> I don't see how this could happen--are you running out
> of file descriptors or available ports?
I don't know! How can I figure this out, I mean, figure out WHY is Squid
stopping? Any debug, tools or observation of other system status?
I what did notice is that while Squid process is irresponsive, it vanishes
from the screen where I have "top" running. So maybe the resource limitation
is not on Squid itself but somewhere else in the system, as you've
suggested. I just can't imagine why since it have NEVER happened before,
even with far more traffic than the one these infected customers generate.
Someone have mentioned on the list a while ago that the problem could be the
fact that most of the requests - almost all - try to connect to IPs which
are not online, thus opening an incredible ammount of SYN requests that are
never answered. However, other people have also said that since Squid
responds with NONE/411, it never actually serves the requests and so it
never sends the SYN requests.
Am I at least making sense in my doubts? Is my English clear enough?
> We have a number of clients running Squid, and seeing
> far more of these requests than you are, and are not being
> shutdown by it.
It was never shutdown, it never crashed or failed. That's why I've used the
expressions "brough to its knees". After a few minutes irresponsive it
starts working again until another dial-up customer - or the same one -
starts hitting it again.
> One of our clients was getting about 200 CodeRed
> requests per minute from several hosts, and while
> Squid wasn't happy about it, it never failed.
When we start being hit it's usually from one customer at a time - they're
dial-up customers. However, when it happens, even if the person is at 33k6,
the rate is roughly 5 or 10 hits per second.
> There is no other stuff. If you want the requests to stop
> hitting your Squid it has to be fixed at the network layer...
> Squid will process it one way or another (either accept
> the request or deny it) as long as those packets are
> being redirected to Squid.
I see your point.
> But I think fixing the reason your Squid is so flimsy is
> probably the solution you need here. Raising file descriptors
> and available ports should do it.
I'll try to get more filedescriptors and ports. I'm already reading about
it. Thanks.
--- Luiz Lima Image Link Internet http://www.imagelink.com.brReceived on Thu Aug 09 2001 - 20:49:13 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:01:32 MST