Mikrotik | Forum Mikrotik Indonesia   Mikrotik Manual Mikrotik iSPY Mikrotik RSS Feed
This Logo is a Courtesy from RumahDowty

Go Back   Mikrotik | Forum Mikrotik Indonesia > Diskusi Mikrotik RouterOS > General Networking
Reload this Page load-balancing squid
iSpy My iTrade Register FAQ Members List Calendar Mark Forums Read

Diskusi load-balancing squid pada General Networking | Mikrotik | Forum Mikrotik Indonesia : baru dapet dari om wiki. cara men load-balancing squid untuk di pake dalam satu ...


Official Board Announcements
NEW
Kunjungi Forum Diskusi PROXY Linux di FMI
donasi



 
Reply
 
LinkBack Thread Tools
  #1 (permalink)  
Old 10-06-2008, 23:20
felix_sg felix_sg is offline
Member Super Senior
  
Join Date: Sep 2007
Location: indonesia
Posts: 607
iTrader: (0)
Thanks: 42
Thanked 78 Times in 58 Posts
felix_sg is on a distinguished roadfelix_sg is on a distinguished roadfelix_sg is on a distinguished roadfelix_sg is on a distinguished roadfelix_sg is on a distinguished road
load-balancing squid



baru dapet dari om wiki.

cara men load-balancing squid untuk di pake dalam satu network...

skenario :
dalam satu network mis: rt/rw net. kita ingin mengadakan squid sebagai proxy. kalau biasaya kita cuma memakai satu squid. dengan tutorial ini, kita bisa memakai sampai 3 squid sekaligus.
kalo bayangan pribadi saya sih, squid 1 bisa untuk object kecil. squid 2 untuk object sedang, dan squid 3 untuk object besar. ndak tahu apa bisa seperti itu prakteknya.

topologi :

inet(10.1.2.0/28)............mikrotik....local client
...........V
...........V
..........squid-1 10.1.2.2
..........squid-2 10.1.2.3
..........squid-3 10.1.2.4

jadi inet, baru squid, baru mikrotik dan terakhir pelanggan.


Step. 1

Mark routing for HTTP-packet.
/ip firewall mangle add chain=prerouting protocol=tcp dst-port=80 action=mark-routing \
new-routing-mark=http passthrough=no

bikin route baru dimana semua http mengarah ke squid diatas mikrotik.

Step. 2

Add a default route for HTTP-traffic to all SQUID proxies and check them using ping.
/ ip route
add dst-address=0.0.0.0/0 gateway=10.1.2.4,10.1.2.3,10.1.2.2 \
check-gateway=ping scope=255 target-scope=10 routing-mark=http comment="" \
disabled=no

bikin route untuk squid kita, supaya bisa akses internet. sistem routing yang di pake adalah round-robin.

Step. 3

Configure all SQUID proxies to listen transparent and redirect HTTP-traffic on SQUID's port ( i.e transparent SQUID is running on 3128 port).
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j \
REDIRECT --to-ports 3128

ini perintah di linux, biar squid transparent.

Now we configure ( squid.conf ) all proxies to use cache Peering using ICP protocol.

proxy1
icp_port 3130
cacher_peer 10.1.2.3 sibling 3128 3130
cacher_peer 10.1.2.4 sibling 3128 3130

proxy2
icp_port 3130
cacher_peer 10.1.2.2 sibling 3128 3130
cacher_peer 10.1.2.4 sibling 3128 3130


proxy3
icp_port 3130
cacher_peer 10.1.2.2 sibling 3128 3130
cacher_peer 10.1.2.3 sibling 3128 3130

masalah parent dan sibling, tergantung kebutuhan masing2.

lebih jelasnya silakan ke http://wiki.mikrotik.com/wiki/Multi_squid_redirections

semoga berguna buat semua rekan2 disini...

Last edited by felix_sg : 11-06-2008 at 03:19. Reason: tambahan
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following 2 Users Say Thank You to felix_sg For This Useful Post:
  #2 (permalink)  
Old 12-06-2008, 08:19
princenux princenux is offline
Member
  
Join Date: Aug 2007
Posts: 264
iTrader: (0)
Thanks: 1
Thanked 126 Times in 21 Posts
princenux is on a distinguished roadprincenux is on a distinguished roadprincenux is on a distinguished roadprincenux is on a distinguished roadprincenux is on a distinguished roadprincenux is on a distinguished road
kalo dibikin kaya gituh...
gimana bisa set proxy1 buat object kecil... proxy 2 sedang dan proxy 3 besar ?
kalo begitu pan sama aja...

