RE: [squid-users] Slow connect times

Setting "client_persistent_connections off" should not stop anything. The
only effect of this should be slighly slower average request times.

If setting this to of makes things go from bad to really bad then I am not
sure what it is.. maybe a SYN flood (intentional or accidental)?

Hmm.. how much traffic is being sent to this Squid proxy? By what kind of
users? Lan or dialup? On what OS?

Regards
Henrik

On Tue, 3 Sep 2002, Tim Price wrote:

> Setting client_persistent_connections to "off" stops everything, so if that's
> not what you meant let me know.
>
> The access log doesn't show any big time lags between records for the same
> request. On the slow connects the first entry is the DENIED for lack of NTLM,
> but then back and forth DENIED - MISS - HIT will follow with only fractions of a
> second elapsed. I can't tell whether there is a lag before the first record
> hits the log compared to the actual request.
>
> They are happening less frequently (2 or 3 out of every 10 requests), but will
> still happen on even the same website from one request to the next. The lag is
> consistently right at 20 seconds when it happens.
>
>
>
> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@marasystems.com]
> Sent: Friday, August 30, 2002 3:57 PM
> To: tprice@lovebox.com; squid-users@squid-cache.org
> Subject: Re: [squid-users] Slow connect times
>
>
> Try disabling client side persistent connections. Please tell us if
> you see any different (or no difference at all).
>
> Also keep an eye on your access.log to see if you can identify what is
> causing the delay. access.log contains a quite detailed trace of the
> time it takes to load a page and where it is spent (even more so for
> NTLM auth).
>
> Regards
> Henrik
>
>
>
> On Thursday 29 August 2002 22.22, Tim Price wrote:
> > I am running Squid 2.5-pre10, RH7.3, Samba 2.2.5 + Winbind, and as
> > little adjusting to squid.conf as I could to get things going. I
> > have wb_ntlmauth & wb_auth working for NT domain authentication.
> >
> > I am trying (hard) to replace a MSProxy Server but am not getting
> > comparable performance with Squid. Squid will respond nicely
> > sometimes, other times it will stall and take 20+ seconds to load a
> > page with the page then displaying in its entirety almost
> > instantly. If you get impatient during a stall and click a link
> > again, many times it will load almost instantly right after the
> > second click. I am testing the same sites at the same time with
> > the MSProxy without any issue. DNS response times are not great,
> > but that should be equally slow for both machines. I have ran
> > tests without authenticating at all and get the same results so
> > that's not the issue either.
> >
> > I only have a few users testing the Squid box so the load is light.
> > The MSProxy box is supporting several hundred users so it's fairly
> > busy. Both machines have identical hardware, P2-300/128meg ram.
> >
> > I pasted in the config from cachemgr in hopes someone can point out
> > to me where I've missed the boat. I'm also curious why things
> > commented out in the squid.conf file still show to be active in the
> > cachemgr dump.
> >
> > Thanks for the help in advance. Tim Price
> >
> >
> > Squid Configuration from CacheMgr
> > --------------------------------------------------------------
> > http_port 172.16.3.101:80
> > icp_port 3130
> > udp_incoming_address 0.0.0.0
> > udp_outgoing_address 255.255.255.255
> > icp_query_timeout 0
> > maximum_icp_query_timeout 2000
> > mcast_icp_query_timeout 2000
> > dead_peer_timeout 10 seconds
> > hierarchy_stoplist cgi-bin
> > hierarchy_stoplist ?
> > no_cache Deny QUERY
> > cache_mem 8388608 bytes
> > cache_swap_low 90
> > cache_swap_high 95
> > maximum_object_size 4194304 bytes
> > minimum_object_size 0 bytes
> > maximum_object_size_in_memory 8192 bytes
> > ipcache_size 1024
> > ipcache_low 90
> > ipcache_high 95
> > fqdncache_size 1024
> > cache_replacement_policy lru
> > memory_replacement_policy lru
> > cache_dir ufs /usr/local/squid/var/cache 100 16 256
> > cache_access_log /usr/local/squid/var/logs/access.log
> > cache_log /usr/local/squid/var/logs/cache.log
> > cache_store_log /usr/local/squid/var/logs/store.log
> > emulate_httpd_log off
> > log_ip_on_direct on
> > mime_table /usr/local/squid/etc/mime.conf
> > log_mime_hdrs off
> > pid_filename /usr/local/squid/var/logs/squid.pid
> > debug_options ALL,1
> > log_fqdn off
> > client_netmask 255.255.255.255
> > ftp_user Squid@
> > ftp_list_width 32
> > ftp_passive on
> > ftp_sanitycheck on
> > dns_retransmit_interval 5 seconds
> > dns_timeout 300 seconds
> > hosts_file /etc/hosts
