Feature: ACL type "Random"

  • Goal: Implement an ACL type which would match randomly with a given probability.

  • Status: complete

  • Version: 3.2

  • Developer: AmosJeffries

  • More: Bug 1239

Details

The ACL of type "random" will accept a single value in one of three formats:

  • A:B - matching randomly an average A requests for every B non-matches. A and B may not be zero.
  • A/B - matching randomly an average of A requests out of total B requests. A and B may not be zero.
  • 0.NNNN - matching randomly any given request with 0.NNNN probability.
    • Range is between zero to one, excluding zero and one themselves.

All three of these matches are proportional. The first two formats are provided for ease of configuration. They are converted to a decimal threshold as shown in the third format.

Every test, a new random number is generated and checked against the stored value. If the random number is within the threshold range of possibility the ACL will match.

  • {i} To debug this ACL use debug_options 28,3 and watch for lines beginning with "ACL Random".

Use Cases

When used within tcp_outgoing_address or tcp_outgoing_tos selection this ACL permits load to be roughly split between multiple links based on their relative capacity.

This requires some additional configuration at the operating system level to ensure that the address or TOS values assigned are routed out the appropriate uplink. It is no use doing this in Squid if all traffic ends up going out the default anyway.

  • Example 1: Split two uplinks roughly 50% of traffic each: 

acl fiftyPercent random 0.5

# a random 50% go here
tcp_outgoing_address 192.0.2.1 fiftyPercent

# the rest go here
tcp_outgoing_address 192.0.2.2

# NP: operating system required to route packets from 192.0.2.1 and 192.0.2.2 out separate uplinks.

  • Example 2: Split traffic one third to each of three peers. 

acl third random 1/3
acl half random 1/2

# 33% traffic goes here
cache_peer_access peerOne allow third
cache_peer_access peerOne deny all

# 33% traffic goes here
cache_peer_access peerTwo allow half
cache_peer_access peerTwo deny all

# remaining traffic goes here
cache_peer_access peerOne allow all

  • Example 3: Split traffic one third to each of two peers and direct. 

acl third random 1/3
acl half random 1/2

# 33% traffic goes direct
always_direct allow third

# 33% traffic goes here (half of what did not go direct already)
cache_peer_access peerOne deny half
cache_peer_access peerOne allow all

# remaining traffic goes here
cache_peer_access peerTwo allow all

# NP: if both peers are down DIRECT will be used as a backup.

Log sampling of traffic

When used in access_log directives this ACL permits a small random proportion of requests to be logged. Rather than all traffic or some only matching fixed criteria.

  • Example 1: Log one line randomly out of every 100 requests. 

# log 1, skip 99
acl logSmallSample random 1:99

# small log 1 of every 100 requests...
access_log /var/log/squid/access-sample.log squid logSmallSample

# old style complete log
access_log /var/log/squid/access.log squid

Others?

Other use cases may be possible. If you know of one not already covered here we are interested to know what it is.

CategoryFeature

Features/AclRandom (last edited 2011-06-09 01:20:46 by AmosJeffries)