On Fri, 4 Mar 2005, SXB6300 Mailing wrote:
> On every child of one level, I get the message : TCP connection to
> parent/8080 failed
This indicates one of two things:
a) The TCP connection to the parent was refused by the parent.
b) The TCP connection to the parent timed out for some reason.
'a' has a number of sub-alternatives
- parent overloaded, causing it to stop accepting new connections
(logged)
- parent temporarily overloaded and too low syn backlog setting in your
OS.
- parent crashed (logged)
- parent effectively syn-flooded (usually logged in the system logs,
not the cache.log). This is also related to the syn backlog mentioned
above.
- firewall between the child and the parent rejecting the request for
some reason. Supricingly often this is the case.
'b' is a bit fuzzier and mostly relates to networking and packet loss.
If you are using linux iptables then watch out for conntrack table
limitations. If this is your problem it will be logged in the system logs
(usually /var/log/messages) on the failing server (can be either of the
two).
> I'm quite worried about this problem because I've seen other person
> having this problem but no clue on how to resolve it.
In Squid's eyes it is a basic network failure.
> What's more, I'd like to load balance our internet proxies but with this
> problem, it's not possible. 'Cause that would say configuring only one
> parent proxy on the children (the virtual address), and as we use
> never_direct on the children, during connection failures that would
> result in a "unable to relay" message for the users.
The childs will try a number of times before giving up, and if you give
them more than one parent then changes are increased significantly that
they will succeed. Unless the problem is local to the childs themselves.
(i.e. conntrack table full or similar).
Regards
Henrik
Received on Fri Mar 04 2005 - 19:44:10 MST
This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:01 MST