Home / server / Questions / 188451
Accepted
HUB
Asked: 2010-10-07 23:59:19 +0800 CST

LVS (ipvs) load balanced Squid. Problems with some sites

  • 772

I'm trying to set up a two-node squid proxy cluster. It would be a normal proxy (neither reverse, nor transparent).

I'm using LVS (kernel 2.6.32, ipvsadm v.1.2.1, tunneling) for load balancing, ldirectord (v. 1.0.3) for HA, squid (v.3.1.7) as a proxy server.

The cluster works OK for most sites, but experiences problems with (for instance) login to google accounts, login to serverfault.com via OpenID, etc. It seems that problems appear at sites with some kind of redirect, though on other sites 301-coded redirects work fine. When I work directly through each proxy node, everything is OK. I tried different types of job scheduling algorithms in LVS, but it didn't help. Leaving only one node in the cluster also doesn't solve the problem. Squid's access.log and cache.log are also "clean", no errors appear, just a normal acivity.

Did anybody met such problems? Does anybody have a working cluster of this type (balanced with IPVS)? Any ideas on troubleshooting?

Here are some parts of config files: ldirectord.cf:

# Virtual Server for HTTP_PROXY
virtual=10.128.0.109:8080
        fallback=127.0.0.1:80
        real=10.128.1.43:8080 ipip 30
        real=10.128.0.106:8080 ipip 40
        service=http_proxy
        request="http://www.google.com/index.html"
        receive="Google Search"
        scheduler=wlc
        #persistent=600
        protocol=tcp
        checktype=negotiate

squid.conf:

http_port 10.128.0.106:8080 # "real" IP of the node
http_port 10.128.0.109:8080 # "Virtual" IP of the cluster on tunl0 interface
http_port 127.0.0.1:8080
cache_mem 300 MB
cache_dir ufs /opt/squid/var/cache 500 16 256
cache_effective_user squid
cache_effective_group squid
visible_hostname AQUA-node
cachemgr_passwd SquidCM all
access_log /opt/squid/var/logs/access.log
logfile_rotate 5

# ICQ connect (experimental)
acl ICQ_ADDR dst 64.12.0.0/16 205.188.0.0/16
acl ICQ_PORT port 5190 443
acl CONNECT method CONNECT
acl ICQ_PROTO proto HTTPS
acl ICQ_DOMAIN dstdomain .icq.com .aol.com .aim.com
always_direct   allow   ICQ_DOMAIN ICQ_PORT CONNECT
always_direct   allow   ICQ_ADDR   ICQ_PORT CONNECT

acl allnet_temp src 10.0.0.0/8
http_access allow allnet_temp

http_access deny all

If any other information needed, just let me know.

xen linux load-balancing squid lvs

2 Answers

  1. Try to use lblc,lblcr or sh scheduler. lblcr is best for cache proxy. Problems due to round-robin connection balancing.

    Does anybody have a working cluster of this type (balanced with IPVS)? Any ideas on troubleshooting?

    I have two http-proxy cluster(10-12 proxy in cluster). Use LVS(lblcr,ipip tunneling,squid 2.7 transparent)

    • 2
  2. Best Answer

    Problem solved.

    I've built vanila kernel 2.6.35-7 with pv-ops (were needed because load balancer is a paravirtual machine) and LVS began working as needed. May be, this was a regression in Xenlinux kernel, may be just an old version bug. Versions of other software components didn't change.

    P.S. Thanks to bindbn for scheduler choice tips.

    • 1