something interesting with squid-2.3Stable1 from Roger Pen~a Escobio on 2000-02-17 (squid-users)

From: Roger Pen~a Escobio <roger@dont-contact.us>
Date: Thu, 17 Feb 2000 17:17:18 -0500 (EST)

hello all squid users and hackers :-)

i e-mail you because we have having something interesting, and maybe
somebody is having the same behavior.

first of all, we are running squid in a HPUX-10.20

today we look that our proxy machine was so slow that it was almost
impossible to get any page from the net, when we checked the network
status we noted that we had about 6000 TCP connections in our server 95%
of these were FIN_WAIT , we stopped the squid but as it didn't decrease
quickly we needed to shutdown the server, when the server was ready again,
we change the configuration of the squid and decrease the
"client_lifetime" to 5
minutes, and we keep monitoring the status of the network, it start ok but
then after the day goes, the number of FIN_WAIT_2 connection have been
increasing, here are the result of netstat:
#netstat -na | grep "tcp" | grep "FIN"|wc -l
594
# netstat -na | grep "tcp"|wc -l
789

as you see, we don't have a busy server but 2/3 of the connection are
waiting for close, can you imaging after 3 weeks??
at the same time this is the output of netstat -nap tcp:

        37953 connection requests
        40151 connection accepts
        75465 connections established (including accepts)
        87015 connections closed (including 16253 drops)
        10027 embryonic connections dropped
        251386 segments updated rtt (of 335863 attempts)
        73580 retransmit timeouts
                339 connections dropped by rexmit timeout
        344 persist timeouts
        1255 keepalive timeouts
                1 keepalive probe sent
                327 connections dropped by keepalive

you can see, the system drops about 17000 connections.

so, do you think that this is because the HPUX or the squid??
something interesting is that the mayor source of unclosed connection came
from MS-proxy server, child of our squid, not all the connection but 10%
came from only this server, we don't know the software behind the another
source of unclosed connection. Before this machine we always run squid on
Intel platform running RedHat Linux , and never got this problem but at
the same time we never run before the version of squid ( we used
2.2stable3 and older).
we plan to install 2.2stable3 and see what happen but ?what do you think??

Thanks
Roger

Received on Thu Feb 17 2000 - 15:30:14 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:51:19 MST