> > diskd_program /usr/local/squid/libexec/
> > unlinkd_program /usr/local/squid/libexec/unlinkd
> > redirect_children 5
> > redirect_rewrites_host_header on
> > auth_param ntlm /usr/local/squid/libexec/wb_ntlmauth
> > auth_param ntlm children 10
> > auth_param ntlm max_challenge_reuses 0
> > auth_param ntlm max_challenge_lifetime 300 seconds
> > auth_param basic /usr/local/squid/libexec/wb_auth
> > auth_param basic realm Squid proxy-caching web server
> > auth_param basic children 5
> > auth_param basic credentialsttl 7200 seconds
> > authenticate_cache_garbage_interval 3600 seconds
> > authenticate_ttl 3600 seconds
> > authenticate_ip_ttl 0 seconds
> > wais_relay_port 0
> > request_header_max_size 10240 bytes
> > request_body_max_size 0 bytes
> > refresh_pattern ^ftp: 1440 20% 10080
> > refresh_pattern ^gopher: 1440 0% 1440
> > refresh_pattern . 0 20% 4320
> > reference_age 31557790 seconds
> > quick_abort_min 16 KB
> > quick_abort_max 16 KB
> > quick_abort_pct 95
> > negative_ttl 300 seconds
> > positive_dns_ttl 21600 seconds
> > negative_dns_ttl 300 seconds
> > range_offset_limit 0 bytes
> > connect_timeout 120 seconds
> > peer_connect_timeout 30 seconds
> > siteselect_timeout 4 seconds
> > read_timeout 900 seconds
> > request_timeout 300 seconds
> > persistent_request_timeout 60 seconds
> > client_lifetime 86400 seconds
> > half_closed_clients on
> > pconn_timeout 120 seconds
> > ident_timeout 10 seconds
> > shutdown_lifetime 30 seconds
> > acl QUERY urlpath_regex cgi-bin
> > acl QUERY urlpath_regex \?
> > acl all src 0.0.0.0/0.0.0.0
> > acl manager proto cache_object
> > acl to_localhost dst 127.0.0.0/255.0.0.0
> > acl SSL_ports port 443
> > acl SSL_ports port 563
> > acl Safe_ports port 80
> > acl Safe_ports port 1025-65535
> > acl Safe_ports port 443
> > acl Safe_ports port 21
> > acl Safe_ports port 563
> > acl Safe_ports port 70
> > acl Safe_ports port 210
> > acl Safe_ports port 280
> > acl Safe_ports port 488
> > acl Safe_ports port 591
> > acl Safe_ports port 777
> > acl OpenAccess_Safe_ports port 80
> > acl OpenAccess_Safe_ports port 443
> > acl OpenAccess_Safe_ports port 563
> > acl CONNECT method CONNECT
> > acl WhiteListWebsites dstdomain .ibm.com
> > acl AuthLimitedUsers proxy_auth REQUIRED
> > acl AuthFullAccessUsers proxy_auth ntdomaim\ntuser
> > http_access Allow manager all
> > http_access Deny !Safe_ports
> > http_access Deny CONNECT !SSL_ports
> > http_access Deny to_localhost
> > http_access Allow WhiteListWebsites AuthLimitedUsers
> > http_access Allow all AuthFullAccessUsers
> > http_access Deny all
> > http_reply_access Allow all
> > icp_access Allow all
> > ident_lookup_access Deny all
> > reply_body_max_size 0 Allow all
> > cache_mgr webmaster@
> > cache_effective_user nobody
> > announce_period 31536000 seconds
> > announce_host tracker.ircache.net
> > announce_port 3131
> > httpd_accel_port 80
> > httpd_accel_single_host off
> > httpd_accel_with_proxy off
> > httpd_accel_uses_host_header off
> > dns_testnames netscape.com
> > dns_testnames internic.net
> > dns_testnames nlanr.net
> > dns_testnames microsoft.com
> > logfile_rotate 10
> > tcp_recv_bufsize 0 bytes
> > err_html_text
> > memory_pools on
> > memory_pools_limit 0 bytes
> > forwarded_for on
> > log_icp_queries on
> > icp_hit_stale off
> > minimum_direct_hops 4
> > minimum_direct_rtt 400
> > cachemgr_passwd none all
> > store_avg_object_size 13 KB
> > store_objects_per_bucket 20
> > client_db on
> > netdb_low 900
> > netdb_high 1000
> > netdb_ping_period 300 seconds
> > query_icmp off
> > test_reachability off
> > buffered_logs off
> > reload_into_ims off
> > icon_directory /usr/local/squid/share/icons
> > error_directory /usr/local/squid/share/errors/English
> > minimum_retry_timeout 5 seconds
> > maximum_single_addr_tries 3
> > as_whois_server whois.ra.net
> > wccp_router 0.0.0.0
> > wccp_version 4
> > wccp_incoming_address 0.0.0.0
> > wccp_outgoing_address 255.255.255.255
> > incoming_icp_average 6
> > incoming_http_average 4
> > incoming_dns_average 4
> > min_icp_poll_cnt 8
> > min_dns_poll_cnt 8
> > min_http_poll_cnt 8
> > max_open_disk_fds 0
> > offline_mode off
> > uri_whitespace strip
> > nonhierarchical_direct on
> > prefer_direct off
> > strip_query_terms on
> > coredump_dir /usr/local/squid/var/cache
> > redirector_bypass off
> > ignore_unknown_nameservers on
> > client_persistent_connections on
> > server_persistent_connections on
> > pipeline_prefetch off
> > high_response_time_warning 0
> > high_page_fault_warning 0
> > high_memory_warning 0 bytes
> > store_dir_select_algorithm least-load
> > ie_refresh off
> > vary_ignore_expire off
> > sleep_after_fork 0
>
Received on Tue Sep 03 2002 - 16:48:56 MDT