lagian di satu tempat buat apa proxy banyak2

biasa proxy di pake banyak2 kalo beda site... misalnya di HQ sama di Site.. jadi di Site (red. cabang), pake proxy, dan di HQ pake proxy juga, nanti mereka parent and child.

jadi ketika di site mau keluar cek ke proxy site dulu, kalo ada yah di ambil dari proxy site... tapi kalo di site gak ada.. otomatis akan keatas, dan di cek di proxy HQ, kalo gak ada baru keluar ke internet...

biasa sih setau gua gituh... kalo satu site (red. tempat), pake banyak2 proxy, agak2 aneh....

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 12-06-2008, 22:04
sherayusuf's Avatar
sherayusuf sherayusuf is offline
Member
  
Join Date: Sep 2007
Location: bekasi-jakarta bolak balik
Posts: 189
iTrader: (0)
Thanks: 16
Thanked 24 Times in 12 Posts
sherayusuf is on a distinguished roadsherayusuf is on a distinguished road
Send a message via Yahoo to sherayusuf
wah klo saya mending pake proxy yg specnya agak lumayan trus sama banyakin HD scsi yg kecil2 aja
kinerja squid kan tergantung dari configurasi yg benar dan di sesuaikan dgn spesifikasi hardware biar dapet high perfomance dan hit rate tinggi

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 12-06-2008, 22:50
felix_sg felix_sg is offline
Member Super Senior
  
Join Date: Sep 2007
Location: indonesia
Posts: 607
iTrader: (0)
Thanks: 42
Thanked 78 Times in 58 Posts
felix_sg is on a distinguished roadfelix_sg is on a distinguished roadfelix_sg is on a distinguished roadfelix_sg is on a distinguished roadfelix_sg is on a distinguished road
@princenux
emang bener.. pendapat anda.
sy cuma mengandai-andai aja. teori saya sih cuma berdasarkan bahwa dgn squid kita bisa mengatur min_object dan max_object. nah dari situ timbul pengandaian apabila proxy1 cuma mencache objcet mis:0-500KB, proxy2:501KB-16MB, proxy3:16MB-100MB misalnya. dengan sistem saling parent. karena terus-terang hasil dari pengamatan saya kebanyakan sih squid itu cache obyek2 kecil yang bikin dia kerja berat.
sekali lagi cuma pengandaian dari saya aja. soalnya saya juga belum pernah coba.

@sherayusuf
tul memang harus pake scsi kecil2 yang banyak...
sayang ndak punya scsi..

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 25-04-2010, 16:54
xopal's Avatar
xopal xopal is offline
Member
  
Join Date: Jan 2010
Posts: 220
iTrader: (0)
Thanks: 40
Thanked 19 Times in 17 Posts
xopal is on a distinguished roadxopal is on a distinguished road
Send a message via Yahoo to xopal
aku coba model squid balancing seperti ini :

cache1 172.17.10.2
cache2 172.17.20.2

internet-----------mikrotik-----------client
-------------------|----|
-------------------|----|
-------------------|----|
-------------cache1 cache2

cache1 sibling dengan cache2

tambahan conf cache1
Code:
icp_port 3130
icp_access allow localnet
icp_access deny all
cache_peer 172.17.20.2       sibling    3128  3130  proxy-only
tambahan conf cache2
Code:
icp_port 3130
icp_access allow localnet
icp_access deny all
cache_peer 172.17.10.2       sibling    3128  3130  proxy-only
Skenario: cache2 hanya melayani video cache dalam hal ini situs youtube sementara cache1 sebaliknya.

/ip fi nat

Code:
Flags: X - disabled, I - invalid, D - dynamic 
 0 X ;;; place hotspot rules here
     chain=hotspot action=passthrough 

 1   ;;; default configuration
     chain=srcnat action=masquerade out-interface=Gateway 

 2   ;;; lan
     chain=srcnat action=masquerade out-interface=Local 

 3 X ;;; masquerade hotspot network
     chain=srcnat action=masquerade src-address=192.168.88.0/24 

 4   ;;; masquerade proxy 1
     chain=srcnat action=masquerade src-address=172.17.10.0/24 out-interface=Local5 

 5   ;;; masquerade proxy 2
     chain=srcnat action=masquerade src-address=172.17.20.0/24 out-interface=Local4 

