Squid_ The Definitive Guide - Duane Wessels [94]
The test_reachability directive
If you enable the netdb feature (see Section 10.5), you might also be interested in enabling the test_reachability directive. The goal behind it is to accept only requests for origin servers Squid can reach. Enabling test_reachability causes Squid to return ICP_MISS_NOFETCH, instead of ICP_MISS, for origin server sites that don't respond to ICMP pings. This can help reduce the number of failed HTTP requests and increase the chance that the end user receives the data promptly. However, a significant percentage of origin server sites intentionally filter out ICMP traffic. For these, Squid returns ICP_MISS_NOFETCH even though an HTTP connection would succeed.
Enabling test_reachability also causes Squid to make netdb measurements in response to ICP queries. If Squid doesn't have any RTT measurements for the origin server in question, it sends out an ICMP ping (subject to the rate limiting mentioned previously).
Being an ICP Client
First, you must use the cache_peer directive to define your neighbor caches. See the section Section 10.3.
Second, you must also use the icp_port directive, even if your Squid is only an ICP client. This is because Squid uses the same socket for sending and receiving ICP messages. It is perhaps a bad design decision in retrospect. If you are a client only, use icp_access to block queries. For example:
acl All src 0/0
icp_access deny All
Squid sends ICP queries to its neighbors for most requests by default. See Section 10.10 for a complete description of the way that Squid decides when, and when not, to query its neighbors.
After sending one or more queries, Squid waits some amount of time for ICP replies to arrive. If Squid receives an ICP_HIT from one of its neighbors, it forwards the request there immediately. Otherwise, Squid waits until all replies arrive or until a timeout occurs. The timeout is calculated dynamically, based on the following algorithm.
Squid knows the average round-trip time between itself and each neighbor, taken from recent ICP transactions. When querying a group of neighbors, Squid calculates the mean of all the neighbor ICP RTTs, and then doubles it. In other words, the query timeout is twice the mean of RTTs for each neighbor queried. Squid ignores neighbors that appear to be down when calculating the timeout.
In some cases, the algorithm doesn't work well, especially if you have neighbors with widely varying RTTs. You can change the upper limit on the timeout using the maximum_icp_query_timeout directive. Alternatively, you can make Squid always use a constant timeout value with the icp_query_timeout directive.
cache_peer options for ICP clients
weight= n allows you to weight parent caches artificially when using ICP/HTCP. It comes into play only when all parents report a cache miss. Normally, Squid selects the parent whose reply arrives first. In fact, it remembers which parent has the best RTT for the query. Squid actually divides the RTT by the weight, so that a parent with weight=2 is treated as if it's closer to Squid than it really is.
no-query disables ICP/HTCP for the neighbor. That is, your cache won't send any queries to the neighbor for cache misses. It is often used with the default option.
closest-only refers to one of Squid's netdb features. It instructs Squid to select the parent based only on netdb RTT measurements and not the order in which replies arrive. This option requires netdb at both ends.
ICP and netdb
As mentioned in the section Section 10.5, netdb is mostly used with ICP queries. In this section, we'll follow all the steps involved in this process.
A Squid cache, acting as an ICP client, prepares to send a query to one or more neighbors. If query_icmp is set, Squid sets the