Forum Discussion
Load balance squid forward proxy with SNAT
Hi All, Obligatory first post thank you to everyone on Devcentral, This is by far the best vendor help site... thanks to Joe Pruitt its also a wicked Powershell wiki ;)
Is anyone load balancing squid in the following way, and have you ever ran into issues with the HTTPS CONNECT method through a "standard" F5 VIP with http profile enabled? I've read of issues for pre 10.x software but haven't seen any problems thus far. Retaining the ability to apply irules is ideal.
Load balanced pool of squid servers running in non-transparent mode, this is behind a VIP using SNAT. To ensure our squid ACL's still work behind SNAT the following needs to be added to squid.conf
acl bigip_stage src 10.26.6.1
follow_x_forwarded_for allow bigip_stage
Squid by default follows the indirect IP instead of real IP (if follow_x_forwarded_for is allowed for the client address
- Irule adds XFF or overwrites if already present.
- No persistence configured
- BigIP Version: 11.4
Thanks for the assistance
- We have the forwarding VIPs, but we have a VIP specifically for LB'ing port 3128
- LachlanB_53214NimbostratusInteresting, I didn't think Irules could do layer 7 inspection/modification on a layer2 VIP? I have used SNAT to avoid significant network changes.
- We have it setup, but we aren't using SNAT, we layer 2 it through the F5's. We haven't had any issues setting irules for various things on there.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com