Re: The Future

From: Arjan de Vet <>
Date: Thu, 2 Jan 1997 21:47:25 +0100 (MET)

In article <> you write:

>1) make the ACL module a seperate process.
> Why? We are a ISP in Germany. We primarily provide the squid service
> to our customers. Unfortunately our class C networks are not
> contiguous, so we had a rather long ACL list. We noticed that this
> had caused some significant performance degredations (as squid has
> to check the ACL list on every connection it receives). I have played
> with the order of the ACLs and moved the most frequently used to the
> top of the list. This made things a bit faster. But finally we

Some time ago I contributed some code which already does this and has been
included since squid-1.1.beta5: an IP address for which a successful lookup
was done is moved to the front of the list. Are you sure that this was
really causing the performance problem? I'm using an accesslist of 1200+ IP
addresses and networks without any problems.

> decided to ignore the "holes" in the list and open quasi class B
> nets. This reduced the list from more thn 100 entries to about 20 and
> made squid faster again.

What kind of machine is this? What version of Squid did you use?

> My idea was to make a seperate module like dnsserver and put all the
> ACL stuff there.

This will give extra communications overhead and it's better to keep it in
one process so that we can use historic information (that's what my patch
does and it only works so nice because squid is a single process daemon).

I also posted on this mailing list an experimental patch which used
balanced binary trees to store these access lists. This gives much better
and guaranteed logarithmic search performance. Let's see if I can find
time to make a new version which could be included in squid-1.2.

Received on Thu Jan 02 1997 - 14:28:11 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:58 MST