Squid load-balancing between two servers

By Miriel Martn Mesa (mirielmm at gmail . com)

What Is Load Balancing?

Load balancing shares the network traffic between two or more servers so that a single server does not get loaded with requests. Load balancing increases performance and reliability. You can use multiple processors or multiple threads in a single processor for load balancing. Load balancing does not require dedicated software and hardware nodes. DNS servers can run the round-robin algorithm against multiple IP Addresses associated with a single domain name. Squid is generally used to act as a caching proxy server. It sends client HTTP requests to the proxy server. The proxy server fetches web pages in accordance with the cache setup, and returns them to the client. Squid can be used to perform basic round-robin load balancing, and to cache results based on your cache configuration.

Installing and Configuring

#sudo apt-get install squid3 apache2 quagga Where: -Squid3: Is a full-featured web proxy cache server application which provides proxy and cache services for Hyper Text Transport Protocol (HTTP), File Transfer Protocol (FTP), and other popular network protocols. -Apache: The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. Necessary for shared the proxy auto-config (pac) file. -Quagga: is a routing software suite, providing implementations of OSPFv2, OSPFv3, RIP v1 and v2, RIPng and BGP-4 for Unix platforms, particularly FreeBSD, Linux, Solaris and NetBSD. Quagga is a fork of GNU Zebra which was developed by Kunihiro Ishiguro.

Configuring Network devices

Edit file: /etc/network/interfaces Server A auto eth1 iface eth1 inet static address 10.128.5.26 netmask 255.255.255.0 network 10.128.5.0 broadcast 10.128.5.255 dns-nameservers 10.128.5.100 10.128.5.26 dns-search example.com auto eth2 iface eth2 inet static address 10.128.2.20 netmask 255.255.255.0 auto eth3 iface eth3 inet static address 192.168.1.1 netmask 255.255.255.0

Server B auto eth1 iface eth1 inet static address 10.128.5.27 netmask 255.255.255.0 network 10.128.5.0 broadcast 10.128.5.255 dns-nameservers 10.128.5.100 10.128.5.26 dns-search example.com auto eth2 iface eth2 inet static address 10.128.2.21 netmask 255.255.255.0 auto eth3 iface eth3 inet static address 192.168.1.2 netmask 255.255.255.0 Where: Eth1: LAN access Eth2: WAN access Eth3: Cache communication between server A and B. This interface is used to connect both machines between them using a crossover UTP cable

Configuring quagga
You have to activate the Quagga daemons matching the routing protocols you want to set on your router: Zebra: Interface declaration and static routing Bgpd: BGP routing protocol. OSPFD: OSPF routing protocol. RIPD: RIP v2 routing protocol. RIPNGD: RIP IPv6 routing protocol. We use Zebra for routing and it is necessary create or edit /etc/quagga/zebra.conf The servers A and B use the same configuration. ! Static default route sample. ip route 10.0.0.0/8 10.128.5.1 ip route 192.168.1.0/24 192.168.1.1 ip route 0.0.0.0/0 10.128.2.18 Explanation: All applications to or from the 10.0.0.0 / 8 network will be routed by the interface eth1. All traffic to the 192.168.1.0 network will be routed by the interface eth3 and the rest of traffic (internet) would through the interface eth2

Must also enable the demon by editing: /etc/quagga/daemons and restart the service zebra=yes bgpd=no ospfd=no ospf6d=no ripd=no ripngd=no isisd=no #sudo /etc/init.d/quagga restart

Configuring Squid
The configuration directives for Squid are located in /etc/squid3/squid.conf. Edit this file now by typing: #sudo nano /etc/squid/squid.conf Find in /etc/squid/squid.conf the line: # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS and insert the following: include /etc/squid3/individual-config.cfg And in the file /etc/squid/individual-config.cfg, in each of the servers you need to add Server A cache_peer 192.168.1.2 sibling 8080 0 proxy-only http_port 10.128.5.26:8080 http_port 192.168.1.1:8080 Server B cache_peer 192.168.1.1 sibling 8080 0 proxy-only http_port 10.128.5.27:8080 http_port 192.168.1.2:8080 These lines specified in each of the servers where squid is the brother who needs to consult before searching internet every request and the port which listens for requests. The above line is the only information in squid.conf different on both servers. When you separate that line, you can copy the file squid.conf from one server to another and so ensure that both servers have the same configuration. The following line ensures access to each server cache servers acl localhost src 127.0.0.1/32 10.128.5.26/32 10.128.5.27/32 10.128.2.20/32 192.168.1.1/32 192.168.1.2/32 10.128.5.218 http_access allow manager localhost

visible_hostname proxy.example.com

auth_param basic program /usr/lib/squid3/squid_ldap_auth -P -R -b "ou=people,dc=mu,dc=edu,dc=et" -D "uid=manager,ou=people,dc=example,dc=com" -w "USERPASSWOD" -f uid=%s -h ldap.example.com auth_param basic children 100 auth_param basic realm University Squid proxy-caching web server auth_param basic credentialsttl 1 hours auth_param basic casesensitive on # And finally deny all other access to this proxy #================================================================================= =========== # All preople from here need Auth #================================================================================= =========== acl auth-people proxy_auth REQUIRED http_access allow auth-people

#================================================================================ # Limit Number of users by IP #================================================================================ acl user-by-ip max_user_ip -s 1 http_access deny user-by-ip #================================================================================ # Deny all from here #================================================================================= http_access deny all Is important to create in /var/www/ auto-config file for use by browsers: /var/www/config.pac function FindProxyForURL( url, host ) { if( isPlainHostName(host) ) return "DIRECT"; if( isInNet(host,"127.0.0.0","255.0.0.0") ) return "DIRECT"; if( shExpMatch(host,"*.example.com")) return "DIRECT"; if( isInNet(host,"10.0.0.0","255.0.0.0") ) return "DIRECT"; return "PROXY proxy.example.com:8080"; }

Configuring DNS
You need to add two lines to the DNS server, editing: /etc/bind/db.example.com proxy Where: First column is name of the proxy Second column is TTL: in the DNS context defines the duration in seconds that the record may be cached in seconds. 100 100 IN IN A A 10.128.5.26 10.128.5.27