Hi all,
I am having two Internet connections at my office.They are from two different ISPs.The links from the ISP are terminating at two different machines.
I have set squid on both of these and the internet is distributed in LAN through squid.Two machines have different LAN IPs ,but in the same class....
Suppose 192.168.0.1 and 192.168.0.2

By default all the trafic is passing through 192.168.0.1
192.168.0.2 is used for some other testing purposes.
But if the link of 192.168.0.1 is down I manually shift the connections to 192.168.0.2. To do so I have to change the settings in all the clients in the LAN one by one.

So I would like to set up an HA environment... ie,if the link terminating at 192.168.0.1 goes down ,all the traffic should be redirected to 192.168.0.2:3128 .Is it possible ?
Can anyone help me ? Did anyone think of it ?

yeah it's totally possible, just using a bog standard heartbeat. check linux-ha.org for info.

in your situation though i'd *VERY* strongly suggest just using a central proxy.pac file and return both squid addresses. the proxy.pac rules say that if two caches are given equally a browser will use the first one that works. that's instant resilience without any heartbeat crap.

Hi Chris,
Thanks fro your reply
Anyway let me check that as you told.........

Hey there;

May I also suggest load balancing with round-robin DNS A records...?
I'd love to try that myself if I had two links like you do...

Cheers

I wouldn't do this as i'd assume that once the browser does the lookup for the proxy it's stuck with it. it'll load balance, but not provide resilience. could be wrong, and it'd also be totally down to the browser when it wants to reconnect to a proxy and whether a lookup is done or not.

You're right about not being fault-tolerant...
But the load balance could work if you'd set the ttl for A records of both proxy servers to a low value, like 1 minute... The client cached A record would be discarded after that time and a new lookup would be performed.
Anyway, I guess I got carried away with the two links thingy and went off-topic; sorry 'bout that...

Cheers

thank you all,
But i don't know how to define two proxy servers in proxy.pac
And after all I am willing to give direct connection for some machines in LAN.Currently it is done by FORWARD in IPTABLES. How can I do it along with this proxy setup..?

I have done some access controls .
But for those who are enjoying direct connection no limit for the access.
So should I set separate ACLs for them ....?
Or should I bring them into a separate IP range and then allow DIRECT ....... ?
I decided to define ACL on IP address basis and to allow yhem full access...
But I need help in configuring proxy.pac
Please help.......................

go to google, search for information about proxy.pac files. they are very very simple and make proxy configuration a doddle across a large deployment.