Hi,

I am trying to create some redundancy/load balancing for two Squid servers, that we are mostly using as web filters. All of the servers in the network are configured to look for the original Squid server IP, but I've cloned that machine (through VMWare) to create the second Squid server. I would like to avoid changing the config files on all the servers in the environment, so it was suggested that I use a VIP. How do I create a VIP and have both the original Squid and the cloned Squid servers sit behind it? I know I will have to change the IP's of the Squid servers, since I want the VIP to have the IP of the original (to avoid having to change it throughout the environment). Any help or other suggestions for achieving my goal of redundancy/load balancing would be greatly appreciated.

Would this be easily achieved by using NAT and iptables? If so, how?

http://www.linuxvirtualserver.org/ details good solutions for a vip, BUT do you really want to do this? If you're looking to benefit from caching then it doesn't really make sense to round robin multiple proxies. On servers I would generally look to just use a failover solution, and for browsers (i.e. with more advanced proxy client capabilites) you can use a clever proxy.pac trick and use a hash of the uri to reliably send requests for the same resources to the same proxy, and still have full HA under a different model. http://www.novell.com/coolsolutions/appnote/12952.html you mention servers more than client though, so the mileage is limited, but as above, I would actively recommend pure active / passive over load balancing if your clients can't use a proxy.pac.

I think this is a better way to describe what I'm asking:

Is it possible to have a simple IP failover setup, such as with keepalived, with 2 physical servers, without using LVS?

2 physical servers. No load balancing needed. Server1 can do all the work while its up. If Server1 goes down, Server2 picks up the slack.

There is no third server or router that is monitoring Server1 and Server2, so there would be no single point of failure.

Can I do this with a simple keepalived configuration on each server?

you could do that, yes. There's an even easier approach really, as it can all be scripted pretty trivially. I tend to come back to this article... http://onlamp.com/pub/a/onlamp/2003/...inuxhacks.html

Thanks for the site reference. It looked like it could definitely be of use. I think at this point it's obvious I've never done anything like this, so I keep getting confused on the part of actual IP's versus virtual or NAT'd IP's. Let's say I have a server with an IP of 192.168.100.10 and I want to add a redundant server of 192.168.100.11. Servers on the network are already configured to send requests to 192.168.100.10, since it's the original, so how does the redundant server get configured so that there's no IP conflict and the other servers still only see 192.168.100.10? Is that only capable through NAT? Would an alias work as well, or is there any other solution to that?

NAT? Where would NAT come into the equation?

In the page I linked to it is done via an alias, so you'd change the main address of the primary server to something else, and put the old address back on as an alias on the same interface.