Hi,
I would like to know what could i do to have a good cache working with squid
in a ISP. The main purpose is save bandwidth ar the ISP that i work for.
That is a small ISP having about 5.000 customers and we sell speeds from
100Kbps to 2Mbps (the users are shapped before reach the proxy server, and
the proxy server has full access to the internet (no shapping for it).
I tryed lots of different configurations but it still not saving too much
(just about 1Mbps when its working) and in each 2 days it reduce drastically
the performance without any obvious reason. When this happens, the users
can't access the web and i need to delete my DNAT rules for the customers
bypass the proxy, wait some minutes, restart the squid daemon and insert the
DNAT rules again. I will put here my topology, hardware and software
informations. Any Tip will help me so much, i will be totaly grateful and
oweing lots.
Here goes (forgive me for the big e-mail). Right now, the proxyserver is
running fine:
[root@proxy-mns ~]# cat /etc/fedora-release
Fedora Core release 4 (Stentz)
[root@proxy-mns ~]# uname -a
Linux proxy-mns.domain.com 2.6.11-1.1369_FC4smp #1 SMP Thu Jun 2 23:08:39
EDT 2005 i686 i686 i386 GNU/Linux
[root@proxy-mns ~]# free -m
total used free shared buffers cached
Mem: 2026 1518 507 0 5 1090
-/+ buffers/cache: 421 1604
Swap: 2000 0 2000
[root@proxy-mns ~]# cat /proc/cpuinfo
processor : 0
vendor_id : GenuineIntel
cpu family : 15
model : 4
model name : Intel(R) Xeon(TM) CPU 3.00GHz
stepping : 3
cpu MHz : 2993.023
cache size : 2048 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 1
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 5
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm pni
monitor ds_cpl cid cx16 xtpr
bogomips : 5931.00
processor : 1
vendor_id : GenuineIntel
cpu family : 15
model : 4
model name : Intel(R) Xeon(TM) CPU 3.00GHz
stepping : 3
cpu MHz : 2993.023
cache size : 2048 KB
physical id : 0
siblings : 2
core id : 0
cpu cores : 1
fdiv_bug : no
hlt_bug : no
f00f_bug : no
coma_bug : no
fpu : yes
fpu_exception : yes
cpuid level : 5
wp : yes
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca
cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx lm pni
monitor ds_cpl cid cx16 xtpr
bogomips : 5980.16
[root@proxy-mns ~]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 1916 580 ? S 10:07 0:01 init [3]
root 2 0.0 0.0 0 0 ? S 10:07 0:00
[migration/0]
root 3 0.0 0.0 0 0 ? SN 10:07 0:00
[ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S 10:07 0:00
[watchdog/0]
root 5 0.0 0.0 0 0 ? S 10:07 0:00
[migration/1]
root 6 0.0 0.0 0 0 ? SN 10:07 0:00
[ksoftirqd/1]
root 7 0.0 0.0 0 0 ? S 10:07 0:00
[watchdog/1]
root 8 0.0 0.0 0 0 ? S< 10:07 0:00 [events/0]
