Re: [squid-users] slower connections using squid (squid is slowing down all connections)

From: Alex <linuxro@dont-contact.us>
Date: Thu, 22 Sep 2005 09:57:44 +0300

Hi Chris,

I changed as you suggested me:
- cache_replacement_policy from heap LFUDA to heap GDSF.
- announce_period 0 (this was by default too, but cachemanager.cgi report me
that is ON!!!!)
- i am not using any accel options (httpd_accel_*), all are set to default
values (nothing changed here)
- client_persistent_connections from ON to OFF
- i increased redirect_children from 5 (default) to 50.... Am i wrong?!

With this new settings, i restarted squid and ... no improvements. Its
slower!!!!

At 9.40AM, I have:
Connection information for squid:
 Number of clients accessing cache: 67
 Number of HTTP requests received: 5439
 Average HTTP requests per minute since start: 136.4
Cache information for squid:
 Request Hit Ratios: 5min: 25.0%, 60min: 30.5%
 Byte Hit Ratios: 5min: 11.0%, 60min: 9.0%
 Request Memory Hit Ratios: 5min: 0.0%, 60min: 0.1%
 Request Disk Hit Ratios: 5min: 56.1%, 60min: 42.8%
 Storage Swap size: 3821108 KB
 Storage Mem size: 2700 KB
 Mean Object Size: 17.31 KB
 Requests given to unlinkd: 0

Resource usage for squid:
 UP Time: 2393.258 seconds
 CPU Time: 21.576 seconds
 CPU Usage: 0.90%
 CPU Usage, 5 minute avg: 0.33%
 CPU Usage, 60 minute avg: 0.91%
 Process Data Segment Size via sbrk(): 29020 KB
 Maximum Resident Size: 0 KB
 Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
 Total space in arena: 29020 KB
 Ordinary blocks: 28848 KB 89 blks
 Small blocks: 0 KB 0 blks
 Holding blocks: 1784 KB 3 blks
 Free Small blocks: 0 KB
 Free Ordinary blocks: 171 KB
 Total in use: 30632 KB 99%
 Total free: 171 KB 1%
 Total size: 30804 KB
Memory accounted for:
 Total accounted: 18153 KB
 memPoolAlloc calls: 1579234
 memPoolFree calls: 1126234
File descriptor usage for squid:
 Maximum number of file descriptors: 1024
 Largest file desc currently in use: 162
 Number of file desc currently in use: 146
 Files queued for open: 0
 Available number of file descriptors: 878
 Reserved number of file descriptors: 100
 Store Disk files open: 0
Internal Data Structures:
 220836 StoreEntries
    456 StoreEntries with MemObjects
    438 Hot Object Cache Items
 220761 on-disk objects

Also, i have:
Last 5 minutes:
client_http.requests = 2.723098/sec
client_http.hits = 0.779933/sec

Here comes ONLY UNCOMMENTED LINES IN squid.conf (grep -v
^# /etc/squid/squid.conf |grep -v ^$)

http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 32 MB
maximum_object_size 32768 KB
maximum_object_size_in_memory 32 KB
cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF
cache_dir diskd /var/spool/squid 20480 16 256
ftp_user squid@mydoom.ro
redirect_children 50
auth_param basic children 100
auth_param basic realm Squid proxy-caching server
auth_param basic program /usr/lib/squid/pam_auth
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl lanpass proxy_auth REQUIRED
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow lanpass
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr admin@mydoom.ro
visible_hostname proxy.mydoom.ro
announce_period 0
log_icp_queries off
cachemgr_passwd *** all
buffered_logs on
coredump_dir /var/spool/squid
client_persistent_connections off

On Wednesday 21 September 2005 23:31, Chris Robertson wrote:
> > -----Original Message-----
> > From: Alex [mailto:linuxro@online.ie]
> > Sent: Tuesday, September 20, 2005 11:49 PM
> > To: squid-users@squid-cache.org
> > Subject: [squid-users] slower connections using squid (squid
> > is slowing
> > down all connections)
> >
> >
> > Hello squid experts,
> >
> > I have a problem with my squid on Centos 4
> > (squid-2.5.STABLE6-3.4E.11). Squid
>
> You might want to upgrade. There have been a number of improvements in
> Squid. Other suggestions are below...
>
> > is configured to allow http acces to all our users with
> > authentication.
> > Everithing is going well when there are just few users
> > connected. Between
> > arround 11 AM up to 15-16 PM, http access via squid, become a
> > pain ... very
> > slower (worse then a dial up connection). I have enough
> > bandwidth to handle
> > all traffic and i tested this using nat (SNAT) at the same
> > time for some IP
> > addresses. With SNAT, http access is working like a charm.
> > Our server is dual
> > proc 3Ghz, with 1GB ecc memories and has 2 sata hard disks mounted in
> > mirroring - RAID1 (2 ports hardware controller - 3ware). I am
> > not using some
> > features for bandwidth limitation in squid (delay pools) config file.
> >
> > Today, using http://proxy.mydoom.ro/cgi-bin/cachemgr.cgi i
> > checked arround 10
> > AM to see how many users are connected. Cachemgr.cgi report
> > 170 different IP
> > address accessing http via squid. At this time, http acces is
> > slow but not
> > very slow.
>
> Check the "Cache Utilization" link for how many requests per second you are
> seeing and how much traffic squid is passing. Also check the "General
> Runtime Info" link for memory usage and service times. If your cache hit
> time is high, but the cache misses are fast, you are likely I/O bound.
> With only 170 people accessing your cache, I would find that unlikely,
> but...
>
> > Help me please to fix this problem. I am absolutely sure that
> > is one directive
> > in squid.conf which has default value and is causing
> > problems. Maybe squid is
> > configured to use unsuficient memory or to accept just few simultan
> > connections. I don't know. Here comes my Current Squid Configuration
> > generated by cachemgr.cgi.
> >
> > http_port 0.0.0.0:3128
> > ssl_unclean_shutdown off
> > icp_port 3130
> > udp_incoming_address 0.0.0.0
> > udp_outgoing_address 255.255.255.255
> > icp_query_timeout 0
> > maximum_icp_query_timeout 2000
> > mcast_icp_query_timeout 2000
> > dead_peer_timeout 10 seconds
> > hierarchy_stoplist cgi-bin
> > hierarchy_stoplist ?
> > no_cache Deny QUERY
> > cache_mem 33554432 bytes
> > cache_swap_low 90
> > cache_swap_high 95
> > maximum_object_size 33554432 bytes
> > minimum_object_size 0 bytes
> > maximum_object_size_in_memory 32768 bytes
> > ipcache_size 1024
> > ipcache_low 90
> > ipcache_high 95
> > fqdncache_size 1024
> > cache_replacement_policy heap LFUDA
> > memory_replacement_policy heap GDSF
>
> I have read an account stating that using two different replacement
> policies causes poor performance. Try making them both the same.
>
> > cache_dir diskd /var/spool/squid 20480 16 256 Q1=64 Q2=72
> > cache_access_log /var/log/squid/access.log
> > cache_log /var/log/squid/cache.log
> > cache_store_log /var/log/squid/store.log
> > emulate_httpd_log off
> > log_ip_on_direct on
> > mime_table /etc/squid/mime.conf
> > log_mime_hdrs off
> > pid_filename /var/run/squid.pid
> > debug_options ALL,1
> > log_fqdn off
> > client_netmask 255.255.255.255
> > ftp_user squid@mydoom.ro
> > ftp_list_width 32
> > ftp_passive on
> > ftp_sanitycheck on
> > ftp_telnet_protocol on
> > dns_retransmit_interval 5 seconds
> > dns_timeout 120 seconds
> > hosts_file /etc/hosts
> > diskd_program /usr/lib/squid/diskd
> > unlinkd_program /usr/lib/squid/unlinkd
> > redirect_children 5
> > redirect_rewrites_host_header on
> > auth_param basic /usr/lib/squid/pam_auth
> > auth_param basic realm Squid proxy-caching server
> > auth_param basic children 100
> > auth_param basic credentialsttl 7200 seconds
> > auth_param basic casesensitive off
> > authenticate_cache_garbage_interval 3600 seconds
> > authenticate_ttl 3600 seconds
> > authenticate_ip_ttl 0 seconds
> > wais_relay_port 0
> > request_header_max_size 10240 bytes
> > request_body_max_size 0 bytes
> > refresh_pattern ^ftp: 1440 20% 10080
> >
> > refresh_pattern ^gopher: 1440 0% 1440
> >
> > refresh_pattern . 0 20% 4320
> >
> > quick_abort_min 16 KB
> > quick_abort_max 16 KB
> > quick_abort_pct 95
> > negative_ttl 300 seconds
