|
|||||
squid random outgoing ip/interface selectionIf you want to configure squid 2.7 or newer load balance several in random or round-robin fashion outgoing connections or IP addresses in a random manner – here is how you can do it: It can be done but unfortunately it is not as easy as setting “balance_on_multiple_ip on” in squid.conf. This option would load balance multiple IP addresses of remote servers – not your outgoing addresses. If you type “nslookup google.com”, you will see that Google uses multiple IP addresses for this domain: 74.125.155.99 74.125.155.105 74.125.155.106 74.125.155.147 74.125.155.103. With ”balance_on_multiple_ip on” squid will balance the load between these addresses. Setting up squid for round robin outgoing network interface usage is based on the following fact: although squid can’t round-robin outgoing interfaces, it can round-robin parent proxy servers. So the solution is to configure squid as both child and parent and round-robin among its own parent instances while each parent instance is set-up to use specific outgoing interface. In this sample configuration we’ll set up squid to accept client connections on 192.168.0.1 address and randomly use outgoing interfaces 10.0.0.1, 10.0.0.2 and 10.0.0.3. I use 10.0.0.x for demonstration reasons. In a real config these will most likely be replaced with public Internet IPs. 1) Configure squid to listen on all of these interfaces (config directive http_port). 192.168.0.1 will be used by users, while 10.0.0.x will be fake parent proxy servers that squid will connect to itself:
2) Now lets force it to use the same outgoing interface the request came in from by using some ACLs and tcp_outgoing_address directive:
You can use myip instead of src here. At this point you can also start your squid server and make sure that the configuration indeed works. Set one of the outgoing interface addresses as your browser proxy and navigate to http://www.whatismyip.com/. You should always see the address of the interface that you use. 3) Now lets set up cache peers that will point squid to itself:
ACLs and cache_peer_access directives ensure that squid will not forward the request to itself infinitely by denying access to “parent” caches to requests that came from public interfaces. “never_direct” parameters are used to make sure that POST requests are distributed too. At this point you can set 192.168.0.1:3128 as proxy server in you browser and make sure that each time that you connect random outoing interface is selected and that this outgoing interface periodically changes. 4) Additional things you can do:
You can achieve similar effects by using “random” ACL that was introduced in squid 3.2. However if you are like me (running on Windows and too lazy to compile your own stuff), you only have access to Squid 3.0 binaries that don’t have this feature yet. 4 comments to squid random outgoing ip/interface selection |
|||||
|
Copyright © 2013 Everyday Internet Stuff - All Rights Reserved |
|||||
Thanks for a great writeup! One thing I’ve discovered with this setup is that Squid persistent connections disregard tcp_outgoing_address directive, so they need to be disabled to properly round-robin requests going to the same host:
server_persistent_connections off
Could you please post or email me a complete example configuration of this setup?
Please post or email a copy of this configuration.
I am trying to replicate this configuration with authentication, I have passed the login= options to the cache_peer directives. I am only able to exit the IPs that I enter in on. I do not seem to be able to completely replicate your configuration.
