squid random outgoing ip/interface selection
If you want to configure squid 2.7 or newer load balance several in random or round-robin fashion outgoing connections or IP addresses in a random manner – here is how you can do it:
It can be done but unfortunately it is not as easy as setting “balance_on_multiple_ip on” in squid.conf. This option would load balance multiple IP addresses of remote servers – not your outgoing addresses. If you type “nslookup google.com”, you will see that Google uses multiple IP addresses for this domain: 126.96.36.199 188.8.131.52 184.108.40.206 220.127.116.11 18.104.22.168. With ”balance_on_multiple_ip on” squid will balance the load between these addresses.
Setting up squid for round robin outgoing network interface usage is based on the following fact: although squid can’t round-robin outgoing interfaces, it can round-robin parent proxy servers. So the solution is to configure squid as both child and parent and round-robin among its own parent instances while each parent instance is set-up to use specific outgoing interface.
In this sample configuration we’ll set up squid to accept client connections on 192.168.0.1 address and randomly use outgoing interfaces 10.0.0.1, 10.0.0.2 and 10.0.0.3. I use 10.0.0.x for demonstration reasons. In a real config these will most likely be replaced with public Internet IPs.
1) Configure squid to listen on all of these interfaces (config directive http_port). 192.168.0.1 will be used by users, while 10.0.0.x will be fake parent proxy servers that squid will connect to itself:
2) Now lets force it to use the same outgoing interface the request came in from by using some ACLs and tcp_outgoing_address directive:
You can use myip instead of src here. At this point you can also start your squid server and make sure that the configuration indeed works. Set one of the outgoing interface addresses as your browser proxy and navigate to http://www.whatismyip.com/. You should always see the address of the interface that you use.
3) Now lets set up cache peers that will point squid to itself:
ACLs and cache_peer_access directives ensure that squid will not forward the request to itself infinitely by denying access to “parent” caches to requests that came from public interfaces. “never_direct” parameters are used to make sure that POST requests are distributed too.
At this point you can set 192.168.0.1:3128 as proxy server in you browser and make sure that each time that you connect random outoing interface is selected and that this outgoing interface periodically changes.
4) Additional things you can do:
You can achieve similar effects by using “random” ACL that was introduced in squid 3.2. However if you are like me (running on Windows and too lazy to compile your own stuff), you only have access to Squid 3.0 binaries that don’t have this feature yet.
4 comments to squid random outgoing ip/interface selection