7 Replies Latest reply on May 4, 2011 6:24 PM by eelsasser

    Proxy.pac Client IP-Based Load Balancing

      We currently have a proxy.pac that utilizes the HASH Routing function developed by Sharp.  This means that proxy used is deteremined based on the URL being accessed.  However, after testing this out for a year now, I've found that troubleshooting is much more difficult since my logs are spread across multiple proxies.

       

      Can anyone share their experiences with other methods of load balancing?  I'm assuming that there is a way to to do Client IP based hashing, but I haven't found any sites with live examples yet.

       

      Thanks all!

        • 1. Re: Proxy.pac Client IP-Based Load Balancing

          My favorite method is still to use Round-Robin DNS to load share the proxy connection. I do it like this:

           

          Setup the  normal proxy A records:

          proxy1  10.0.0.111

          proxy2  10.0.0.222

           

          Then setup 2 more A records for the name 'proxy0'

          proxy0  10.0.0.111

          proxy0  10.0.0.222

           

          In the PAC file, return "PROXY proxy0:9090; PROXY proxy1:9090; PROXY proxy2:9090"

           

          The client will arbitrarily lookup proxy0 and DNS will randomly assign which IP address is selected. This is cached on the client and will not change on the client side until the TTL has expired. It will generally split 50/50 between the 2 proxy servers.

           

          Would that work for you?

          1 of 1 people found this helpful
          • 2. Re: Proxy.pac Client IP-Based Load Balancing

            Thanks for the quick reply e².  How difficult is it to troubleshoot/trace logs with this set up?  Also, is there a chance that you'll get a pop up window to authenticate every time the proxy changes?

            • 3. Re: Proxy.pac Client IP-Based Load Balancing

              You didn't say if it was 6.x or 7.x.

               

              With 7.x you can have logging rules for a seperate test log that has a property for Client.IP equals 10.2.3.4.

              This would give you a test.log with only that user's traffic across all the proxies. It wouldn't have information from all the other traffic to clutter it up.

               

              By doing the round-robin for the proxy name, you will still spread across multiple proxies, but it will have a "stickiness" to one of them for short periods of time instead of every other request bouncing between the proxies.

              1 of 1 people found this helpful
              • 4. Re: Proxy.pac Client IP-Based Load Balancing
                jont717

                This is the best way to load balance in a .PAC file.  This will make each client STATIC.  Meaning they will hit only one gateway.  This makes troubleshooting easy.

                 

                 

                function FindProxyForURL(aFullURL, aHostname)

                   {

                      // Check for hosts in the same domain as the client

                      if(isPlainHostName(aHostname))

                      {

                         return "DIRECT";

                      } 

                      // Check for hosts in the same IP sub-net

                      if(isInNet(aHostname, "172.16.0.0", "255.255.0.0"))

                      {

                         return "DIRECT";

                      }

                 

                      // Return a static selected proxy list by even or odd IP address

                  

                   var myIp = myIpAddress();

                      var ipBits = myIp.split(".");

                   var mySeg = parseInt(ipBits[3]);

                  

                   if((mySeg % 2) == 0)          //EVEN

                  {

                   return "PROXY proxy1:9090; PROXY proxy2:9090; DIRECT";

                  }

                  else  //ODD

                   {

                    return "PROXY proxy2:9090; PROXY proxy1:9090; DIRECT";

                   }

                }

                • 5. Re: Proxy.pac Client IP-Based Load Balancing

                  JonT, that was exactly what I had in mind, I just didn't know the exact code for it.  Thanks for sharing.

                   

                  The advantage that I can see with this one is that you don't have to guess which proxy the client is going through.  Things might be a bit different if I add a 3rd proxy, but for our environment, I think we're fine at 2.

                  • 6. Re: Proxy.pac Client IP-Based Load Balancing
                    cestrada

                    Sorry can you clarify-----so is it possible to upload a proxy pac to teh McAfee appliances?  Also what is your recommendation of you have multiple appliances and various geographically locations?

                    • 7. Re: Proxy.pac Client IP-Based Load Balancing

                      Yes. You can upload and host the PAC file on the appliance.

                       

                      Depending on your environment, you can deploy PAC in many ways. I've seen all sorts of methods.

                      * Host PAC on an internal intranet server. All client pull the same one from the same web server.

                      * Divide the machines by region in Active directory and apply GPO for the machine in each reagion pointing them to a nearby PAC file.

                      * Use Auto proxy detection and use each network's local DHCP server to supply the location of their regional PAC file.

                      * Use local DNS names in each region that will respond with different IP addresses based on the IP of the client.

                       

                      And probably more I can't think of right now.