Here’s the copy of my config with comments removed and specific IP addresses masked
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src x.x.x.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow localnet
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 192.168.0.101:9000
http_port x.x.x.228:9000
http_port x.x.x.229:9000
http_port x.x.x.230:9000
http_port x.x.x.231:9000
http_port x.x.x.232:9000
http_port x.x.x.233:9000
http_port x.x.x.234:9000
http_port x.x.x.235:9000
http_port x.x.x.236:9000
http_port x.x.x.237:9000
http_port x.x.x.238:9000
http_port x.x.x.239:9000
http_port x.x.x.240:9000
http_port x.x.x.241:9000
http_port x.x.x.242:9000
http_port x.x.x.243:9000
http_port x.x.x.244:9000
http_port x.x.x.245:9000
http_port x.x.x.246:9000
http_port x.x.x.247:9000
http_port x.x.x.248:9000
http_port x.x.x.249:9000
http_port x.x.x.250:9000
http_port x.x.x.251:9000
http_port x.x.x.34:9000
http_port x.x.x.35:9000
http_port x.x.x.36:9000
http_port x.x.x.37:9000
http_port x.x.x.38:9000
http_port x.x.x.39:9000
http_port x.x.x.40:9000
http_port x.x.x.41:9000
http_port x.x.x.42:9000
http_port x.x.x.43:9000
http_port x.x.x.44:9000
http_port x.x.x.45:9000
http_port x.x.x.46:9000
http_port x.x.x.47:9000
http_port x.x.x.48:9000
http_port x.x.x.49:9000
http_port x.x.x.50:9000
http_port x.x.x.51:9000
http_port x.x.x.52:9000
http_port x.x.x.53:9000
http_port x.x.x.54:9000
http_port x.x.x.55:9000
http_port x.x.x.56:9000
http_port x.x.x.57:9000
http_port x.x.x.58:9000
http_port x.x.x.59:9000
acl src_x_x_x_228 src x.x.x.228
acl src_x_x_x_229 src x.x.x.229
acl src_x_x_x_230 src x.x.x.230
acl src_x_x_x_231 src x.x.x.231
acl src_x_x_x_232 src x.x.x.232
acl src_x_x_x_233 src x.x.x.233
acl src_x_x_x_234 src x.x.x.234
acl src_x_x_x_235 src x.x.x.235
acl src_x_x_x_236 src x.x.x.236
acl src_x_x_x_237 src x.x.x.237
acl src_x_x_x_238 src x.x.x.238
acl src_x_x_x_239 src x.x.x.239
acl src_x_x_x_240 src x.x.x.240
acl src_x_x_x_241 src x.x.x.241
acl src_x_x_x_242 src x.x.x.242
acl src_x_x_x_243 src x.x.x.243
acl src_x_x_x_244 src x.x.x.244
acl src_x_x_x_245 src x.x.x.245
acl src_x_x_x_246 src x.x.x.246
acl src_x_x_x_247 src x.x.x.247
acl src_x_x_x_248 src x.x.x.248
acl src_x_x_x_249 src x.x.x.249
acl src_x_x_x_250 src x.x.x.250
acl src_x_x_x_251 src x.x.x.251
acl src_x_x_x_34 src x.x.x.34
acl src_x_x_x_35 src x.x.x.35
acl src_x_x_x_36 src x.x.x.36
acl src_x_x_x_37 src x.x.x.37
acl src_x_x_x_38 src x.x.x.38
acl src_x_x_x_39 src x.x.x.39
acl src_x_x_x_40 src x.x.x.40
acl src_x_x_x_41 src x.x.x.41
acl src_x_x_x_42 src x.x.x.42
acl src_x_x_x_43 src x.x.x.43
acl src_x_x_x_44 src x.x.x.44
acl src_x_x_x_45 src x.x.x.45
acl src_x_x_x_46 src x.x.x.46
acl src_x_x_x_47 src x.x.x.47
acl src_x_x_x_48 src x.x.x.48
acl src_x_x_x_49 src x.x.x.49
acl src_x_x_x_50 src x.x.x.50
acl src_x_x_x_51 src x.x.x.51
acl src_x_x_x_52 src x.x.x.52
acl src_x_x_x_53 src x.x.x.53
acl src_x_x_x_54 src x.x.x.54
acl src_x_x_x_55 src x.x.x.55
acl src_x_x_x_56 src x.x.x.56
acl src_x_x_x_57 src x.x.x.57
acl src_x_x_x_58 src x.x.x.58
acl src_x_x_x_59 src x.x.x.59
acl first_req src 192.168.0.0/16 # RFC1918 possible internal network
acl second_req src x.x.x.0/24
acl second_req src x.x.x.0/24
cache_peer x.x.x.228 parent 9000 0 round-robin no-query
cache_peer x.x.x.229 parent 9000 0 round-robin no-query
cache_peer x.x.x.230 parent 9000 0 round-robin no-query
cache_peer x.x.x.231 parent 9000 0 round-robin no-query
cache_peer x.x.x.232 parent 9000 0 round-robin no-query