 6   ;;; REDIRECT TO PROXY-1 SQUID
     chain=dstnat action=dst-nat to-addresses=172.17.10.2 to-ports=3128 protocol=tcp src-address=!172.17.10.2 
     src-address-list=!YOUTUBE in-interface=Local dst-port=80 

 7   ;;; REDIRECT TO PROXY 2 SQUID
     chain=dstnat action=dst-nat to-addresses=172.17.20.2 to-ports=3128 protocol=tcp src-address=!172.17.20.2 
     src-address-list=YOUTUBE in-interface=Local dst-port=80
Bypass bandwidth queue untuk squid proxy port

Code:
Flags: X - disabled, I - invalid, D - dynamic 
 0  D name="hs-<hotspot1>" dst-address=0.0.0.0/0 interface=Local parent=none direction=both priority=8 
      queue=hotspot-default/hotspot-default limit-at=0/0 max-limit=0/0 burst-limit=0/0 burst-threshold=0/0 
      burst-time=0s/0s total-queue=default-small 

 1    name="LOSS PROXY PORT" target-addresses=192.168.88.0/24 dst-address=172.16.0.0/12 interface=all parent=none 
      packet-marks=no-mark direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 
      burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small 
[admin@MikroTik] /queue simple>
/ip fi add

Code:
Flags: X - disabled, D - dynamic 
 #   LIST                                                                                   ADDRESS                        
 0   RESTO                                                                                  192.168.88.100-192.168.88.254  
 1   conficker                                                                              64.70.19.33                    
 2   conficker                                                                              66.90.81.140                   
 3   conficker                                                                              72.167.51.186                  
 4   conficker                                                                              74.208.46.216                  
 5   conficker                                                                              74.208.64.145                  
 6   conficker                                                                              83.68.16.6                     
 7   conficker                                                                              97.74.200.45                   
 8   conficker                                                                              143.215.143.11                 
 9   conficker                                                                              149.20.56.32                   
10   conficker                                                                              199.2.137.252                  
11   conficker                                                                              205.188.161.4                  
12   conficker                                                                              221.7.91.31                    
13   CORP                                                                                   192.168.88.20-192.168.88.99    
14   PROXY-PORT                                                                             172.17.20.1                    
15   PROXY-PORT                                                                             172.17.10.1                    
16 D src-conficker                                                                          172.17.20.2                    
17 D src-conficker                                                                          192.168.88.245                 
18 D src-conficker                                                                          172.17.10.2                    
19   YOUTUBE                                                                                74.125.127.100                 
20   YOUTUBE                                                                                74.125.45.100                  
21   YOUTUBE                                                                                74.125.67.100                  
22 D RESTO                                                                                  192.168.88.239                 
23 D RESTO                                                                                  192.168.88.244                 
24 D RESTO                                                                                  192.168.88.245                 
[admin@MikroTik] /ip firewall address-list>
Hasilnya cache2 baru bekerja kalau client browsing ke situs youtube sebaliknya cache1 bekerja kalau client browsing ke situs non-youtube.Tinggal tambahkan saja di address list situs mana saja yang akan di handle oleh cache2.

Mungkin bisa ditambahkan lagi settingan yang bisa mempertajam kinerja squid atau ada koreksi dari rekan FMI ?

Last edited by xopal : 25-04-2010 at 16:58.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 25-04-2010, 20:30
panji's Avatar
panji panji is online now
Member Super Senior
  
Join Date: Jul 2008
Posts: 669
iTrader: (0)
Thanks: 28
Thanked 60 Times in 55 Posts
panji is a jewel in the roughpanji is a jewel in the roughpanji is a jewel in the roughpanji is a jewel in the rough
Send a message via Yahoo to panji
Mantap nich, kalo dah berhasil dengan bagus kasih tutornya yach, dari pada pakai wccp cisco yang lumayan mahal kayaknya, seperti http://www.cisco.com/en/US/docs/ios/...uide/wccp.html

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« [ask] RouterOS sebagai bandwidth limiter (bukan NAT) | direct ke halaman login hotspot »


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
tentang Load balancing 2 ISP berbeda hen2drx General Networking 17 04-11-2009 10:30
(ask) Load Balancing + Squid cyberolog General Networking 3 20-10-2009 21:54
(ask) tanya load balancing adiel.nopria General Networking 6 05-01-2009 17:35
<ASK> load balancing fail over d3v4 Scripting @ Mikrotik 25 03-06-2008 23:52


This Forum is Powered by Orion Net.

All times are GMT +8. The time now is 06:40.

Contact Us - Forum Mikrotik Indonesia - Top