Re: [squid-users] Upgrade to 3.4.3 and TCP Connections to parent failing more often

From: Paul Carew <beavatronix_at_gmail.com>
Date: Wed, 19 Feb 2014 17:40:45 +0000

Thank you Eliezer.

There are 2 initial Squid servers, that users connect to, load
balanced in a rather primitive way using a PAC file. Requests destined
for the internet are then relayed to the 2 parent servers via CARP.
All running Squid 3.4.3 on x64 CentOS based boxes.

The "connection failed" errors occur on connections from both of the
first line servers to both of the parent servers.

Load is quite small I believe, CPU usage sit's around 6% for the 5
minute average according to mgr:info. Memory usage is about 3.3GB out
of a 6GB total available on the box.

The connection errors I've looked into have all been regular HTTP connections.

I've been looking at it today and thought I was on to something when I
noticed a lot of TCP RSTs being dropped on a ASA firewall between the
two sets of servers, due to the RST not relating to an open
connection. However, despite alterations to the firewall (sysopt
connection timewait) these errors have persisted.

On 19 February 2014 14:56, Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote:
> Are all these servers uses squid?
> I am not sure If I understood right?
> Two forward proxies?
> I will test it on one which is 3.4.3 and the upper one will be 3.4.1.
> What is the load on these servers?
> What type of connections are we talking about? CONNECT or regular http?
>
> Eliezer
>
>
> On 02/17/2014 04:56 PM, Paul Carew wrote:
>>
>> Hi
>>
>> I have recently upgraded our Squid servers from 3.3.11 to 3.4.3 and am
>> seeing the following error every few minutes in the cache log.
>>
>> 2014/02/17 13:43:02 kid1| TCP connection to wwwproxy02.domain.local/8080
>> failed
>>
>> I have 2 servers configured on the LAN which handle connections over a
>> private WAN and 2 other servers on another WAN connected to the
>> internet. The first 2 servers use the second pair of servers connected
>> to the internet as a parent with the following lines in squid.conf:
>>
>> cache_peer wwwproxy01.domain.local parent 8080 0 no-query no-digest carp
>> cache_peer wwwproxy02.domain.local parent 8080 0 no-query no-digest carp
>>
>> With 3.3.11 I occasionally got the error, maybe two or three times daily.
>>
>> Does anyone have any ideas why this might be occurring on 3.4.3 but
>> not 3.3.11? I've had a look at debug_options but can't see a section
>> that screams "debug me" for this particular error. Maybe section 11 or
>> 15?
>>
>> Many Thanks
>>
>> Paul
>>
>
Received on Wed Feb 19 2014 - 17:40:54 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 20 2014 - 12:00:06 MST