Brett,
I had a similar experience when we moved some Squid instances behind a
Cisco CSS for load balancing. The problem turned out to be a
combination of gigabit ethernet, new cards, and some tweaks to
/etc/sysctl.conf on our Debian Linux boxes.
Apparently, the Cisco CSS were not configured to allow large TCP
windows. Our squid and Apple's web server negotiated the connection
to allow large frames, but when their web server tried sending one, it
got stuck at our Cisco CSS. The transfer would predictably fail about
6K into the transfer.
If you think this has any application for you, our settings are:
# egrep "^[a-zA-Z]" /etc/sysctl.conf
net/ipv4/icmp_echo_ignore_broadcasts=1
net/ipv4/tcp_syncookies=1
net.ipv4.tcp_no_metrics_save = 1
net.core.netdev_max_backlog = 2500
net.core.rmem_max = 105472
net.core.wmem_max = 105472
net.ipv4.tcp_rmem = 4096 87380 174760
net.ipv4.tcp_wmem = 4096 16384 131072
vm/min_free_kbytes = 65536
# uname -a
Linux httpproxy1 2.6.15-1-686-smp #2 SMP Mon Mar 6 15:34:50 UTC 2006
i686 GNU/Linux
# cat /etc/debian_version
testing/unstable
Good luck,
-John Reddy
> A user just complained to me that he could not download the
> latest Apple security update. On a hunch, I bypassed the
> transparent Squid proxy and the update installed properly. The
> Squid developers may want to investigate why this problem
> occurred. The version of Squid that's running is 2.5STABLE5.
>
> --Brett Glass, LARIAT.NET
>
>
Received on Wed May 17 2006 - 13:37:16 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:02 MDT