cache_peer x.x.x.233 parent 9000 0 round-robin no-query
cache_peer x.x.x.234 parent 9000 0 round-robin no-query
cache_peer x.x.x.235 parent 9000 0 round-robin no-query
cache_peer x.x.x.236 parent 9000 0 round-robin no-query
cache_peer x.x.x.237 parent 9000 0 round-robin no-query
cache_peer x.x.x.238 parent 9000 0 round-robin no-query
cache_peer x.x.x.239 parent 9000 0 round-robin no-query
cache_peer x.x.x.240 parent 9000 0 round-robin no-query
cache_peer x.x.x.241 parent 9000 0 round-robin no-query
cache_peer x.x.x.242 parent 9000 0 round-robin no-query
cache_peer x.x.x.243 parent 9000 0 round-robin no-query
cache_peer x.x.x.244 parent 9000 0 round-robin no-query
cache_peer x.x.x.245 parent 9000 0 round-robin no-query
cache_peer x.x.x.246 parent 9000 0 round-robin no-query
cache_peer x.x.x.247 parent 9000 0 round-robin no-query
cache_peer x.x.x.248 parent 9000 0 round-robin no-query
cache_peer x.x.x.249 parent 9000 0 round-robin no-query
cache_peer x.x.x.250 parent 9000 0 round-robin no-query
cache_peer x.x.x.251 parent 9000 0 round-robin no-query
cache_peer x.x.x.34 parent 9000 0 round-robin no-query
cache_peer x.x.x.35 parent 9000 0 round-robin no-query
cache_peer x.x.x.36 parent 9000 0 round-robin no-query
cache_peer x.x.x.37 parent 9000 0 round-robin no-query
cache_peer x.x.x.38 parent 9000 0 round-robin no-query
cache_peer x.x.x.39 parent 9000 0 round-robin no-query
cache_peer x.x.x.40 parent 9000 0 round-robin no-query
cache_peer x.x.x.41 parent 9000 0 round-robin no-query
cache_peer x.x.x.42 parent 9000 0 round-robin no-query
cache_peer x.x.x.43 parent 9000 0 round-robin no-query
cache_peer x.x.x.44 parent 9000 0 round-robin no-query
cache_peer x.x.x.45 parent 9000 0 round-robin no-query
cache_peer x.x.x.46 parent 9000 0 round-robin no-query
cache_peer x.x.x.47 parent 9000 0 round-robin no-query
cache_peer x.x.x.48 parent 9000 0 round-robin no-query
cache_peer x.x.x.49 parent 9000 0 round-robin no-query
cache_peer x.x.x.50 parent 9000 0 round-robin no-query
cache_peer x.x.x.51 parent 9000 0 round-robin no-query
cache_peer x.x.x.52 parent 9000 0 round-robin no-query
cache_peer x.x.x.53 parent 9000 0 round-robin no-query
cache_peer x.x.x.54 parent 9000 0 round-robin no-query
cache_peer x.x.x.55 parent 9000 0 round-robin no-query
cache_peer x.x.x.56 parent 9000 0 round-robin no-query
cache_peer x.x.x.57 parent 9000 0 round-robin no-query
cache_peer x.x.x.58 parent 9000 0 round-robin no-query
cache_peer x.x.x.59 parent 9000 0 round-robin no-query
cache_peer_access x.x.x.228 allow first_req
cache_peer_access x.x.x.229 allow first_req
cache_peer_access x.x.x.230 allow first_req
cache_peer_access x.x.x.231 allow first_req
cache_peer_access x.x.x.232 allow first_req
cache_peer_access x.x.x.233 allow first_req
cache_peer_access x.x.x.234 allow first_req
cache_peer_access x.x.x.235 allow first_req
cache_peer_access x.x.x.236 allow first_req
cache_peer_access x.x.x.237 allow first_req
cache_peer_access x.x.x.238 allow first_req
cache_peer_access x.x.x.239 allow first_req
cache_peer_access x.x.x.240 allow first_req
cache_peer_access x.x.x.241 allow first_req
cache_peer_access x.x.x.242 allow first_req
cache_peer_access x.x.x.243 allow first_req
cache_peer_access x.x.x.244 allow first_req
cache_peer_access x.x.x.245 allow first_req
cache_peer_access x.x.x.246 allow first_req
cache_peer_access x.x.x.247 allow first_req
cache_peer_access x.x.x.248 allow first_req
