Andrew S. Howell wrote:
> cache_peer imeproxy.tibco.com parent 8080 7 no-query no-digest no-netdb-exchange
> So it looks like its matching the regex, but then not selecting the
> proxy.
>
> Any ideas?
Henrik> Squid is a bit picky about selecting parents for which it
Henrik> has nothing to weight the selection on... You can get
Henrik> around this by using never_direct.
Picky is an understatement. :)
cache_peer tickle parent 8080 7 no-query no-digest no-netdb-exchange
cache_peer imeproxy.tibco.com parent 8080 7 no-query no-digest no-netdb-exchange
acl tokyo-dstdomain dstdomain jp.tibco.com
acl pa-dstdomain dstdomain tibco.com
acl tibco-dst dst 160.101.0.0/255.255.0.0
acl reuters-dstdomain dstdomain ime.reuters.com
acl reuters-regex url_regex ime.reuters.com
cache_peer_access imeproxy.tibco.com allow reuters-regex
cache_peer_access tickle deny tibco-dst
always_direct allow tokyo-dstdomain
never_direct allow reuters-regex
Henrik> The current peer selection algorithm is something like
Henrik> this (see peerSelectFoo):
1. DIRECT if always_direct
2. If there is a single parent matching the request, and this parent has
no-query set then use this parent.
3. DIRECT if non-hierarchical and not matching never_direct.
4. Digest HIT peer.
5. CARP selected parent.
6. Closest parent according to netdb
7. ICP HIT selected parent.
8. DIRECT if we are closer than closest netdb peer.
9. ICP netdb closest MISS
10. ICP fastest MISS
11. DIRECT unless never_direct
12. Some available parent (default/roundrobin/firstup/anyup)
13. Fail
With my above configuration, it always falls through to step 12, with
FIRST_UP_PARENT.
I tried changing:
cache_peer_access tickle deny tibco-dst
to
cache_peer_access tickle deny tibco-dst reuters-regex
Thinking that this should prevent tickle from being used for anything
that matches reuter-regex. This did not help. Looking at the above
rules, I think I should be trying to get it to hit rule number 2.
Henrik> Problems:
Henrik> 2: single_parent before non-hierarchical check.
Does non-hierarchial mean to a SIBLING cache?
Henrik> All ACL checks in cache_peer_access has to be
Henrik> "fast"(non-blocking). I.e. dst type ACLs are uncertain,
Henrik> and dstdom* are uncertain if the request uses an IP
Henrik> address.
Is this why I am seeing AclMatchIP failing for hosts that I can find
with nslookup?
In another mail you said:
Henrik> cache_peer_access allow ... is the same as cache_host_acl
Henrik> ...
Henrik> Also remember that cache_peer_access can only be used to
Henrik> restrict which URLs that are sent to a peer, it does not
Henrik> force Squid to use that peer.'
That what I am trying to get to. What does force squid to use a
particular peer. From the acl's, cache_peer_xxx etc, it all seems like
it sould be so simple to do what I want, but I have yet to be able to
figure it out.
One last thing. In trying to debug this problem, I played around with
the debug in config file. Setting this to 44 for peerSelect helped,
but then of course, I was missing all the other output. I have made a
minor patch to debugArg in debug.c to allow you to give a list of
debug sections and levels. ALL is just too much information. One level
is not enough. So now I can do something like:
# set debugging on for peerSelect and access control
debug_options 44,3 28,3
I'll be glad to post it is anyone is interested.
Regards,
Andy
Received on Tue Jul 29 2003 - 13:15:55 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:12:02 MST