RE: [squid-users] slower connections using squid (squid is slowing down all connections)

From: Chris Robertson <crobertson@dont-contact.us>
Date: Wed, 21 Sep 2005 12:31:32 -0800

> -----Original Message-----
> From: Alex [mailto:linuxro@online.ie]
> Sent: Tuesday, September 20, 2005 11:49 PM
> To: squid-users@squid-cache.org
> Subject: [squid-users] slower connections using squid (squid
> is slowing
> down all connections)
>
>
> Hello squid experts,
>
> I have a problem with my squid on Centos 4
> (squid-2.5.STABLE6-3.4E.11). Squid

You might want to upgrade. There have been a number of improvements in Squid. Other suggestions are below...

> is configured to allow http acces to all our users with
> authentication.
> Everithing is going well when there are just few users
> connected. Between
> arround 11 AM up to 15-16 PM, http access via squid, become a
> pain ... very
> slower (worse then a dial up connection). I have enough
> bandwidth to handle
> all traffic and i tested this using nat (SNAT) at the same
> time for some IP
> addresses. With SNAT, http access is working like a charm.
> Our server is dual
> proc 3Ghz, with 1GB ecc memories and has 2 sata hard disks mounted in
> mirroring - RAID1 (2 ports hardware controller - 3ware). I am
> not using some
> features for bandwidth limitation in squid (delay pools) config file.
>
> Today, using http://proxy.mydoom.ro/cgi-bin/cachemgr.cgi i
> checked arround 10
> AM to see how many users are connected. Cachemgr.cgi report
> 170 different IP
> address accessing http via squid. At this time, http acces is
> slow but not
> very slow.

Check the "Cache Utilization" link for how many requests per second you are seeing and how much traffic squid is passing. Also check the "General Runtime Info" link for memory usage and service times. If your cache hit time is high, but the cache misses are fast, you are likely I/O bound. With only 170 people accessing your cache, I would find that unlikely, but...

>
> Help me please to fix this problem. I am absolutely sure that
> is one directive
> in squid.conf which has default value and is causing
> problems. Maybe squid is
> configured to use unsuficient memory or to accept just few simultan
> connections. I don't know. Here comes my Current Squid Configuration
> generated by cachemgr.cgi.
>
> http_port 0.0.0.0:3128
> ssl_unclean_shutdown off
> icp_port 3130
> udp_incoming_address 0.0.0.0
> udp_outgoing_address 255.255.255.255
> icp_query_timeout 0
> maximum_icp_query_timeout 2000
> mcast_icp_query_timeout 2000
> dead_peer_timeout 10 seconds
> hierarchy_stoplist cgi-bin
> hierarchy_stoplist ?
> no_cache Deny QUERY
> cache_mem 33554432 bytes
> cache_swap_low 90
> cache_swap_high 95
> maximum_object_size 33554432 bytes
> minimum_object_size 0 bytes
> maximum_object_size_in_memory 32768 bytes
> ipcache_size 1024
> ipcache_low 90
> ipcache_high 95
> fqdncache_size 1024
> cache_replacement_policy heap LFUDA
> memory_replacement_policy heap GDSF

I have read an account stating that using two different replacement policies causes poor performance. Try making them both the same.

