Follow us on...
Follow us on G+ Follow us on Twitter Follow us on Facebook Watch us on YouTube
Register
Results 1 to 6 of 6
  1. #1
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0

    load-balancing squid

    baru dapet dari om wiki.

    cara men load-balancing squid untuk di pake dalam satu network...

    skenario :
    dalam satu network mis: rt/rw net. kita ingin mengadakan squid sebagai proxy. kalau biasaya kita cuma memakai satu squid. dengan tutorial ini, kita bisa memakai sampai 3 squid sekaligus.
    kalo bayangan pribadi saya sih, squid 1 bisa untuk object kecil. squid 2 untuk object sedang, dan squid 3 untuk object besar. ndak tahu apa bisa seperti itu prakteknya. Click here to enlarge

    topologi :

    inet(10.1.2.0/28)............mikrotik....local client
    ...........V
    ...........V
    ..........squid-1 10.1.2.2
    ..........squid-2 10.1.2.3
    ..........squid-3 10.1.2.4

    jadi inet, baru squid, baru mikrotik dan terakhir pelanggan.


    Step. 1

    Mark routing for HTTP-packet.
    /ip firewall mangle add chain=prerouting protocol=tcp dst-port=80 action=mark-routing \
    new-routing-mark=http passthrough=no

    bikin route baru dimana semua http mengarah ke squid diatas mikrotik.

    Step. 2

    Add a default route for HTTP-traffic to all SQUID proxies and check them using ping.
    / ip route
    add dst-address=0.0.0.0/0 gateway=10.1.2.4,10.1.2.3,10.1.2.2 \
    check-gateway=ping scope=255 target-scope=10 routing-mark=http comment="" \
    disabled=no

    bikin route untuk squid kita, supaya bisa akses internet. sistem routing yang di pake adalah round-robin.

    Step. 3

    Configure all SQUID proxies to listen transparent and redirect HTTP-traffic on SQUID's port ( i.e transparent SQUID is running on 3128 port).
    iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j \
    REDIRECT --to-ports 3128

    ini perintah di linux, biar squid transparent.

    Now we configure ( squid.conf ) all proxies to use cache Peering using ICP protocol.

    proxy1
    icp_port 3130
    cacher_peer 10.1.2.3 sibling 3128 3130
    cacher_peer 10.1.2.4 sibling 3128 3130

    proxy2
    icp_port 3130
    cacher_peer 10.1.2.2 sibling 3128 3130
    cacher_peer 10.1.2.4 sibling 3128 3130


    proxy3
    icp_port 3130
    cacher_peer 10.1.2.2 sibling 3128 3130
    cacher_peer 10.1.2.3 sibling 3128 3130

    masalah parent dan sibling, tergantung kebutuhan masing2.

    lebih jelasnya silakan ke

    semoga berguna buat semua rekan2 disini... Click here to enlarge
    Last edited by felix_sg; 11-06-2008 at 03:19. Reason: tambahan

  2. The Following 2 Users Say Thank You to felix_sg For This Useful Post:


  3. #2
    Status
    Offline
    princenux's Avatar
    Member
    Join Date
    Aug 2007
    Posts
    264
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    kalo dibikin kaya gituh...
    gimana bisa set proxy1 buat object kecil... proxy 2 sedang dan proxy 3 besar ?
    kalo begitu pan sama aja...

    lagian di satu tempat buat apa proxy banyak2

    biasa proxy di pake banyak2 kalo beda site... misalnya di HQ sama di Site.. jadi di Site (red. cabang), pake proxy, dan di HQ pake proxy juga, nanti mereka parent and child.

    jadi ketika di site mau keluar cek ke proxy site dulu, kalo ada yah di ambil dari proxy site... tapi kalo di site gak ada.. otomatis akan keatas, dan di cek di proxy HQ, kalo gak ada baru keluar ke internet...

    biasa sih setau gua gituh... kalo satu site (red. tempat), pake banyak2 proxy, agak2 aneh.... Click here to enlarge

  4. #3
    Status
    Offline
    sherayusuf's Avatar
    Member
    Join Date
    Sep 2007
    Location
    bekasi-jakarta bolak balik
    Posts
    188
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    wah klo saya mending pake proxy yg specnya agak lumayan trus sama banyakin HD scsi yg kecil2 aja
    kinerja squid kan tergantung dari configurasi yg benar dan di sesuaikan dgn spesifikasi hardware biar dapet high perfomance dan hit rate tinggi

  5. #4
    Status
    Offline
    felix_sg's Avatar
    Member Super Senior
    Join Date
    Sep 2007
    Location
    indonesia
    Posts
    607
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    @princenux
    emang bener.. pendapat anda. Click here to enlarge
    sy cuma mengandai-andai aja. teori saya sih cuma berdasarkan bahwa dgn squid kita bisa mengatur min_object dan max_object. nah dari situ timbul pengandaian apabila proxy1 cuma mencache objcet mis:0-500KB, proxy2:501KB-16MB, proxy3:16MB-100MB misalnya. dengan sistem saling parent. karena terus-terang hasil dari pengamatan saya kebanyakan sih squid itu cache obyek2 kecil yang bikin dia kerja berat. Click here to enlarge
    sekali lagi cuma pengandaian dari saya aja. soalnya saya juga belum pernah coba.

    @sherayusuf
    tul memang harus pake scsi kecil2 yang banyak... Click here to enlarge
    sayang ndak punya scsi..Click here to enlargeClick here to enlarge

  6. #5
    Status
    Offline
    xopal's Avatar
    Member
    Join Date
    Jan 2010
    Posts
    245
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    aku coba model squid balancing seperti ini :

    cache1 172.17.10.2
    cache2 172.17.20.2

    internet-----------mikrotik-----------client
    -------------------|----|
    -------------------|----|
    -------------------|----|
    -------------cache1 cache2

    cache1 sibling dengan cache2

    tambahan conf cache1
    Code:
    icp_port 3130
    icp_access allow localnet
    icp_access deny all
    cache_peer 172.17.20.2       sibling    3128  3130  proxy-only
    tambahan conf cache2
    Code:
    icp_port 3130
    icp_access allow localnet
    icp_access deny all
    cache_peer 172.17.10.2       sibling    3128  3130  proxy-only
    Skenario: cache2 hanya melayani video cache dalam hal ini situs youtube sementara cache1 sebaliknya.

    /ip fi nat

    Code:
    Flags: X - disabled, I - invalid, D - dynamic 
     0 X ;;; place hotspot rules here
         chain=hotspot action=passthrough 
    
     1   ;;; default configuration
         chain=srcnat action=masquerade out-interface=Gateway 
    
     2   ;;; lan
         chain=srcnat action=masquerade out-interface=Local 
    
     3 X ;;; masquerade hotspot network
         chain=srcnat action=masquerade src-address=192.168.88.0/24 
    
     4   ;;; masquerade proxy 1
         chain=srcnat action=masquerade src-address=172.17.10.0/24 out-interface=Local5 
    
     5   ;;; masquerade proxy 2
         chain=srcnat action=masquerade src-address=172.17.20.0/24 out-interface=Local4 
    
     6   ;;; REDIRECT TO PROXY-1 SQUID
         chain=dstnat action=dst-nat to-addresses=172.17.10.2 to-ports=3128 protocol=tcp src-address=!172.17.10.2 
         src-address-list=!YOUTUBE in-interface=Local dst-port=80 
    
     7   ;;; REDIRECT TO PROXY 2 SQUID
         chain=dstnat action=dst-nat to-addresses=172.17.20.2 to-ports=3128 protocol=tcp src-address=!172.17.20.2 
         src-address-list=YOUTUBE in-interface=Local dst-port=80 
    Bypass bandwidth queue untuk squid proxy port

