Hi Joerg,

Thanks for your reply. How would you code your solution? Currently I am using the following to work around particular sites:

service Proxy1

ip address 10.0.0.11

type proxy-cache

active

service Proxy2 ... etc

**************************** DQL ****************************

dql domains-no-balance

domain www.dontbalancethissite.com

domain ... etc

!*************************** OWNER ***************************

owner admin

content Proxy-servers

add service Proxy1

add service Proxy2

add service Proxy3

add service Proxy4

add service Proxy5

protocol tcp

port 3128

vip address 10.0.0.100

sticky-inact-timeout 5

balance leastconn

active

content no-load-balance

vip address 10.0.0.100

advanced-balance sticky-srcip

balance leastconn

add service Proxy1

add service Proxy2

add service Proxy3

add service Proxy4

add service Proxy5

protocol tcp

port 3128

url "/*" dql domains-no-balance

sticky-inact-timeout 5

Regards,

Ben

if you're talking about HTTP traffic, the best solution is arrowpoint-cookie with persistence disabled and persistence reset remap so the CSS can reconnect to a new server transparently.

The config should look like this

persistence reset remap

content Proxy-servers

add service ...

vip address x.x.x.x

proto tcp

port xxx

no persistent

advanced-balance arrowpoint-cookie

!

I believe that for SSL traffic, your clients will use the same proxy port and the command "CONNECT HTTPS://..." and hopefully this solution should work as well [not sure so - I have a doubt and a test would be necessary to confirm this - will do it next week when I get back from vacation :-) ]

Regards,

Gilles.

I havent managed to test all SSL websites but the one I am having trouble with is

http://www.emasys.dfes.gov.uk/ this will not work if there are any active rules with advanced-balance in. I am not sure why this is - that website also seems to instantly redirect to https. Any thoughts?

you'll need to sniff in front of cache and on the client at the same time then compare the result to see what's going on.

If the cache is receiving all the request sent by the client, then you need to focus on the cache.

If the cache is not receiving the request, we need to focus on the CSS.

Anyway, the sniffer trace is required.

Regards,

Gilles.

Hi Giles,

I have resorted to using sticky-scrip and just one content rule as all web sites work with this configuration. However, this has the unwanted side effect of evenly balancing the traffic. Is there any way to smooth the balancing but still use sticky-scrip?

NO !!!

Follow our suggestions and sniff the traffic to get a clear understanding of the problem.

With proxy, the only good solution is cookies.

Gilles.

Setting up sniffing on this traffic is not that simple and schools need a working solution so I have to do something to get it to work :) I would be interested to hear what you have against sticky-scrip and why you think the cookie is the way forward?

sticky-srcip is ok but then you get unequal loadbalancing because of proxies [multiple user behind a single ip address].

Sticky based on cookie will assign a cookie to each user whatever their ip address. So much better for HTTP.

Regards,

Gilles.