> > positive_dns_ttl 21600 seconds
> > negative_dns_ttl 60 seconds
> > range_offset_limit 0 bytes
> > forward_timeout 240 seconds
> > connect_timeout 60 seconds
> > peer_connect_timeout 30 seconds
> > read_timeout 900 seconds
> > request_timeout 300 seconds
> > persistent_request_timeout 60 seconds
> > client_lifetime 86400 seconds
> > half_closed_clients on
> > pconn_timeout 120 seconds
> > shutdown_lifetime 30 seconds
> > acl QUERY urlpath_regex cgi-bin
> > acl QUERY urlpath_regex \?
> > acl all src 0.0.0.0/0.0.0.0
> > acl manager proto cache_object
> > acl localhost src 127.0.0.1
> > acl lanpass proxy_auth REQUIRED
> > acl to_localhost dst 127.0.0.0/255.0.0.0
> > acl SSL_ports port 443
> > acl SSL_ports port 563
> > acl Safe_ports port 80
> > acl Safe_ports port 443
> > acl Safe_ports port 1025-65535
> > acl Safe_ports port 21
> > acl Safe_ports port 563
> > acl Safe_ports port 70
> > acl Safe_ports port 210
> > acl Safe_ports port 280
> > acl Safe_ports port 488
> > acl Safe_ports port 591
> > acl Safe_ports port 777
> > acl CONNECT method CONNECT
> > http_access Allow manager localhost
> > http_access Deny manager
> > http_access Deny !Safe_ports
> > http_access Deny CONNECT !SSL_ports
> > http_access Allow localhost
> > http_access Allow lanpass
> > http_access Deny all
> > http_reply_access Allow all
> > icp_access Allow all
> > reply_header_max_size 20480 bytes
> > reply_body_max_size 0 Allow all
> > cache_mgr admin@mydoom.ro
> > cache_effective_user squid
> > cache_effective_group squid
> > visible_hostname proxy.mydoom.ro
> > announce_period 31536000 seconds
> > announce_host tracker.ircache.net
> > announce_port 3131
>
> I don't quite understand why you are announcing your cache. Not that I
> think it would be harming your surfing speed, but...
>
> > httpd_accel_port 80
> > httpd_accel_single_host off
> > httpd_accel_with_proxy off
> > httpd_accel_uses_host_header off
>
> So are you using this cache as both a proxy and an accelerator? See
> http://www.squid-cache.org/Doc/FAQ/FAQ-20.html
>
> > dns_testnames netscape.com
> > dns_testnames internic.net
> > dns_testnames nlanr.net
> > dns_testnames microsoft.com
> > logfile_rotate 0
> > tcp_recv_bufsize 0 bytes
> > err_html_text
> > memory_pools on
> > memory_pools_limit 0 bytes
> > forwarded_for on
> > log_icp_queries off
> > icp_hit_stale off
> > minimum_direct_hops 4
> > minimum_direct_rtt 400
> > cachemgr_passwd XXXXXXXXXX all
> > store_avg_object_size 13 KB
> > store_objects_per_bucket 20
> > client_db on
> > netdb_low 900
> > netdb_high 1000
> > netdb_ping_period 300 seconds
> > query_icmp off
> > test_reachability off
> > buffered_logs on
> > reload_into_ims off
> > icon_directory /usr/share/squid/icons
> > short_icon_urls off
> > error_directory /etc/squid/errors
> > maximum_single_addr_tries 1
> > snmp_port 0
> > snmp_access Deny all
> > snmp_incoming_address 0.0.0.0
> > snmp_outgoing_address 255.255.255.255
> > as_whois_server whois.ra.net
> > wccp_router 0.0.0.0
> > wccp_version 4
> > wccp_incoming_address 0.0.0.0
> > wccp_outgoing_address 255.255.255.255
> > delay_pools 0
> > delay_initial_bucket_level 50
> > incoming_icp_average 6
> > incoming_http_average 4
> > incoming_dns_average 4
> > min_icp_poll_cnt 8
> > min_dns_poll_cnt 8
> > min_http_poll_cnt 8
> > max_open_disk_fds 0
> > offline_mode off
> > uri_whitespace strip
> > nonhierarchical_direct on
> > prefer_direct off
> > strip_query_terms on
> > coredump_dir /var/spool/squid
> > redirector_bypass off
> > ignore_unknown_nameservers on
> > client_persistent_connections on
>
> Might want to turn this off. See the message at
> http://www.squid-cache.org/mail-archive/squid-users/200410/0434.html and
> the bug report at http://www.squid-cache.org/bugs/show_bug.cgi?id=1116
>
> > server_persistent_connections on
> > detect_broken_pconn off
> > balance_on_multiple_ip on
> > pipeline_prefetch off
> > request_entities off
> > high_response_time_warning 0
> > high_page_fault_warning 0
> > high_memory_warning 0 bytes
> > store_dir_select_algorithm least-load
> > ie_refresh off
> > vary_ignore_expire off
> > sleep_after_fork 0
> > relaxed_header_parser on
> >
> > Regards,
> > Alex
>
> The next time you post your squid.conf, please use sed, awk, grep or some
> other tool to post your actual squid.conf without comment lines ("grep -v
> ^# /etc/squid/squid.conf |grep -v ^$" works for me.). That way just things
> that have been changed from default will show up, and there will be less to
> slog through.
>
> Chris
Received on Thu Sep 22 2005 - 00:57:49 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:04 MDT