neighbour

Peer cache servers and Squid hierarchy

Tag Name

cache_peer

Usage

cache_peer hostname type http_port icp_port options

Description
This tag is used to specify the other caches in the hierarchy. The cache_peer option is split into five fields. The first field is the hostname or IP of the cache that is to be queried. The second field indicates the type of relationship. The third field sets the HTTP port of the destination server, while the fourth sets the ICP (UDP) query port. The fifth field can contain zero or more keywords. Here are the detailed explanations on each field. See cache_peer_access also.

Hostname
Hostname (FQDN) or IP address of the cache to be queried should be mentioned.

For ex,

cache_peer sib1.visolve.com sibling 3128 3130 [proxy-only]
cache_peer 172.16.1.100 sibling 3128 3130 [proxy-only]

Type
Here cache hierarchy should be specified. This option plays an important role in deciding neighbor selection.

Http_port
The port number where the cache listens for proxy requests. See also http_port

Icp_port
Used for querying neighbor caches about objects. To have a non-ICP neighbor specify '7' for the ICP port and make sure the neighbor machine has the UDP echo port enabled in its /etc/inetd.conf file. See also icp_port

OPTIONS:

proxy-only
To specify that objects fetched from this cache should not be saved locally.

Weight=n
To specify a weighted parent. The weight must be an integer. The default weight is 1, larger weights are favoured more.

ttl=n
To specify a IP multicast Time To Live (ttl) value when sending ICP queries to multicast groups. We do not accept ICP replies from random hosts. So you must configure other group members as peers with the multicast-responder option below.

no-query
This option is set for those peers, which do not support ICP queries. It is obvious to have doubt about the ICP port specified in, while using this option. Squid does not care what digit has been given in the ICP port when no-query is specified. Using any number is fine. It is recommended to use 0 to emphasis the fact that ICP is not used in any way (not even to UDP echo port 7).

This might be the typical example for this option :

cache_peer hostname sibling 8080 0 proxy-only no-query

By default, Port 3130 is typically where an ICP-aware proxy listens for ICP packets. Port 7 is the "echo" port (see /etc/services). It is typically handled by inetd as an internal process and simply "echoes" back what has been sent it. Since option "no-query" specified, port "7" is there so that if peer is queried, Squid gets an answer and not declares peer as dead and therefore stop using it.

Port 7 is used when Squid has a non-ICP peer but still want to query it before sending requests there (no-query not specified). In such case, Squid will send the ICP queries to port 7 which is the UDP echo port.

default
If this is a parent cache which can be used as a "last-resort." and not ICP enabled then "default" would be the appropriate option. Simply adding default to a parent does not force all requests to be sent to that parent. The term default is perhaps a poor choice of words. If the cache is able to make direct connections, direct will be preferred over default. If needed to force all requests to parent cache(s), use the never_direct option.

round-robin
To define a set of parents which should be used in a round-robin fashion in the absence of any ICP queries.

multicast-responder
Indicates that the named peer is a member of a multicast group. ICP queries will not be sent directly to the peer, but ICP replies will be accepted from it.

closest-only
Indicates that, for ICP_OP_MISS replies, we'll only forward CLOSEST_PARENT_MISSes and never FIRST_PARENT_MISSes.

no-digest
To NOT request cache digests from this neighbor.

no-netdb-exchange
It disables requesting ICMP RTT database (NetDB) from the neighbor.

no-delay
To prevent access to this neighbor from influencing the delay pools.

login=user:password
If this is a personal/workgroup proxy and your parent requires proxy authentication.

connect-timeout=nn
To specify a peer specific connect timeout (also see the peer_connect_timeout directive).

digest-url=url
To tell Squid to fetch the cache digest (if digests are enabled) for this host from the specified URL rather than the Squid default location.

No cache peer is defined

Default

none

Example
cache_peer proxy.visolve.com parent 3128 3130 default

cache_peer 172.16.1.100 sibling 3128 3130 proxy-only

cache_peer 172.16.1.123 sibling 3129 5500 weight=2

Caution
If you compiled Squid to support HTCP, your cache will automatically attempt to connect to TCP port 4827 (there is currently no option to change this port value). Cache digests are transferred via the HTTP port specified on the cache_peer line. Non-ICP neighbors must be specified as 'parent'.

Tag Name

cache_peer_domain

Usage

cache_peer_domain cache_host domain [domain ...]

Description
This tag is used to limit the domains for which the neighbor caches will be queried. It is used to communicate with different caches depending on the domain that the request is destined for

  • Prefixing the domain name with '!' means that the cache will be queried for objects NOT in that domain.
  • Any number of domains may be given for a cache-host, either on the same or separate lines.
  • When multiple domains are given for a particular cache-host, the first matched domain is applied.
  • Cache hosts with no domain restrictions are queried for all requests.
  • There is also a 'cache_peer_access' tag in the ACL section .

Default

none

Example
cache_peer_domain parent.foo.net .edu

It has the effect such that UDP query packets are sent to 'bigserver' only when the requested object exists on a server in the .edu domain.

Tag Name

neighbor_type_domain

Usage

neighbor_type_domain parent|sibling domain domain ...

Description
Modifying the neighbor type for specific domains is now possible. You can treat some domains differently than the default neighbor type specified on the 'cache_peer' line. Normally it should only be necessary to list domains, which should be treated differently because the default neighbor type applies for hostnames, which do not match domains listed here.

Default

none

Example
cache_peer proxy.visolve.com parent 3128 3130
neighbor_type_domain proxy.visolve.com sibling .com .net

Tag Name

icp_query_timeout (msecs)

Usage

icp_query_timeout milliseconds

Description
Normally Squid will automatically determine an optimal ICP query timeout value based on the round-trip-time of recent ICP queries. If you want to override the value determined by Squid, set this 'icp_query_timeout' to a non-zero value .

Default

icp_query_timeout 0

Example
This value is specified in MILLISECONDS, so, to use a 2-second timeout (the old default), you would write: icp_query_timeout 2000.

Tag Name

maximum_icp_query_timeout (msecs)

Usage

maximum_icp_query_timeout milliseconds

Description
Normally the ICP query timeout is determined dynamically. But sometimes it can lead to very large values (say 5 seconds). Use this option to put an upper limit on the dynamic timeout value. If 'icp_query_timeout' is set to zero, then this value is ignored.

Default

maximum_icp_query_timeout 2000

Caution
Do NOT use this option to always use a fixed (instead of a dynamic) timeout value.

Tag Name

mcast_icp_query_timeout (msecs)

Usage

mcast_icp_query_timeout milliseconds

Description
For Multicast peers, Squid regularly sends out ICP "probes" to count how many other peers are listening on the given multicast address. This value specifies how long Squid should wait to count all the replies.

When Squid sends out a multicast query, it will wait at most mcast_icp_query_timeout seconds (it's perfectly possible that one day a peer will be on the moon: and it would probably be a bad idea to peer with that cache seriously, unless it was a parent for the Mars top-level domain.) It's unlikely that you will want to increase this value, but you may wish to drop it, so that only reasonably speedy replies are considered.

Default

mcast_icp_query_timeout 2000

Caution
Do NOT use this option to always use a fixed (instead of a dynamic) timeout value.

Tag Name

dead_peer_timeout (secs)

Usage

dead_peer_timeout seconds

Description
This controls how long Squid waits to declare a peer cache as "dead." If there are no ICP replies received in this amount of time, Squid will declare the peer dead and not expect to receive any further ICP replies. However, it continues to send ICP queries, and will mark the peer as alive upon receipt of the first subsequent ICP reply .

Default

dead_peer_timeout 10 seconds

Caution
This timeout also affects when Squid expects to receive ICP replies from peers. If more than 'dead_peer' seconds have passed since the last ICP reply was received, Squid will not expect to receive an ICP reply on the next query. Thus, if your time between requests is greater than this timeout, you will see a lot of requests sent DIRECT to origin servers instead of to your parents.

Tag Name

hierarchy_stoplist

Usage

hierarchy_stoplist words

Description
A list of words which, if found in a URL, cause the object to be handled directly by this cache. In other words, use this when to query neighbor caches for certain objects. This option can be listed multiple times. As some times this functionality is affected by the directive never_direct, See also never_direct.

Default

hierarchy_stoplist cgi-bin ?

Squid will fetch URL's containing 'cgi-bin' or '?' from the origin servers directly without communicating with cache peers.

Example
hierarchy_stoplist jsp asp

If the URL contains the words jsp and asp, which indicate dynamic pages, then Squid will not query peers for the pages and will directly request the origin server.

Note
It is recommended to include all dynamic pages in this tag.

Tag Name

no_cache

Usage

no_cache deny|allow aclname

Description
A list of ACL elements, which, if matched, cause the reply to be immediately, removed from the cache. In other words, use this to force certain objects to never be cached.

Default

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
The word 'DENY' is to indicate the ACL names, which should NOT be cached

Example
acl DENYPAGE urlpath_regex Servlet
no_cache deny DENYPAGE
The DENYPAGE acl assures that the url containing Servlet will NOT be cached.

Caution
It is recommended to use this directive effectively.