root 9 0.0 0.0 0 0 ? S< 10:07 0:00 [events/1]
root 10 0.0 0.0 0 0 ? S< 10:07 0:00 [khelper]
root 11 0.0 0.0 0 0 ? S< 10:07 0:00 [kthread]
root 14 0.0 0.0 0 0 ? S< 10:07 0:00 [kacpid]
root 106 0.0 0.0 0 0 ? S< 10:07 0:00 [kblockd/0]
root 107 0.0 0.0 0 0 ? S< 10:07 0:00 [kblockd/1]
root 110 0.0 0.0 0 0 ? S 10:07 0:00 [khubd]
root 166 0.0 0.0 0 0 ? S 10:07 0:00 [pdflush]
root 167 0.0 0.0 0 0 ? S 10:07 0:02 [pdflush]
root 169 0.0 0.0 0 0 ? S< 10:07 0:00 [aio/0]
root 170 0.0 0.0 0 0 ? S< 10:07 0:00 [aio/1]
root 168 0.0 0.0 0 0 ? S 10:07 0:00 [kswapd0]
root 264 0.0 0.0 0 0 ? S 10:07 0:00 [kseriod]
root 427 0.0 0.0 0 0 ? S 10:07 0:00 [scsi_eh_0]
root 454 0.0 0.0 0 0 ? S 10:07 0:00 [kjournald]
root 1036 0.0 0.0 3136 1968 ? Ss 10:07 0:00 kmodule -d
root 1046 0.0 0.0 1808 540 ? S<s 10:07 0:00 udevd
root 1095 0.0 0.0 0 0 ? S 10:07 0:00
[shpchpd_event]
root 1905 0.0 0.0 0 0 ? S 10:07 0:00 [kjournald]
root 1906 0.0 0.0 0 0 ? S 10:07 0:00 [kjournald]
root 1944 0.0 0.0 0 0 ? S< 10:07 0:00 [xfslogd/0]
root 1945 0.0 0.0 0 0 ? S< 10:07 0:00 [xfslogd/1]
root 1946 0.0 0.0 0 0 ? S< 10:07 0:00
[xfsdatad/0]
root 1947 0.0 0.0 0 0 ? S< 10:07 0:00
[xfsdatad/1]
root 1948 0.0 0.0 0 0 ? S 10:07 0:00 [xfsbufd]
root 1952 0.0 0.0 0 0 ? S 10:07 0:00 [xfssyncd]
named 2895 0.2 0.3 50256 6764 ? Ssl 10:08 0:13
/usr/sbin/named -u named -t /var/named/chroot
root 2942 0.0 0.0 1796 636 ? Ss 10:08 0:00 syslogd -m
0
root 2944 0.0 0.0 1740 512 ? Ss 10:08 0:00 klogd -x
root 2998 0.0 0.0 2940 592 ? Ss 10:08 0:00 nifd -n
nobody 3028 0.0 0.0 13636 1088 ? Ssl 10:08 0:00
mDNSResponder
root 3037 0.0 0.0 1736 600 ? Ss 10:08 0:00
/usr/sbin/acpid
root 3046 0.0 0.2 14060 5564 ? S 10:08 0:00
/usr/sbin/snmpd -Lsd -Lf /dev/null -p /var/run/snmpd -a
root 3054 0.0 0.0 4588 1752 ? Ss 10:08 0:00
/usr/sbin/sshd
root 3063 0.0 0.0 2384 872 ? Ss 10:08 0:00 xinetd
-stayalive -pidfile /var/run/xinetd.pid
root 3071 0.0 0.0 4728 1180 ? Ss 10:08 0:00 crond
root 3083 0.0 0.0 6392 1776 ? Ss 10:08 0:00 squid -D
squid 3085 26.6 12.3 258816 255376 ? S 10:08 20:14 (squid) -D
squid 3087 0.0 0.0 1580 292 ? Ss 10:08 0:00 (unlinkd)
squid 3090 0.7 0.0 2600 808 ? Ss 10:08 0:35 diskd
3159040 3159041 3159042
root 3112 0.0 0.0 0 0 ? S< 10:08 0:00 [kauditd]
xfs 3113 0.0 0.0 3552 1564 ? Ss 10:08 0:00 xfs
-droppriv -daemon
root 3128 0.0 0.0 1976 756 ? Ss 10:08 0:00
/usr/sbin/atd
dbus 3136 0.0 0.0 13024 1396 ? Ssl 10:08 0:00 dbus-daemon
--system
root 3145 0.0 0.1 4588 2776 ? Ss 10:08 0:00 hald
--retain-privileges
root 3151 0.0 0.0 2332 720 ? S 10:08 0:00
hald-addon-acpi
root 3193 0.0 0.0 2336 728 ? S 10:08 0:00
hald-addon-storage
root 3202 0.0 0.0 1728 456 tty1 Ss+ 10:08 0:00
/sbin/mingetty tty1
root 3203 0.0 0.0 1728 432 tty2 Ss+ 10:08 0:00
/sbin/mingetty tty2
root 3204 0.0 0.0 1728 428 tty3 Ss+ 10:08 0:00
