Re: running squid-1.0beta11 inside a firewall with slow parents

From: Thomas Schmidt <tcs@dont-contact.us>
Date: Fri, 7 Jun 1996 11:17:31 +0200

>We're running squid-1.0beta11 inside a firewall with two parent
>proxies running outside the firewall. Sometimes it seems that we
>don't see the UDP replies from our parents and so we get the ``No ICP
>replies received and the host is beyond the firewall'' error message.

I think this message is the most important problem of acceptance since
cached and squid exists. I think this message is one of the reasons why on
some of our pops only 40% of our active user use the cache.

1. One way to get less of this messages is to set the value of
"neighbor_timeout" a little bit higher than the one of your parents.
Sometimes parents have to wait for a timeout of their parents/neighbours.
If your timeout value is less or the same as the one of your parent you
will not get an answer from it in time.

2. Another error source is the dead neighbour optimization algorithm: If a
dead neighbour was detected when pinging it is not counted
(e_pings_n_pings) but pinged. If it answers with anything else than a hit
it will be counted on acks (e_pings_n_acks). Now consider the case of
haveing one neighbour and one parent. Both are pinged. The first one is
temporarly dead (f.e. its slow line becomes much slower because of high
nntp traffic and an actual ftp transfer) but now answers with a miss.
e_pings_n_acks will be incremented and "(m->e_pings_n_acks ==
m->e_pings_n_pings)" [neighbors.c:629] becomes true but there is no parent
which gave an answer - so "No ICP replies ...".

In short, this algorithm is not transaction save. One way to solve this
problem could be as follows:

Each neighbour gets a second up/down indicator, "pre_neighbor_up", which
will be set appropriatly immediatly on a up/down state change detection.
This real "neighbor_up" indicator should be set from "pre_neighbor_up" only
if no ack is pending for any ping. A neighbour should neither be counted on
pings (e_pings_n_pings) nor on acks (e_pings_n_acks) (!) until
"neighbor_up" is true.

        Thomas 

--
|Thomas Schmidt    | Email: tcs@morini.in-berlin.de | Phone: +49-30-7829537|
|Leuthener Str. 4a |[Email: tcs@cs.tu-berlin.de]    | Fax: +49-30-7828103  |
|D-10829 Berlin    |                                | Data: +49-30-7828103 |
Received on Fri Jun 07 1996 - 02:25:32 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:29 MST