cancel
Showing results for 
Search instead for 
Did you mean: 
bragot
Level 7

Proxy.pac Client IP-Based Load Balancing

Jump to solution

We currently have a proxy.pac that utilizes the HASH Routing function developed by Sharp.  This means that proxy used is deteremined based on the URL being accessed.  However, after testing this out for a year now, I've found that troubleshooting is much more difficult since my logs are spread across multiple proxies.

Can anyone share their experiences with other methods of load balancing?  I'm assuming that there is a way to to do Client IP based hashing, but I haven't found any sites with live examples yet.

Thanks all!

0 Kudos
1 Solution

Accepted Solutions
jont717
Level 12

Re: Proxy.pac Client IP-Based Load Balancing

Jump to solution

This is the best way to load balance in a .PAC file.  This will make each client STATIC.  Meaning they will hit only one gateway.  This makes troubleshooting easy.

function FindProxyForURL(aFullURL, aHostname)

   {

      // Check for hosts in the same domain as the client

      if(isPlainHostName(aHostname))

      {

         return "DIRECT";

      } 

      // Check for hosts in the same IP sub-net

      if(isInNet(aHostname, "172.16.0.0", "255.255.0.0"))

      {

         return "DIRECT";

      }

      // Return a static selected proxy list by even or odd IP address

  

   var myIp = myIpAddress();

      var ipBits = myIp.split(".");

   var mySeg = parseInt(ipBits[3]);

  

   if((mySeg % 2) == 0)          //EVEN

  {

   return "PROXY proxy1:9090; PROXY proxy2:9090; DIRECT";

  }

  else  //ODD

   {

    return "PROXY proxy2:9090; PROXY proxy1:9090; DIRECT";

   }

}

0 Kudos
7 Replies
eelsasser
Level 15

Re: Proxy.pac Client IP-Based Load Balancing

Jump to solution

My favorite method is still to use Round-Robin DNS to load share the proxy connection. I do it like this:

Setup the  normal proxy A records:

proxy1  10.0.0.111

proxy2  10.0.0.222

Then setup 2 more A records for the name 'proxy0'

proxy0  10.0.0.111

proxy0  10.0.0.222

In the PAC file, return "PROXY proxy0:9090; PROXY proxy1:9090; PROXY proxy2:9090"

The client will arbitrarily lookup proxy0 and DNS will randomly assign which IP address is selected. This is cached on the client and will not change on the client side until the TTL has expired. It will generally split 50/50 between the 2 proxy servers.

Would that work for you?

0 Kudos
bragot
Level 7

Re: Proxy.pac Client IP-Based Load Balancing

Jump to solution

Thanks for the quick reply e².  How difficult is it to troubleshoot/trace logs with this set up?  Also, is there a chance that you'll get a pop up window to authenticate every time the proxy changes?

0 Kudos
eelsasser
Level 15

Re: Proxy.pac Client IP-Based Load Balancing

Jump to solution

You didn't say if it was 6.x or 7.x.

With 7.x you can have logging rules for a seperate test log that has a property for Client.IP equals 10.2.3.4.

This would give you a test.log with only that user's traffic across all the proxies. It wouldn't have information from all the other traffic to clutter it up.

By doing the round-robin for the proxy name, you will still spread across multiple proxies, but it will have a "stickiness" to one of them for short periods of time instead of every other request bouncing between the proxies.

0 Kudos
jont717
Level 12

Re: Proxy.pac Client IP-Based Load Balancing

Jump to solution

This is the best way to load balance in a .PAC file.  This will make each client STATIC.  Meaning they will hit only one gateway.  This makes troubleshooting easy.

function FindProxyForURL(aFullURL, aHostname)

   {

      // Check for hosts in the same domain as the client

      if(isPlainHostName(aHostname))

      {

         return "DIRECT";

      } 

      // Check for hosts in the same IP sub-net

      if(isInNet(aHostname, "172.16.0.0", "255.255.0.0"))

      {

         return "DIRECT";

      }

      // Return a static selected proxy list by even or odd IP address

  

   var myIp = myIpAddress();

      var ipBits = myIp.split(".");

   var mySeg = parseInt(ipBits[3]);

  

   if((mySeg % 2) == 0)          //EVEN

  {

   return "PROXY proxy1:9090; PROXY proxy2:9090; DIRECT";

  }

  else  //ODD

   {

    return "PROXY proxy2:9090; PROXY proxy1:9090; DIRECT";

   }

}

0 Kudos
cestrada
Level 7

Re: Proxy.pac Client IP-Based Load Balancing

Jump to solution

Sorry can you clarify-----so is it possible to upload a proxy pac to teh McAfee appliances?  Also what is your recommendation of you have multiple appliances and various geographically locations?

0 Kudos
eelsasser
Level 15

Re: Proxy.pac Client IP-Based Load Balancing

Jump to solution

Yes. You can upload and host the PAC file on the appliance.

Depending on your environment, you can deploy PAC in many ways. I've seen all sorts of methods.

* Host PAC on an internal intranet server. All client pull the same one from the same web server.

* Divide the machines by region in Active directory and apply GPO for the machine in each reagion pointing them to a nearby PAC file.

* Use Auto proxy detection and use each network's local DHCP server to supply the location of their regional PAC file.

* Use local DNS names in each region that will respond with different IP addresses based on the IP of the client.

And probably more I can't think of right now.

0 Kudos
bragot
Level 7

Re: Proxy.pac Client IP-Based Load Balancing

Jump to solution

JonT, that was exactly what I had in mind, I just didn't know the exact code for it.  Thanks for sharing.

The advantage that I can see with this one is that you don't have to guess which proxy the client is going through.  Things might be a bit different if I add a 3rd proxy, but for our environment, I think we're fine at 2.

0 Kudos