Forum Discussion
LachlanB_53214
Nimbostratus
NimbostratusLoad balance squid forward proxy with SNAT
Hi All, Obligatory first post thank you to everyone on Devcentral, This is by far the best vendor help site... thanks to Joe Pruitt its also a wicked Powershell wiki ;)
Is anyone load balancing squid in the following way, and have you ever ran into issues with the HTTPS CONNECT method through a "standard" F5 VIP with http profile enabled? I've read of issues for pre 10.x software but haven't seen any problems thus far. Retaining the ability to apply irules is ideal.
Load balanced pool of squid servers running in non-transparent mode, this is behind a VIP using SNAT. To ensure our squid ACL's still work behind SNAT the following needs to be added to squid.conf
acl bigip_stage src 10.26.6.1
follow_x_forwarded_for allow bigip_stage
Squid by default follows the indirect IP instead of real IP (if follow_x_forwarded_for is allowed for the client address
- Irule adds XFF or overwrites if already present.
- No persistence configured
- BigIP Version: 11.4
Thanks for the assistance
Andrew_HuskingCirrus
We have it setup, but we aren't using SNAT, we layer 2 it through the F5's. We haven't had any issues setting irules for various things on there.
LachlanB_53214Interesting, I didn't think Irules could do layer 7 inspection/modification on a layer2 VIP? I have used SNAT to avoid significant network changes.- Andrew_HuskingWe have the forwarding VIPs, but we have a VIP specifically for LB'ing port 3128