I used the searched function and nothing pointed me in the right direction.
My current setup is just a routerboard 450 load balancing 4 lines. I want to add a squid server to the table. So I ran the setup on my desk here. MikrotikRB2011L with the squid server. It worked great. Now I wanted to run it along side my current setup. The whole network came to a crawl. Disabled the squid server wan port and firewall nat rule and the system came alive again.
I added the squid server to the system as if it was another modem.
So any help would be great.
Do I load balance before the squid server than another router for the lan?
Thanks
-
-
reinerotto
Long time Member
- Posts: 523
- Joined:
Re: Load Balancing, how can I add a squid server?
Sorry, I do not understand your Setup. "Load balancing" ... you have 4 WAN (Internet lines), to be balanced, for 1 LAN ?
Or, 4xLAN, 1 WAN (Internet Connection), into which squid has to be inserted ?
And, do you use squid in a transparent Setup (bit tricky), or as an explicit upstream proxy, which is the more robust method ?
I am asking, because I am quite familar with squid configs, not so into MT Setups.
Or, 4xLAN, 1 WAN (Internet Connection), into which squid has to be inserted ?
And, do you use squid in a transparent Setup (bit tricky), or as an explicit upstream proxy, which is the more robust method ?
I am asking, because I am quite familar with squid configs, not so into MT Setups.
Re: Load Balancing, how can I add a squid server?
My main setup is a RB load balancing 4 x WAN. My network has been growing so I thought I would add in a squid server. My understanding is a squid server would help take some stress off the network since it would load sites already visited.
So I followed these instructions -> http://aacable.wordpress.com/2011/12/30 ... nce-guide/
It worked great while bench testing it with just one computer. I decided to add it to the network and everything went south. So I decided to put the 4xWAN load balancing router to eth0 and eth1 to anther router "dhcp server" to serve the network. It worked somewhat. It loaded pages faster but some pages would not load. You would have to click refresh a couple times to get it going.
Switching the network back to its original state brought speeds back to normal. I havent lost faith in the squid server but I think I need a little more help on programming the RB or maybe the squid server.
Thanks
So I followed these instructions -> http://aacable.wordpress.com/2011/12/30 ... nce-guide/
It worked great while bench testing it with just one computer. I decided to add it to the network and everything went south. So I decided to put the 4xWAN load balancing router to eth0 and eth1 to anther router "dhcp server" to serve the network. It worked somewhat. It loaded pages faster but some pages would not load. You would have to click refresh a couple times to get it going.
Switching the network back to its original state brought speeds back to normal. I havent lost faith in the squid server but I think I need a little more help on programming the RB or maybe the squid server.
Thanks
-
-
reinerotto
Long time Member
- Posts: 523
- Joined:
Re: Load Balancing, how can I add a squid server?
Sorry, I do not see any info in the link, so I only can tell, how I would have done it.
First config, to start with, to keep it simple:
Squid to be put into one dedicated PC with eth0 and eth1. eth0: to your LAN, eth1: to the MT-box.
Also to run DHCP-/SNTP/(caching-)DNS-server in the squid-box, because it would be default gateway for the LAN, anyway.
squid-box needs routing, of course, and has MT on eth1: as default gateway.
All client-PCs in the LAN then need to have the squid-box as a HTTP(S)-proxy to be configured in the browser, using a proxy.pac, for example.
Next step would be a transparent setup for squid, which means, to get rid of the proxy.pac; although more convenient for the users, setup is more complicated and failure-prone, so only to try after the simple approach is up and running.
You will definitely have a positive effect regarding response times; depending on your users and the size of the caching-disks, you might expect a hit-rate of 30% to 50% or even more.
Very important: The setup of the filesystem for the caching disks has a huge impact on performance. I would recommend a "degenerated" ext4 (no journal etc.)
However, for more squid-specific issues, use
http://squid-web-proxy-cache.1019090.n4.nabble.com/
There are the developers to be found. And me, too
Re: Load Balancing, how can I add a squid server?
Sorry about the links, These are the links I used to help my get the server up.
http://aacable.wordpress.com/2011/12/30 ... nce-guide/
http://aacable.wordpress.com/2011/08/08 ... ver-guide/
http://www.cyberciti.biz/tips/linux-set ... howto.html
http://aacable.wordpress.com/2011/12/30 ... nce-guide/
http://aacable.wordpress.com/2011/08/08 ... ver-guide/
http://www.cyberciti.biz/tips/linux-set ... howto.html
-
-
reinerotto
Long time Member
- Posts: 523
- Joined:
Re: Load Balancing, how can I add a squid server?
It is always a bit risky to rely on second-hand advice.
Setting up working transparent squid is a bit problematic.
Have a look at the info from the authors of squid regarding this feature:
http://wiki.squid-cache.org/ConfigExamp ... olicyRoute
And
http://wiki.squid-cache.org/ConfigExamp ... t/AtSource
states:
WARNING: Using NAT interception is not recommended other than as a final backup to other systems.
There are other methods such as Proxy WPAD/PAC, linux http_proxy environment variable, and windows policy enforcement of browser config.
All of which are just as effective and encounter less problems when multiple clients are involved.
NP: This configuration is given for use on a single client box.