/sbin/mingetty tty3
root 3205 0.0 0.0 1724 428 tty4 Ss+ 10:08 0:00
/sbin/mingetty tty4
root 3206 0.0 0.0 1724 452 tty5 Ss+ 10:08 0:00
/sbin/mingetty tty5
root 3207 0.0 0.0 1724 452 tty6 Ss+ 10:08 0:00
/sbin/mingetty tty6
root 3452 0.0 0.1 7424 2404 ? Ss 11:19 0:00 sshd:
suporte [priv]
suporte 3454 0.0 0.1 7424 2488 ? R 11:19 0:00 sshd:
suporte@pts/0
suporte 3455 0.0 0.0 4568 1432 pts/0 Ss 11:19 0:00 -bash
root 3479 0.0 0.0 4616 1220 pts/0 S 11:19 0:00 su -
root 3480 0.0 0.0 4564 1468 pts/0 S 11:19 0:00 -bash
root 3513 0.0 0.0 4664 924 pts/0 R+ 11:24 0:00 ps aux
[root@proxy-mns ~]# rpm -qa |grep squid
squid-2.5.STABLE9-7
[root@proxy-mns ~]# cat /proc/interrupts
CPU0 CPU1
0: 85 4652068 IO-APIC-edge timer
1: 0 8 IO-APIC-edge i8042
8: 0 0 IO-APIC-edge rtc
9: 0 1 IO-APIC-level acpi
12: 0 93 IO-APIC-edge i8042
14: 0 41338 IO-APIC-edge ide0
169: 0 0 IO-APIC-level uhci_hcd:usb2
177: 0 276316 IO-APIC-level megaraid
185: 0 5693691 IO-APIC-level eth0
217: 0 18 IO-APIC-level ehci_hcd:usb1
225: 0 0 IO-APIC-level uhci_hcd:usb3
233: 0 0 IO-APIC-level uhci_hcd:usb4
NMI: 0 0
LOC: 4647201 4647200
ERR: 0
MIS: 0
[root@proxy-mns ~]# lspci
00:00.0 Host bridge: Intel Corporation E7520 Memory Controller Hub (rev 09)
00:02.0 PCI bridge: Intel Corporation E7525/E7520/E7320 PCI Express Port A
(rev 09)
00:04.0 PCI bridge: Intel Corporation E7525/E7520 PCI Express Port B (rev
09)
00:05.0 PCI bridge: Intel Corporation E7520 PCI Express Port B1 (rev 09)
00:06.0 PCI bridge: Intel Corporation E7520 PCI Express Port C (rev 09)
00:1d.0 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI
Controller #1 (rev 02)
00:1d.1 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI
Controller #2 (rev 02)
00:1d.2 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB UHCI
#3 (rev 02)
00:1d.7 USB Controller: Intel Corporation 82801EB/ER (ICH5/ICH5R) USB2 EHCI
Controller (rev 02)
00:1e.0 PCI bridge: Intel Corporation 82801 PCI Bridge (rev c2)
00:1f.0 ISA bridge: Intel Corporation 82801EB/ER (ICH5/ICH5R) LPC Interface
Bridge (rev 02)
00:1f.1 IDE interface: Intel Corporation 82801EB/ER (ICH5/ICH5R) IDE
Controller (rev 02)
01:00.0 PCI bridge: Intel Corporation 80332 [Dobson] I/O processor (rev 06)
01:00.2 PCI bridge: Intel Corporation 80332 [Dobson] I/O processor (rev 06)
02:0c.0 Ethernet controller: Intel Corporation 82545GM Gigabit Ethernet
Controller (rev 04)
02:0e.0 RAID bus controller: Dell PowerEdge Expandable RAID controller 4
(rev 06)
03:0b.0 Ethernet controller: Intel Corporation 82545GM Gigabit Ethernet
Controller (rev 04)
05:00.0 PCI bridge: Intel Corporation 6700PXH PCI Express-to-PCI Bridge A
(rev 09)
05:00.2 PCI bridge: Intel Corporation 6700PXH PCI Express-to-PCI Bridge B
(rev 09)