cache_peer_access x.x.x.249 allow first_req
cache_peer_access x.x.x.250 allow first_req
cache_peer_access x.x.x.251 allow first_req
cache_peer_access x.x.x.34 allow first_req
cache_peer_access x.x.x.35 allow first_req
cache_peer_access x.x.x.36 allow first_req
cache_peer_access x.x.x.37 allow first_req
cache_peer_access x.x.x.38 allow first_req
cache_peer_access x.x.x.39 allow first_req
cache_peer_access x.x.x.40 allow first_req
cache_peer_access x.x.x.41 allow first_req
cache_peer_access x.x.x.42 allow first_req
cache_peer_access x.x.x.43 allow first_req
cache_peer_access x.x.x.44 allow first_req
cache_peer_access x.x.x.45 allow first_req
cache_peer_access x.x.x.46 allow first_req
cache_peer_access x.x.x.47 allow first_req
cache_peer_access x.x.x.48 allow first_req
cache_peer_access x.x.x.49 allow first_req
cache_peer_access x.x.x.50 allow first_req
cache_peer_access x.x.x.51 allow first_req
cache_peer_access x.x.x.52 allow first_req
cache_peer_access x.x.x.53 allow first_req
cache_peer_access x.x.x.54 allow first_req
cache_peer_access x.x.x.55 allow first_req
cache_peer_access x.x.x.56 allow first_req
cache_peer_access x.x.x.57 allow first_req
cache_peer_access x.x.x.58 allow first_req
cache_peer_access x.x.x.59 allow first_req
cache_peer_access x.x.x.228 deny second_req
cache_peer_access x.x.x.229 deny second_req
cache_peer_access x.x.x.230 deny second_req
cache_peer_access x.x.x.231 deny second_req
cache_peer_access x.x.x.232 deny second_req
cache_peer_access x.x.x.233 deny second_req
cache_peer_access x.x.x.234 deny second_req
cache_peer_access x.x.x.235 deny second_req
cache_peer_access x.x.x.236 deny second_req
cache_peer_access x.x.x.237 deny second_req
cache_peer_access x.x.x.238 deny second_req
cache_peer_access x.x.x.239 deny second_req
cache_peer_access x.x.x.240 deny second_req
cache_peer_access x.x.x.241 deny second_req
cache_peer_access x.x.x.242 deny second_req
cache_peer_access x.x.x.243 deny second_req
cache_peer_access x.x.x.244 deny second_req
cache_peer_access x.x.x.245 deny second_req
cache_peer_access x.x.x.246 deny second_req
cache_peer_access x.x.x.247 deny second_req
cache_peer_access x.x.x.248 deny second_req
cache_peer_access x.x.x.249 deny second_req
cache_peer_access x.x.x.250 deny second_req
cache_peer_access x.x.x.251 deny second_req
cache_peer_access x.x.x.34 deny second_req
cache_peer_access x.x.x.35 deny second_req
cache_peer_access x.x.x.36 deny second_req
cache_peer_access x.x.x.37 deny second_req
cache_peer_access x.x.x.38 deny second_req
cache_peer_access x.x.x.39 deny second_req
cache_peer_access x.x.x.40 deny second_req
cache_peer_access x.x.x.41 deny second_req
cache_peer_access x.x.x.42 deny second_req
cache_peer_access x.x.x.43 deny second_req
cache_peer_access x.x.x.44 deny second_req
cache_peer_access x.x.x.45 deny second_req
cache_peer_access x.x.x.46 deny second_req
cache_peer_access x.x.x.47 deny second_req
cache_peer_access x.x.x.48 deny second_req
cache_peer_access x.x.x.49 deny second_req
cache_peer_access x.x.x.50 deny second_req
cache_peer_access x.x.x.51 deny second_req
cache_peer_access x.x.x.52 deny second_req
cache_peer_access x.x.x.53 deny second_req
cache_peer_access x.x.x.54 deny second_req
cache_peer_access x.x.x.55 deny second_req
cache_peer_access x.x.x.56 deny second_req
cache_peer_access x.x.x.57 deny second_req
cache_peer_access x.x.x.58 deny second_req
cache_peer_access x.x.x.59 deny second_req
tcp_outgoing_address x.x.x.228 src_x_x_x_228