We have had no successful reports of people using DNAT at the gateway machine to direct traffic at a separate squid box.
We have had several good reports about ../IptablesPolicyRoute for those setups.
That simply confirms my note from above: Better start with a simple config.
Also have a look here:
http://wiki.squid-cache.org/SquidFaq/Co ... figuration
Setting up working transparent squid is a bit problematic.
Have a look at the info from the authors of squid regarding this feature:
http://wiki.squid-cache.org/ConfigExamp ... olicyRoute
And
http://wiki.squid-cache.org/ConfigExamp ... t/AtSource
states:
WARNING: Using NAT interception is not recommended other than as a final backup to other systems.
There are other methods such as Proxy WPAD/PAC, linux http_proxy environment variable, and windows policy enforcement of browser config.
All of which are just as effective and encounter less problems when multiple clients are involved.
NP: This configuration is given for use on a single client box.
We have had no successful reports of people using DNAT at the gateway machine to direct traffic at a separate squid box.
We have had several good reports about ../IptablesPolicyRoute for those setups.
That simply confirms my note from above: Better start with a simple config.
Also have a look here:
http://wiki.squid-cache.org/SquidFaq/Co ... figuration
Re: Load Balancing, how can I add a squid server?
In this scenario , Mikrotik have Three interface card. Description is as follows
1) LAN interface = Connected with user switch
2) WAN interface = Connected with ISP WAN
3) Proxy interface = Connected with SQUID PROXY Server via Crossover cable
*** SQUID Server have two lan cards.
One is connected with ISP WAN
Other is connected directly with Mikrotik with cross over cable.
/ip route
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=(PROXY_GATEWAY) routing-mark=http scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=(WAN_GATEWAY) scope=30 target-scope=10
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=0/0 max-limit=0/0 name=Proxy-HITTING packet-marks=proxy-hit parent=none priority=1 queue=default-small/default-small total-queue=default-small
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=100M name=CACHE-HIT packet-mark=proxy-hit parent=global-out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=100M name=pmark packet-mark=proxy-hit parent=global-out priority=1 queue=default
/ip firewall mangle
add action=mark-packet chain=prerouting comment=squid disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no
add action=mark-routing chain=prerouting comment="" disabled=no dst-port=80 new-routing-mark=http passthrough=yes protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat disabled=no dst-port=80 protocol=tcp to-addresses=192.168.5.1 to-ports=8080
add action=masquerade chain=srcnat comment="NAT FOR 172.168.0.0/24 SERIES" disabled=no out-interface=wan src-address=(Your Desire Lan Network)
(192.168.5.2 is the SQUID proxy server ip)
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=250000KiB max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4
*** Please don’t copy-paste, just follow the rule & i hope you will success.
1) LAN interface = Connected with user switch
2) WAN interface = Connected with ISP WAN
3) Proxy interface = Connected with SQUID PROXY Server via Crossover cable
*** SQUID Server have two lan cards.
One is connected with ISP WAN
Other is connected directly with Mikrotik with cross over cable.
/ip route
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=(PROXY_GATEWAY) routing-mark=http scope=30 target-scope=10
add comment="" disabled=no distance=1 dst-address=0.0.0.0/0 gateway=(WAN_GATEWAY) scope=30 target-scope=10
/queue simple
add burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s comment="" direction=both disabled=no dst-address=0.0.0.0/0 interface=all limit-at=0/0 max-limit=0/0 name=Proxy-HITTING packet-marks=proxy-hit parent=none priority=1 queue=default-small/default-small total-queue=default-small
/queue tree
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=100M name=CACHE-HIT packet-mark=proxy-hit parent=global-out priority=1 queue=default
add burst-limit=0 burst-threshold=0 burst-time=0s disabled=no limit-at=0 max-limit=100M name=pmark packet-mark=proxy-hit parent=global-out priority=1 queue=default
/ip firewall mangle
add action=mark-packet chain=prerouting comment=squid disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no
add action=mark-packet chain=postrouting comment="" disabled=no dscp=12 new-packet-mark=proxy-hit passthrough=no
add action=mark-routing chain=prerouting comment="" disabled=no dst-port=80 new-routing-mark=http passthrough=yes protocol=tcp
/ip firewall nat
add action=dst-nat chain=dstnat disabled=no dst-port=80 protocol=tcp to-addresses=192.168.5.1 to-ports=8080
add action=masquerade chain=srcnat comment="NAT FOR 172.168.0.0/24 SERIES" disabled=no out-interface=wan src-address=(Your Desire Lan Network)
(192.168.5.2 is the SQUID proxy server ip)
/ip dns
set allow-remote-requests=yes cache-max-ttl=1w cache-size=250000KiB max-udp-packet-size=512 servers=8.8.8.8,8.8.4.4
*** Please don’t copy-paste, just follow the rule & i hope you will success.
Re: Load Balancing, how can I add a squid server?
Thanks Guys!
Finally got it working on the second try. The server failed after a hour though, after doing some homework it came down to DNS issues. Learning bit by bit.
Thanks again.
Finally got it working on the second try. The server failed after a hour though, after doing some homework it came down to DNS issues. Learning bit by bit.
Thanks again.