06:07.0 Ethernet controller: Intel Corporation 82541GI/PI Gigabit Ethernet
Controller (rev 05)
07:08.0 Ethernet controller: Intel Corporation 82541GI/PI Gigabit Ethernet
Controller (rev 05)
09:0d.0 VGA compatible controller: ATI Technologies Inc Radeon RV100 QY
[Radeon 7000/VE]
[root@proxy-mns ~]# df -hT
Sist. Arq. Tipo Tam Usad Disp Uso% Montado em
/dev/sda5 ext3 90G 9,3G 76G 11% /
/dev/sda8 ext3 15G 1,8G 12G 13% /bkp
/dev/sda3 ext3 487M 18M 444M 4% /boot
/dev/sda6 xfs 25G 24G 1,3G 95% /var
/dev/shm tmpfs 1014M 0 1014M 0% /dev/shm
top - 11:26:37 up 1:18, 1 user, load average: 0.45, 0.43, 0.44
Tasks: 67 total, 1 running, 66 sleeping, 0 stopped, 0 zombie
Cpu(s): 4.3% us, 12.1% sy, 0.0% ni, 80.4% id, 2.2% wa, 0.2% hi, 0.8% si
Mem: 2074700k total, 1633504k used, 441196k free, 5696k buffers
Swap: 2048248k total, 0k used, 2048248k free, 1186144k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
3085 squid 15 0 254m 251m 2068 S 32.3 12.4 21:08.43 squid
3090 squid 15 0 2600 808 704 S 1.0 0.0 0:36.50 diskd
167 root 16 0 0 0 0 S 0.3 0.0 0:02.26 pdflush
2895 named 19 0 50256 6812 2220 S 0.3 0.3 0:13.64 named
1 root 16 0 1916 580 504 S 0.0 0.0 0:01.09 init
2 root RT 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
[root@proxy-mns ~]# cat /etc/squid/squid.conf
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl rede1 src xx.x.183.0/24
acl rede2 src xx.xx.127.0/255.255.255.0
acl rede3 src xxx.xx.194.0/24
acl rede5 src xx.xx.240.0/24
acl rede4 src x.x.67.0/24
acl nat src xxx.x.254.130
http_access allow manager localhost
http_access deny manager
http_access allow localhost
http_access allow rede1
http_access allow rede2
http_access allow rede3
http_access allow rede4
http_access allow rede5
http_access allow nat
http_access deny all
http_reply_access allow all
icp_access deny all
coredump_dir none
visible_hostname proxy.localdomain
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cache_access_log none
cache_store_log none
cache_log /dev/null
cache_dir diskd /var/spool/squid 16000 126 256 Q1=72 Q2=64
cache_mem 650 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 16384 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 1024 KB
fqdncache_size 3048
ipcache_size 5048
ipcache_low 90
ipcache_high 95
cache_replacement_policy heap LFUDA
memory_replacement_policy lru
cache_mgr suporte@domain.com
cachemgr_passwd pass all
log_icp_queries off
What else could i say?
Thank you so much in advance!
Regards
Pablo Fernandes
Pablo Fernandes
_______________________________________________________
Yahoo! Mail - Sempre a melhor opção para você!
Experimente já e veja as novidades.
http://br.yahoo.com/mailbeta/tudonovo/
Received on Fri Jun 01 2007 - 06:08:25 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:03 MDT