[squid-users] slower connections using squid (squid is slowing down all connections)

From: Alex <linuxro@dont-contact.us>
Date: Wed, 21 Sep 2005 10:49:15 +0300

Hello squid experts,

I have a problem with my squid on Centos 4 (squid-2.5.STABLE6-3.4E.11). Squid
is configured to allow http acces to all our users with authentication.
Everithing is going well when there are just few users connected. Between
arround 11 AM up to 15-16 PM, http access via squid, become a pain ... very
slower (worse then a dial up connection). I have enough bandwidth to handle
all traffic and i tested this using nat (SNAT) at the same time for some IP
addresses. With SNAT, http access is working like a charm. Our server is dual
proc 3Ghz, with 1GB ecc memories and has 2 sata hard disks mounted in
mirroring - RAID1 (2 ports hardware controller - 3ware). I am not using some
features for bandwidth limitation in squid (delay pools) config file.

Today, using http://proxy.mydoom.ro/cgi-bin/cachemgr.cgi i checked arround 10
AM to see how many users are connected. Cachemgr.cgi report 170 different IP
address accessing http via squid. At this time, http acces is slow but not
very slow.

Help me please to fix this problem. I am absolutely sure that is one directive
in squid.conf which has default value and is causing problems. Maybe squid is
configured to use unsuficient memory or to accept just few simultan
connections. I don't know. Here comes my Current Squid Configuration
generated by cachemgr.cgi.

http_port 0.0.0.0:3128
ssl_unclean_shutdown off
icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
icp_query_timeout 0
maximum_icp_query_timeout 2000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin
hierarchy_stoplist ?
no_cache Deny QUERY
cache_mem 33554432 bytes
cache_swap_low 90
cache_swap_high 95
maximum_object_size 33554432 bytes
minimum_object_size 0 bytes
maximum_object_size_in_memory 32768 bytes
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir diskd /var/spool/squid 20480 16 256 Q1=64 Q2=72
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log off
log_ip_on_direct on
mime_table /etc/squid/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255
ftp_user squid@mydoom.ro
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
ftp_telnet_protocol on
dns_retransmit_interval 5 seconds
dns_timeout 120 seconds
hosts_file /etc/hosts
diskd_program /usr/lib/squid/diskd
unlinkd_program /usr/lib/squid/unlinkd
redirect_children 5
redirect_rewrites_host_header on
auth_param basic /usr/lib/squid/pam_auth
auth_param basic realm Squid proxy-caching server
auth_param basic children 100
auth_param basic credentialsttl 7200 seconds
auth_param basic casesensitive off
authenticate_cache_garbage_interval 3600 seconds
authenticate_ttl 3600 seconds
authenticate_ip_ttl 0 seconds
wais_relay_port 0
request_header_max_size 10240 bytes
request_body_max_size 0 bytes
refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320

quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
negative_ttl 300 seconds
positive_dns_ttl 21600 seconds
negative_dns_ttl 60 seconds
range_offset_limit 0 bytes
forward_timeout 240 seconds
connect_timeout 60 seconds
peer_connect_timeout 30 seconds
read_timeout 900 seconds
request_timeout 300 seconds
persistent_request_timeout 60 seconds
client_lifetime 86400 seconds
half_closed_clients on
pconn_timeout 120 seconds
shutdown_lifetime 30 seconds
acl QUERY urlpath_regex cgi-bin
acl QUERY urlpath_regex \?
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1
acl lanpass proxy_auth REQUIRED
acl to_localhost dst 127.0.0.0/255.0.0.0
acl SSL_ports port 443
acl SSL_ports port 563
acl Safe_ports port 80
acl Safe_ports port 443
acl Safe_ports port 1025-65535
acl Safe_ports port 21
acl Safe_ports port 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access Allow manager localhost
http_access Deny manager
http_access Deny !Safe_ports
http_access Deny CONNECT !SSL_ports
http_access Allow localhost
http_access Allow lanpass
http_access Deny all
http_reply_access Allow all
icp_access Allow all
reply_header_max_size 20480 bytes
reply_body_max_size 0 Allow all
cache_mgr admin@mydoom.ro
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.mydoom.ro
announce_period 31536000 seconds
announce_host tracker.ircache.net
announce_port 3131
httpd_accel_port 80
httpd_accel_single_host off
httpd_accel_with_proxy off
httpd_accel_uses_host_header off
dns_testnames netscape.com
dns_testnames internic.net
dns_testnames nlanr.net
dns_testnames microsoft.com
logfile_rotate 0
tcp_recv_bufsize 0 bytes
err_html_text
memory_pools on
memory_pools_limit 0 bytes
forwarded_for on
log_icp_queries off
icp_hit_stale off
minimum_direct_hops 4
minimum_direct_rtt 400
cachemgr_passwd XXXXXXXXXX all
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db on
netdb_low 900
netdb_high 1000
netdb_ping_period 300 seconds
query_icmp off
test_reachability off
buffered_logs on
reload_into_ims off
icon_directory /usr/share/squid/icons
short_icon_urls off
error_directory /etc/squid/errors
maximum_single_addr_tries 1
snmp_port 0
snmp_access Deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
as_whois_server whois.ra.net
wccp_router 0.0.0.0
wccp_version 4
wccp_incoming_address 0.0.0.0
wccp_outgoing_address 255.255.255.255
delay_pools 0
delay_initial_bucket_level 50
incoming_icp_average 6
incoming_http_average 4
incoming_dns_average 4
min_icp_poll_cnt 8
min_dns_poll_cnt 8
min_http_poll_cnt 8
max_open_disk_fds 0
offline_mode off
uri_whitespace strip
nonhierarchical_direct on
prefer_direct off
strip_query_terms on
coredump_dir /var/spool/squid
redirector_bypass off
ignore_unknown_nameservers on
client_persistent_connections on
server_persistent_connections on
detect_broken_pconn off
balance_on_multiple_ip on
pipeline_prefetch off
request_entities off
high_response_time_warning 0
high_page_fault_warning 0
high_memory_warning 0 bytes
store_dir_select_algorithm least-load
ie_refresh off
vary_ignore_expire off
sleep_after_fork 0
relaxed_header_parser on

Regards,
Alex
Received on Wed Sep 21 2005 - 01:49:18 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:03 MDT