tcp_outgoing_address x.x.x.229 src_x_x_x_229
tcp_outgoing_address x.x.x.230 src_x_x_x_230
tcp_outgoing_address x.x.x.231 src_x_x_x_231
tcp_outgoing_address x.x.x.232 src_x_x_x_232
tcp_outgoing_address x.x.x.233 src_x_x_x_233
tcp_outgoing_address x.x.x.234 src_x_x_x_234
tcp_outgoing_address x.x.x.235 src_x_x_x_235
tcp_outgoing_address x.x.x.236 src_x_x_x_236
tcp_outgoing_address x.x.x.237 src_x_x_x_237
tcp_outgoing_address x.x.x.238 src_x_x_x_238
tcp_outgoing_address x.x.x.239 src_x_x_x_239
tcp_outgoing_address x.x.x.240 src_x_x_x_240
tcp_outgoing_address x.x.x.241 src_x_x_x_241
tcp_outgoing_address x.x.x.242 src_x_x_x_242
tcp_outgoing_address x.x.x.243 src_x_x_x_243
tcp_outgoing_address x.x.x.244 src_x_x_x_244
tcp_outgoing_address x.x.x.245 src_x_x_x_245
tcp_outgoing_address x.x.x.246 src_x_x_x_246
tcp_outgoing_address x.x.x.247 src_x_x_x_247
tcp_outgoing_address x.x.x.248 src_x_x_x_248
tcp_outgoing_address x.x.x.249 src_x_x_x_249
tcp_outgoing_address x.x.x.250 src_x_x_x_250
tcp_outgoing_address x.x.x.251 src_x_x_x_251
tcp_outgoing_address x.x.x.34 src_x_x_x_34
tcp_outgoing_address x.x.x.35 src_x_x_x_35
tcp_outgoing_address x.x.x.36 src_x_x_x_36
tcp_outgoing_address x.x.x.37 src_x_x_x_37
tcp_outgoing_address x.x.x.38 src_x_x_x_38
tcp_outgoing_address x.x.x.39 src_x_x_x_39
tcp_outgoing_address x.x.x.40 src_x_x_x_40
tcp_outgoing_address x.x.x.41 src_x_x_x_41
tcp_outgoing_address x.x.x.42 src_x_x_x_42
tcp_outgoing_address x.x.x.43 src_x_x_x_43
tcp_outgoing_address x.x.x.44 src_x_x_x_44
tcp_outgoing_address x.x.x.45 src_x_x_x_45
tcp_outgoing_address x.x.x.46 src_x_x_x_46
tcp_outgoing_address x.x.x.47 src_x_x_x_47
tcp_outgoing_address x.x.x.48 src_x_x_x_48
tcp_outgoing_address x.x.x.49 src_x_x_x_49
tcp_outgoing_address x.x.x.50 src_x_x_x_50
tcp_outgoing_address x.x.x.51 src_x_x_x_51
tcp_outgoing_address x.x.x.52 src_x_x_x_52
tcp_outgoing_address x.x.x.53 src_x_x_x_53
tcp_outgoing_address x.x.x.54 src_x_x_x_54
tcp_outgoing_address x.x.x.55 src_x_x_x_55
tcp_outgoing_address x.x.x.56 src_x_x_x_56
tcp_outgoing_address x.x.x.57 src_x_x_x_57
tcp_outgoing_address x.x.x.58 src_x_x_x_58
tcp_outgoing_address x.x.x.59 src_x_x_x_59
hierarchy_stoplist cgi-bin ?
cache_dir null /null
access_log c:/squid/var/logs/access.log squid
referer_log c:/squid/var/logs/referer.log
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
acl apache rep_header Server ^Apache
header_access Allow allow all
header_access Authorization allow all
header_access WWW-Authenticate allow all
header_access Proxy-Authorization allow all
header_access Proxy-Authenticate allow all
header_access Cache-Control allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Type allow all
header_access Date allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Last-Modified allow all
header_access Location allow all
header_access Pragma allow all
header_access Accept allow all
header_access Accept-Charset allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Content-Language allow all
header_access Mime-Version allow all
header_access Retry-After allow all
header_access Title allow all
header_access Connection allow all
header_access Proxy-Connection allow all
header_access Cookie allow all
header_access Set-Cookie allow all
header_access All deny all
visible_hostname squid
never_direct allow first_req
never_direct deny second_req
forwarded_for off
coredump_dir c:/squid/var/cache
–enable-http-violations
negative_ttl 0