    Code:
    Flags: X - disabled, I - invalid, D - dynamic 
     0  D name="hs-<hotspot1>" dst-address=0.0.0.0/0 interface=Local parent=none direction=both priority=8 
          queue=hotspot-default/hotspot-default limit-at=0/0 max-limit=0/0 burst-limit=0/0 burst-threshold=0/0 
          burst-time=0s/0s total-queue=default-small 
    
     1    name="LOSS PROXY PORT" target-addresses=192.168.88.0/24 dst-address=172.16.0.0/12 interface=all parent=none 
          packet-marks=no-mark direction=both priority=8 queue=default-small/default-small limit-at=0/0 max-limit=0/0 
          burst-limit=0/0 burst-threshold=0/0 burst-time=0s/0s total-queue=default-small 
    [admin@MikroTik] /queue simple>
    /ip fi add

    Code:
    Flags: X - disabled, D - dynamic 
     #   LIST                                                                                   ADDRESS                        
     0   RESTO                                                                                  192.168.88.100-192.168.88.254  
     1   conficker                                                                              64.70.19.33                    
     2   conficker                                                                              66.90.81.140                   
     3   conficker                                                                              72.167.51.186                  
     4   conficker                                                                              74.208.46.216                  
     5   conficker                                                                              74.208.64.145                  
     6   conficker                                                                              83.68.16.6                     
     7   conficker                                                                              97.74.200.45                   
     8   conficker                                                                              143.215.143.11                 
     9   conficker                                                                              149.20.56.32                   
    10   conficker                                                                              199.2.137.252                  
    11   conficker                                                                              205.188.161.4                  
    12   conficker                                                                              221.7.91.31                    
    13   CORP                                                                                   192.168.88.20-192.168.88.99    
    14   PROXY-PORT                                                                             172.17.20.1                    
    15   PROXY-PORT                                                                             172.17.10.1                    
    16 D src-conficker                                                                          172.17.20.2                    
    17 D src-conficker                                                                          192.168.88.245                 
    18 D src-conficker                                                                          172.17.10.2                    
    19   YOUTUBE                                                                                74.125.127.100                 
    20   YOUTUBE                                                                                74.125.45.100                  
    21   YOUTUBE                                                                                74.125.67.100                  
    22 D RESTO                                                                                  192.168.88.239                 
    23 D RESTO                                                                                  192.168.88.244                 
    24 D RESTO                                                                                  192.168.88.245                 
    [admin@MikroTik] /ip firewall address-list>
    Hasilnya cache2 baru bekerja kalau client browsing ke situs youtube sebaliknya cache1 bekerja kalau client browsing ke situs non-youtube.Tinggal tambahkan saja di address list situs mana saja yang akan di handle oleh cache2.

    Mungkin bisa ditambahkan lagi settingan yang bisa mempertajam kinerja squid atau ada koreksi dari rekan FMI ?
    Last edited by xopal; 25-04-2010 at 16:58.

  7. #6
    Status
    Offline
    panji's Avatar
    VIP Member
    Join Date
    Jul 2008
    Posts
    966
    Reviews
    Read 0 Reviews
    Downloads
    0
    Uploads
    0
    Feedback Score
    0
    Mantap nich, kalo dah berhasil dengan bagus kasih tutornya yachClick here to enlarge, dari pada pakai wccp cisco yang lumayan mahal kayaknya, seperti

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. <ASK> load balancing fail over
    By d3v4 in forum Scripting @ Mikrotik
    Replies: 27
    Last Post: 14-10-2012, 19:58
  2. Another Load Balancing Tutorial
    By Dody in forum Tutorial
    Replies: 30
    Last Post: 12-11-2009, 02:09
  3. tentang Load balancing 2 ISP berbeda
    By hen2drx in forum General Networking
    Replies: 17
    Last Post: 04-11-2009, 10:30
  4. (ask) Load Balancing + Squid
    By cyberolog in forum General Networking
    Replies: 3
    Last Post: 20-10-2009, 21:54
  5. (ask) tanya load balancing
    By adiel.nopria in forum General Networking
    Replies: 6
    Last Post: 05-01-2009, 17:35

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •