cancel
Showing results for 
Search instead for 
Did you mean: 
jont717
Level 12
Report Inappropriate Content
Message 11 of 14

How to load balance in .PAC file

Jump to solution

Very good explanation.  We are using Hash...but I believe we have to use Mask in order for the Source IP to actually matter.

Right now it is set to hash and I believe the WCCP ASA comes up with the hash and it doesn't matter what IP or Destination IP is. 

From the MWG Product Guide:

Input for load

distribution

(The main item does not appear in the list, but is visible in the Add and Edit windows. The

four elements shown below are related to it, specifying what is used in a data packet as the

criteria for load distribution.)

When running multiple appliances, load distribution can be configured for the proxies on

them. Data packets can be distributed to these proxies based on the masking of source or

destination IP addresses and port numbers or on a hash algorithm.

• Source IP — When selected, load distribution relies on the masking of source IP

addresses.

• Destination IP — When selected, load distribution relies on the masking of destination

IP addresses.

• Source port — When selected, load distribution relies on the masking of source port

numbers.

• Destination port — When selected, load distribution relies on the masking of the

destination port numbers.

Assignment method (The main item does not appear in the list, but is visible in the Add and Edit windows. The

two elements shown below are related to it, specifying the method used for load

distribution.)

• Assignment by mask — When selected, masking of the parameter specified above is

used for load distribution.

• Assignment by hash — When selected, a hash algorithm is used for load distribution.

jont717
Level 12
Report Inappropriate Content
Message 12 of 14

How to load balance in .PAC file

Jump to solution

Mask does not work with my Cisco ASA.  I put it back to Hash and selected only Source IP and it works like it should.  I was only hitting one proxy instead of both back and forth like it was.   This is definitely better for authentication and log purposes. 

Thanks for the help.

cnewman
Level 10
Report Inappropriate Content
Message 13 of 14

How to load balance in .PAC file

Jump to solution

Great!

That documentation is a little misleading. Hash and mask are just slightly different mechanisms for coming up with the load distribution. Both support source IP only (and the other options for that matter). Basically the ASA/Router take whatever pairs you give it (source|destination IP|Port, or all iterations) and either hashes that value to determine which cache gets the traffic, or looks at a mask table of all the possibilities. You were using the default (maybe it shouldn't be) source ip + destination ip.

I believe hash is supposed to be a little smarter (which is why all modern Cisco equipment only supports it) especially when the pairs are all right next to each other.

--CN

jont717
Level 12
Report Inappropriate Content
Message 14 of 14

How to load balance in .PAC file

Jump to solution

After some modifications, I have com up with this as being the best way to load balance with a .pac file.    Notice I have replaced "if (myseg==Math.floor(myseg/2)*2)" which takes more time to process and used the MOD.

//Find the 4th octect

  

   var myIp = myIpAddress();

   var ipBits = myIp.split(".");

   var mySeg = parseInt(ipBits[3]);

  

   if((mySeq % 2) == 0)  //Check to see if 4th octect is EVEN

  {

   return "PROXY ed-proxy1:8080; PROXY ed-proxy2:8080; DIRECT";

  }

  else  //If ODD

   {

    return "PROXY ed-proxy2:8080; PROXY ed-proxy1:8080; DIRECT";

   }

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator