Squid in Private Network and Multiple WAN (Best Load Balance Solution).

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Squid in Private Network and Multiple WAN (Best Load Balance Solution).

Darvin Rivera Aguilar
Hi,
I have my public squid ip (1.1.1.1:3128) on my local network and 4 wan
address. Two wan address (2.2.2.1 and 2.2.2.3) for Education Network
(example: acl for .edu site); and other two network (3.3.3.1 and
4.4.4.1) for General Porpuse (example: the rest of navegation... .com,
.org...)
I need to balance the traffic for all request in 1.1.1.1:3128.
1- I need to install and configure HAproxy for load balance solution?
2- I need to install HAproxy for Education Network (2.2.2.1 and 2.2.2.3)
and other HAproxy for General Porpuse (3.3.3.1 and 4.4.4.1)?
3- Use Parent Proxy?
4- Any other solution or the best.

Grettings
Darvin




------------------------------------------------------------------
---- Universidad de Camag├╝ey "Ignacio Agramonte Loynaz", Cuba ----
------------------------------------------------------------------
---- https://intranet.reduc.edu.cu/ -------------------------------
---- https://www.reduc.edu.cu/ ----------------------------------
------------------------------------------------------------------
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Squid in Private Network and Multiple WAN (Best Load Balance Solution).

Amos Jeffries
Administrator
On 14/03/2017 6:33 a.m., Darvin Rivera Aguilar wrote:
> Hi,
> I have my public squid ip (1.1.1.1:3128) on my local network and 4 wan
> address. Two wan address (2.2.2.1 and 2.2.2.3) for Education Network
> (example: acl for .edu site); and other two network (3.3.3.1 and
> 4.4.4.1) for General Porpuse (example: the rest of navegation... .com,
> .org...)

Load Balancing in the proxy is the wrong solution for this. There is
nothing to balance. What you are looking for is routing.

Do you have 2 or 4 physical WAN uplinks being used for this?

If 2 uplinks;

Then having two IPs on each does not matter. Just pick one IP that Squid
will use for each traffic type and select it with tcp_outgoing_address
like so:

 acl Education_Network dstdomain .edu
 tcp_outgoing_address 2.2.2.1 Education_Network
 # other traffic
 tcp_outgoing_address 3.3.3.1



If 4 uplinks - i.e. by two IP's you actually mean there are two uplinks
for each type of traffic;

The best approach here is to leave the load balancing in the TCP stack,
but have the proxy doing traffic classification so that TCP stack knows
where each connection / flow is needing to go.

In squid.conf use tcp_outgoing_tos directive with a dstdomain ACL
matching the Education to classify the traffic types (Education vs
General). Like so:

 acl Education_Network dstdomain .edu
 tcp_outgoing_tos 0x10 Education_Network
 # other traffic
 tcp_outgoing_tos 0x20


Then you just need TCP networking rules to use the 0x10 or 0x20 to load
balance between the two uplinks for that type of traffic.

The exact outgoing IP address does not matter to the proxy, so long as
the kernel assigns a correct one for the uplink which is going to be used.


HTH
Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Loading...