Tek Bahadur Limbu wrote:
> Danish Siddiqui wrote:
>>
>> Tek Bahadur Limbu wrote:
>>> Danish Siddiqui wrote:
>>>> Hi,
>>>> Ive got squid proxy server running on a CentOS 4.4 machine. This proxy
>>>> server is connected to the internet through a Sonicwall PRO3060
>>>> firewall machine.
>>>>
>>>> We have got three different ISP lines, one of which is used by squid.
>>>> All the three lines terminate at the firewall. One of these links then
>>>> goes to the squid server.
>>>> Many a times it happens that the internet link on the squid line goes
>>>> down, because of which we have to switch the squid server on to one of
>>>> the remaining ISP lines.
>>> Hi Danish Siddiqui,
>>>
>>> When the 1st ISP goes down, does that mean that you actually have to
>>> switch the cable from your squid box to the 2nd or 3rd ISP link on
>>> your Sonicwall machine?
>>>
>> No, the only cable that is connected to the squid box is from the
>> Sonicwall firewall.
>>>> I was planning a setup in which an extra NIC would be attached to the
>>>> squid server. This NIC would be connected to a different ISP line, so
>>>> that when one link goes down, the squid proxy server automatically
>>>> switches on to the next line, wherein the LAN users dont get to feel
>>>> the difference while browsing. Also, when the original link gets
>>>> restored, the squid server automatically switches back on to the
>>>> original link
>>> If your Sonicwall firewall and routing policy allows you to access
>>> all 3 ISPs lines from your Squid box, I think that you can use the
>>> "tcp_outgoing_address" parameter to switch to either the 2nd or 3rd
>>> ISP connection when the 1st ISP goes down.
>>>
>>> Of course, you must have a small script in Crontab to check for
>>> internet connectivity to your 1st ISP at regular intervals, say
>>> every 2 minutes.
>>>
>> How will the script go. Can you give me some pointers till the time I
>> look around for it.
>
> Hi,
>
> I think a simple script such as PING should suffice. If your 1st ISP
> goes down, can you ping your Sonicwall Firewall WAN port?
>
>
>
>>> If the 1st ISP gets internet connectivity again, then let the script
>>> restore connectivity from the 2nd or 3rd ISP back to the 1st ISP again.
>>>
>>> But again, adding 2 extra NIC cards to your Squid box will provide
>>> you more control and fail over. In my opinion, it will be a very
>>> interesting option.
>>>
>> Seems interesting to me too
>>> If your Squid box is running on Linux with a kernel greater than
>>> 2.4.20, then you can apply traffic and routing rules.
>> Its running on a CentOS 4.4 with kernel 2.6.9-42.ELsmp
>>> Please see the following link:
>>>
>>> http://lartc.org/howto/lartc.rpdb.multiple-links.html
>>>
>>> This guys really seem to perform some kind of magic with advanced
>>> routing and traffic control!
>>>
>
> Have you given any thoughts to implementing such a feature suggested
> by lartc.org ?
> I think it's ideal for your case where you have 3 internet providers
> where you can split the load among the 3 providers?
>
I tried to go through the above lartc.org link, but unfortunately I
wasnt able to understand much .
Instead I'm going through this link to clear my basics first
http://www.hispafuentes.com/hf-doc/HOWTOs/Linux-html-HOWTOs-20021014/HOWTO/Net-HOWTO/x552.html
Danish
Thanking you...
>
>>>
>>>> My current setup requires me to deny access to the squid server till
>>>> the time it is up again.
>>> I suppose that you can't access all 3 ISPs lines from your Squid box?
>> Ill have to go according to your suggestions. But at the moment the
>> squid box can access only 1 ISP line
>>>> Is this setup possible? And if yes, can you please tell me how or
>>>> point me to the necessary resources.
>>> I definitely think it is possible. Let's wait and get more help and
>>> input from other experts and professionals from the Squid mailing list.
>>>
>>>
>>> Thanking you...
>>>
>>>> Thanks
>>>> Danish The information contained in this electronic message and any
>>>> attachments to this message are intended for the exclusive use of
>>>> the addressee(s) and may contain proprietary, confidential or
>>>> privileged information. If you are not the intended recipient, you
>>>> should not disseminate, distribute or copy this e-mail. Please
>>>> notify the sender immediately and destroy the original message all
>>>> copies of this message and any attachments.
>>>> WARNING: Computer viruses can be transmitted via email. The
>>>> recipient should check this email and any attachments for the
>>>> presence of viruses. The company accepts no liability for any
>>>> damage caused by any virus transmitted by this email.
>>>>
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>> The information contained in this electronic message and any
>> attachments to this message are intended for the exclusive use of the
>> addressee(s) and may contain proprietary, confidential or privileged
>> information. If you are not the intended recipient, you should not
>> disseminate, distribute or copy this e-mail. Please notify the sender
>> immediately and destroy the original message all copies of this
>> message and any attachments.
>> WARNING: Computer viruses can be transmitted via email. The recipient
>> should check this email and any attachments for the presence of
>> viruses. The company accepts no liability for any damage caused by
>> any virus transmitted by this email.
>>
>>
>>
>
>
The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy the original message all copies of this message and any attachments.
WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
Received on Mon Jul 09 2007 - 05:24:46 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:03 MDT