Re: Linux Optimization fro Squid proxy

Hamid Reza Hashemi Golpayegani wrote:
>
> Thanx for your help . These are my existing variable :
>
> fs.file-max = 4096
> fs.inode-max = 16384
> net.ipv4.tcp_max_syn_backlog = 128
> net.ipv4.ip_local_port_range = 1024 4999
>
> So I want to know that I must change these to what numbers?
> I mean which numbers are better for my squid performance ?

There is no generic answer to this question. It depends on what load you
are running on, how your clients are configured, how much CPU and memory
you have to spare and some other factors.

All except the syn backlog parameter you will know for sure that you
have to tune when you see complaints in cache.log and/or
/var/log/messages.

The syn backlog is a bit trickier, and also depends a bit on if you have
enabled SYN cookies or not (SYN cookies is a SYN flood defender
technique in Linux, which cuts down on the SYN backlog requirements by
using some clever TCP tricks). I think I hit the limit when we had about
2000 concurrent user (concurrent == active withing the last 5 minutes),
but then most of these users are fast LAN users. If you have dialup
users then the SYN backlog requirement will be a lot higher than for LAN
users as the time clients stay in the SYN backlog depends a lot on the
packet RTT time between the client and the Squid server.

My recommendation is to have at least the same amount of file-max as you
have filedescriptor support in your Squid, then have inode-max 4 times
this.

The SYN backlog should probably be set to 512 or more, and you might
want to consider enabling SYN cookies.

ip_local_port_range you can increase straight away, to use for example
1024 32767 or a similar range. Be warned that if your Linux box are also
running as a IP-Masquerade server then the range must not overlap with
the IP-Masquerade port range. I think this also applies to any of the
related port forwarding techniquest available in Linux.

--
Henrik Nordstrom
Squid hacker