you must have a small script in Crontab to check for
>>> internet connectivity to your 1st ISP at regular intervals, say
>>> every 2 minutes.
>>>
>> How will the script go. Can you give me some pointers till the time I
>> look around for it.
>
> Hi,
>
> I think a simple script such as PING should suffice. If your 1st ISP
> goes down, can you ping your Sonicwall Firewall WAN port?
>
>
>
>>> If the 1st ISP gets internet connectivity again, then let the script
>>> restore connectivity from the 2nd or 3rd ISP back to the 1st ISP again.
>>>
>>> But again, adding 2 extra NIC cards to your Squid box will provide
>>> you more control and fail over. In my opinion, it will be a very
>>> interesting option.
>>>
>> Seems interesting to me too
>>> If your Squid box is running on Linux with a kernel greater than
>>> 2.4.20, then you can apply traffic and routing rules.
>> Its running on a CentOS 4.4 with kernel 2.6.9-42.ELsmp
>>> Please see the following link:
>>>
>>> http://lartc.org/howto/lartc.rpdb.multiple-links.html
>>>
>>> This guys really seem to perform some kind of magic with advanced
>>> routing and traffic control!
>>>
>
> Have you given any thoughts to implementing such a feature suggested
> by lartc.org ?
> I think it's ideal for your case where you have 3 internet providers
> where you can split the load among the 3 providers?
>
I tried to go through the above lartc.org link, but unfortunately I
wasnt able to understand much .
Instead I'm going through this link to clear my basics first
http://www.hispafuentes.com/hf-doc/HOWTOs/Linux-html-HOWTOs-20021014/HOWTO/Net-HOWTO/x552.html

Danish
Thanking you...

>
>>>
>>>> My current setup requires me to deny access to the squid server till
>>>> the time it is up again.
>>> I suppose that you can't access all 3 ISPs lines from your Squid box?
>> Ill have to go according to your suggestions. But at the moment the
>> squid box can access only 1 ISP line
>>>> Is this setup possible? And if yes, can you please tell me how or
>>>> point me to the necessary resources.
>>> I definitely think it is possible. Let's wait and get more help and
>>> input from other experts and professionals from the Squid mailing list.
>>>
>>>
>>> Thanking you...
>>>
>>>> Thanks
>>>> Danish The information contained in this electronic message and any
>>>> attachments to this message are intended for the exclusive use of
>>>> the addressee(s) and may contain proprietary, confidential or
>>>> privileged information. If you are not the intended recipient, you
>>>> should not disseminate, distribute or copy this e-mail. Please
>>>> notify the sender immediately and destroy the original message all
>>>> copies of this message and any attachments.
>>>> WARNING: Computer viruses can be transmitted via email. The
>>>> recipient should check this email and any attachments for the
>>>> presence of viruses. The company accepts no liability for any
>>>> damage caused by any virus transmitted by this email.
>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>> The information contained in this electronic message and any
>> attachments to this message are intended for the exclusive use of the
>> addressee(s) and may contain proprietary, confidential or privileged
>> information. If you are not the intended recipient, you should not
>> disseminate, distribute or copy this e-mail. Please notify the sender
>> immediately and destroy the original message all copies of this
>> message and any attachments.
>> WARNING: Computer viruses can be transmitted via email. The recipient
>> should check this email and any attachments for the presence of
>> viruses. The company accepts no liability for any damage caused by
>> any virus transmitted by this email.
>>
>>
>>
>
>


The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy the original message all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.