> Actually, I proposed two solutions. While the bash script is messy I
> will admit, the optimal solution of having a parent and child proxy is
> rather elegant, fault tolerant, and works without issue.
>
> The child proxy simply ignores and bypasses the parent proxy while the
> reload procedure is underway, and resumes passing traffic through it
> when it is ready to serve requests. You should try it.
I fail to see that the proposed temporary-redirect-to-other-squid-server
works and is cost effective (solution 1).
Does it work?
- what about the CONNECT tunnels ? no, they break
- what about the persistent HTTP connections ? no, they break
- changing iptables rules is error prone since there is a split second where the rules are removed.
Is it cost effective?
- a secondary Squid server has an estimated cost between USD 2,000 and USD 10,000. The zero-cost alternative is using ufdbGuard.
About solution 2:
Consider the following scenario:
Suppose the parent proxy configuration must be reloaded.
What mechanism will be used to signal the child proxy to ignore the parent?
- reload its configuration? No, reconfiguration of the client stops all traffic.
- simply let the connection to the parent fail? this will lead to timeouts and everything in progress fails.
- use more than 1 parent? can be done but is no cost effective since one needs an extra Squid server and still everything in progress fails.
If I am missing something, please explain how the child ignores the parent without interruption of service.
Marcus
> -
> Signed,
>
> Fix Nichols
>
> http://www.squidblacklist.org
>
>
Received on Mon Jun 10 2013 - 13:43:56 MDT
This archive was generated by hypermail 2.2.0 : Mon Jun 10 2013 - 12:00:11 MDT