> cache_dir diskd /var/spool/squid 20480 16 256 Q1=64 Q2=72
> cache_access_log /var/log/squid/access.log
> cache_log /var/log/squid/cache.log
> cache_store_log /var/log/squid/store.log
> emulate_httpd_log off
> log_ip_on_direct on
> mime_table /etc/squid/mime.conf
> log_mime_hdrs off
> pid_filename /var/run/squid.pid
> debug_options ALL,1
> log_fqdn off
> client_netmask 255.255.255.255
> ftp_user squid@mydoom.ro
> ftp_list_width 32
> ftp_passive on
> ftp_sanitycheck on
> ftp_telnet_protocol on
> dns_retransmit_interval 5 seconds
> dns_timeout 120 seconds
> hosts_file /etc/hosts
> diskd_program /usr/lib/squid/diskd
> unlinkd_program /usr/lib/squid/unlinkd
> redirect_children 5
> redirect_rewrites_host_header on
> auth_param basic /usr/lib/squid/pam_auth
> auth_param basic realm Squid proxy-caching server
> auth_param basic children 100
> auth_param basic credentialsttl 7200 seconds
> auth_param basic casesensitive off
> authenticate_cache_garbage_interval 3600 seconds
> authenticate_ttl 3600 seconds
> authenticate_ip_ttl 0 seconds
> wais_relay_port 0
> request_header_max_size 10240 bytes
> request_body_max_size 0 bytes
> refresh_pattern ^ftp: 1440 20% 10080
>
> refresh_pattern ^gopher: 1440 0% 1440
>
> refresh_pattern . 0 20% 4320
>
> quick_abort_min 16 KB
> quick_abort_max 16 KB
> quick_abort_pct 95
> negative_ttl 300 seconds
> positive_dns_ttl 21600 seconds
> negative_dns_ttl 60 seconds
> range_offset_limit 0 bytes
> forward_timeout 240 seconds
> connect_timeout 60 seconds
> peer_connect_timeout 30 seconds
> read_timeout 900 seconds
> request_timeout 300 seconds
> persistent_request_timeout 60 seconds
> client_lifetime 86400 seconds
> half_closed_clients on
> pconn_timeout 120 seconds
> shutdown_lifetime 30 seconds
> acl QUERY urlpath_regex cgi-bin
> acl QUERY urlpath_regex \?
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1
> acl lanpass proxy_auth REQUIRED
> acl to_localhost dst 127.0.0.0/255.0.0.0
> acl SSL_ports port 443
> acl SSL_ports port 563
> acl Safe_ports port 80
> acl Safe_ports port 443
> acl Safe_ports port 1025-65535
> acl Safe_ports port 21
> acl Safe_ports port 563
> acl Safe_ports port 70
> acl Safe_ports port 210
> acl Safe_ports port 280
> acl Safe_ports port 488
> acl Safe_ports port 591
> acl Safe_ports port 777
> acl CONNECT method CONNECT
> http_access Allow manager localhost
> http_access Deny manager
> http_access Deny !Safe_ports
> http_access Deny CONNECT !SSL_ports
> http_access Allow localhost
> http_access Allow lanpass
> http_access Deny all
> http_reply_access Allow all
> icp_access Allow all
> reply_header_max_size 20480 bytes
> reply_body_max_size 0 Allow all
> cache_mgr admin@mydoom.ro
> cache_effective_user squid
> cache_effective_group squid
> visible_hostname proxy.mydoom.ro
> announce_period 31536000 seconds
> announce_host tracker.ircache.net
> announce_port 3131

I don't quite understand why you are announcing your cache. Not that I think it would be harming your surfing speed, but...

> httpd_accel_port 80
> httpd_accel_single_host off
> httpd_accel_with_proxy off
> httpd_accel_uses_host_header off

So are you using this cache as both a proxy and an accelerator? See http://www.squid-cache.org/Doc/FAQ/FAQ-20.html

> dns_testnames netscape.com
> dns_testnames internic.net
> dns_testnames nlanr.net
> dns_testnames microsoft.com
> logfile_rotate 0
> tcp_recv_bufsize 0 bytes
> err_html_text
> memory_pools on
> memory_pools_limit 0 bytes
> forwarded_for on
> log_icp_queries off
> icp_hit_stale off
> minimum_direct_hops 4
> minimum_direct_rtt 400
> cachemgr_passwd XXXXXXXXXX all
> store_avg_object_size 13 KB
> store_objects_per_bucket 20
> client_db on
> netdb_low 900
> netdb_high 1000
> netdb_ping_period 300 seconds
> query_icmp off
> test_reachability off
> buffered_logs on
> reload_into_ims off
> icon_directory /usr/share/squid/icons
> short_icon_urls off
> error_directory /etc/squid/errors
> maximum_single_addr_tries 1
> snmp_port 0
> snmp_access Deny all
> snmp_incoming_address 0.0.0.0
> snmp_outgoing_address 255.255.255.255
> as_whois_server whois.ra.net
> wccp_router 0.0.0.0
> wccp_version 4
> wccp_incoming_address 0.0.0.0
> wccp_outgoing_address 255.255.255.255
> delay_pools 0
> delay_initial_bucket_level 50
> incoming_icp_average 6
> incoming_http_average 4
> incoming_dns_average 4
> min_icp_poll_cnt 8
> min_dns_poll_cnt 8
> min_http_poll_cnt 8
> max_open_disk_fds 0
> offline_mode off
> uri_whitespace strip
> nonhierarchical_direct on
> prefer_direct off
> strip_query_terms on
> coredump_dir /var/spool/squid
> redirector_bypass off
> ignore_unknown_nameservers on
> client_persistent_connections on

Might want to turn this off. See the message at http://www.squid-cache.org/mail-archive/squid-users/200410/0434.html and the bug report at http://www.squid-cache.org/bugs/show_bug.cgi?id=1116

> server_persistent_connections on
> detect_broken_pconn off
> balance_on_multiple_ip on
> pipeline_prefetch off
> request_entities off
> high_response_time_warning 0
> high_page_fault_warning 0
> high_memory_warning 0 bytes
> store_dir_select_algorithm least-load
> ie_refresh off
> vary_ignore_expire off
> sleep_after_fork 0
> relaxed_header_parser on
>
> Regards,
> Alex
>
>

The next time you post your squid.conf, please use sed, awk, grep or some other tool to post your actual squid.conf without comment lines ("grep -v ^# /etc/squid/squid.conf |grep -v ^$" works for me.). That way just things that have been changed from default will show up, and there will be less to slog through.

Chris
Received on Wed Sep 21 2005 - 14:31:34 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:03 MDT