System unstable while squid running

Hello,

I experience some problems with squid running.

The proxy is a slave proxy in order to browse over a satellite link which
connects to a master proxy (Inktomi under Solaris) using authentication on an
oracle database.

Under Linux, The network stops
responding, and during this time I get the following messages in my syslog :
Jul 8 13:15:57 glop115 kernel: eth0: Memory squeeze, deferring packet.

Jul 7 14:00:26 glop115 squid[115]: comm_select: select failure: (12) Cannot all
ocate memory
Jul 7 14:00:26 glop115 squid[115]: examine_select: Examining open file descript
ors...

Then I have megabytes of this messages
Jul 7 14:00:26 glop115 squid[115]: FD 1408: (9) Bad file descriptor
Jul 7 14:00:26 glop115 squid[115]: WARNING: FD 1408 has handlers, but it's inva
lid.
Jul 7 14:00:26 glop115 squid[115]: FD 1409 is a None called ''
Jul 7 14:00:26 glop115 squid[115]: tmout:(nil) read:(nil) write:(nil)
Jul 7 14:00:26 glop115 squid[115]: FD 1413: (9) Bad file descriptor

During this time the only way is to use Alt+scroll lock to kill squid because
the system tells :
# ps aux
bash: fork: Cannot allocate memory

Also sometime when this happens the only solution is to hard reset the system,
sometime syslog daemon is not logging anymore.

I changed the following settings in my system :
- File descriptor increase :
  I changed /usr/src/linux/include/linux/limits.h to add
  #define NR_OPEN 8192
  and fs.h to : #define INR_OPEN 8192

  /usr/include/bits/types.h : #define __FD_SETSIZE 8192

  echo 8192 > /proc/sys/fs/file-max
  ulimit -n 8192
  ulimit -H -n 8192

- Change the local port range to allow more than =~ 3000 connections on the
proxy :
  echo "1024 32767" > /proc/sys/net/ipv4/ip_local_port_range

Under FreeBSD, I get less error messages but sometime the system reboots itself.

I tried with different NIC (3COM 3c905-C, Intel Express Pro 100, Realtek
8139) on different hardware machines.

Here is the squid configuration : ( I changed IP addresses)

http_port 192.168.0.44:8080 192.168.0.44:8090
icp_port 3130
cache_peer 192.168.0.102 parent 8080 3130 proxy-only
cache_peer 192.168.0.5 parent 8080 3130 proxy-only
cache_mem 64 MB (with 1 Gig of RAM and 2 Gig of swap)
cache_dir ufs /usr/local/squid/cache 6000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
mime_table /usr/local/squid/etc/mime.conf
log_mime_hdrs off
useragent_log none
pid_filename /var/run/squid.pid
log_fqdn off
ftp_user squid@europeonline.net
ftp_list_width 70
dns_nameservers 192.168.0.7 192.168.0.41
unlinkd_program /usr/local/squid/bin/unlinkd
redirect_children 10
authenticate_program /usr/local/sbin/squid_oradb_auth
authenticate_children 8
authenticate_ttl 7200
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern -i \.(zip|exe|gif|jpg|png|tar\.gz) 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 1 KB
quick_abort_max 1 KB
quick_abort_pct 99
half_closed_clients off
acl radiuspassword proxy_auth REQUIRED
acl lan src 192.168.0.0/255.255.240.0
acl test src 192.168.1.2/255.255.255.255
acl snmppublic snmp_community mycommunityname
acl all src 0.0.0.0/0.0.0.0
acl stardust src 192.168.1.3/255.255.255.255
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl shapedhosts src 0.0.0.0/0.0.0.0
http_access allow manager localhost
http_access allow manager stardust
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow test
http_access allow radiuspassword
http_access deny all
icp_access allow all
miss_access allow all
proxy_auth_realm proxy-caching web server
cache_mgr customer.support@europeonline.net
cache_effective_user squid
cache_effective_group squid
dns_testnames netscape.com internic.net nlanr.net microsoft.com
logfile_rotate 14
forwarded_for on
cachemgr_passwd MyPassWord all
store_avg_object_size 18 KB
client_db off
query_icmp off
buffered_logs on
never_direct allow all
icon_directory /usr/local/squid/etc/icons
snmp_port 3401
snmp_access allow snmppublic lan
snmp_access deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 0.0.0.0
delay_pools 1 # 1 delay pool (one per QoS class)
delay_class 1 3 # for pool 1 use class 3 delay pool
delay_access 1 allow shapedhosts
delay_access 1 deny all
delay_parameters 1 -1/-1 -1/-1 32000/64000
prefer_direct off
client_persistent_connections on
server_persistent_connections on

Thank you for your help,

Best regards,

Tristan
Received on Sat Jul 08 2000 - 06:39:34 MDT