Re: [squid-users] SHOULD I NEED TO RECOMPILE THE KERNEL

Indunil Jayasooriya ha scritto:
>> Hi Indunil,
>>
>> I don't think that you need to recompile your kernel. Which Squid
>> version are you using?
>
> squid-2.5.STABLE1-3.9
>
>> Please post your squid.conf. Saying that Squid is SLOWER could mean alot
>> of things. It's very vague and an exact answer is not possible.
>
> these are rules in my squid.conf
>
> cache_mem 32 MB
> cache_dir ufs /var/spool/squid 100 16 256
>
> auth_param basic program /usr/bin/ncsa_auth /usr/etc/passwd
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
>
> acl maxip max_user_ip -s 1
>
> acl ncsa_users proxy_auth REQUIRED
> acl CSB_AUTH_CRIB proxy_auth uddikah sudathf newtonf nilankab warunaa
> sandunm
> acl CSB_AUTH_BANK proxy_auth chamikarab
> acl CSB_AUTH_SEY proxy_auth manjulan sriyanim apsaraa rohang gehanp
> acl CSB_AUTH_AUD proxy_auth mahesht thivankat
>
>
> acl DOMAINS_SEY dstdomain .eseylan.com .cbsl.lk .eseylanet.com
> acl DOMAINS dstdomain .crib.lk .cbsl.lk
> acl DOMAINS_CSB dstdomain .nsb.lk .peoplesbank.lk .nationstrust.com
> .hnb.lk .mbslbank.com .sampath.lk .hsbc.lk .combank.net .eseylan.com
> .bankofceylon.net
> acl DOMAINS_AUD dstdomain .cbsl.lk .nsb.lk .peoplesbank.lk
> .nationstrust.com .hnb.net .mbslbank.com .sampath.lk .hsbc.lk
> .combank.net .bankofceylon.net .icasrilanka.com .centralbanklanka.org
> .auditnet.org .bankaudit.net .balancescorecard.org .netbankaudit.com
> .isaca.org .accaglobal.com .certifiedinternalauditor.org .bba.org.uk
> .accountingweb.co.uk .cima.org.uk .iasc.org.uk .icaew.co.uk
> .kpmg.co.uk .yahoo.com .auditserve.com .managementhelp.org .lankae.com
> .ceylicosavings.lk .cim.co.uk .amazon.com .ceylincosavings.lk
> .eseylan.com .eseylanet.com .dfccbank.com .unionb.com
> .standardchartered.com/lk .icicibank.com .pabcbank.com
>
>
> #http_access deny maxip
> http_access deny CSB_AUTH_SEY !DOMAINS_SEY
> http_access deny CSB_AUTH_CRIB !DOMAINS
> http_access deny CSB_AUTH_BANK !DOMAINS_CSB
> http_access deny CSB_AUTH_AUD !DOMAINS_AUD
> http_access allow ncsa_users
>
>
>>
>> Also posting your iptables firewall could help. Are you running Squid in
>> transparent mode? How many users are you serving?
>
> No firewall is running on that box. No trasparent mode as well. Just
> running as usual.
>
> Clients are configured to use squid proxy server with ip address and
> port 3128 in their
> Internet Explore and Firefox .
>
> But there is a filrewall running in front of that squid box.
>
> about 27 users are using squid.
>
>
>> Can you post the info from squidclient mgr:info ?
>
> pls see below
>
> [root@mail root]# squidclient mgr:info
> HTTP/1.0 200 OK
> Server: squid/2.5.STABLE1
> Mime-Version: 1.0
> Date: Wed, 25 Jul 2007 10:01:36 GMT
> Content-Type: text/plain
> Expires: Wed, 25 Jul 2007 10:01:36 GMT
> Last-Modified: Wed, 25 Jul 2007 10:01:36 GMT
> X-Cache: MISS from csbsl.com
> Proxy-Connection: close
>
> Squid Object Cache: Version 2.5.STABLE1
> Start Time: Wed, 25 Jul 2007 07:47:47 GMT
> Current Time: Wed, 25 Jul 2007 10:01:36 GMT
> Connection information for squid:
> Number of clients accessing cache: 20
> Number of HTTP requests received: 768
> Number of ICP messages received: 0
> Number of ICP messages sent: 0
> Number of queued ICP replies: 0
> Request failure ratio: 0.00%
> Average HTTP requests per minute since start: 5.7
> Average ICP messages per minute since start: 0.0
> Select loop called: 28597 times, 280.740 ms avg
> Cache information for squid:
> Request Hit Ratios: 5min: 0.0%, 60min: 4.0%
> Byte Hit Ratios: 5min: 13.3%, 60min: 5.2%
> Request Memory Hit Ratios: 5min: 0.0%, 60min: 10.0%
> Request Disk Hit Ratios: 5min: 0.0%, 60min: 90.0%
> Storage Swap size: 18420 KB
> Storage Mem size: 796 KB
> Mean Object Size: 12.38 KB
> Requests given to unlinkd: 5
> Median Service Times (seconds) 5 min 60 min:
> HTTP Requests (All): 0.00000 4.07741
> Cache Misses: 0.00000 18.48929

Given this very high time, I would try to access the internet directly,
i.e. with no proxy configured on the client.
If your internet access is slow, squid can't do much.

> Cache Hits: 0.00000 0.01235

As you can see, cache hits are served very fast. Therefore the server is
not your primary bottleneck (IMHO).

> Near Hits: 0.00000 0.00000
> Not-Modified Replies: 0.00000 0.00000
> DNS Lookups: 0.00000 2.45286

You also have a very high dns lookup time. This certainly increases the
latency perceived by users.

> ICP Queries: 0.00000 0.00000
> Resource usage for squid:
> UP Time: 8028.333 seconds
> CPU Time: 1.160 seconds
> CPU Usage: 0.01%
> CPU Usage, 5 minute avg: 0.00%
> CPU Usage, 60 minute avg: 0.01%
> Maximum Resident Size: 0 KB
> Page faults with physical i/o: 501
> Memory usage for squid via mallinfo():
> Total space in arena: 3632 KB
> Ordinary blocks: 3461 KB 51 blks
> Small blocks: 0 KB 0 blks
> Holding blocks: 200 KB 1 blks
> Free Small blocks: 0 KB
> Free Ordinary blocks: 171 KB
> Total in use: 3661 KB 96%
> Total free: 171 KB 4%
> Total size: 3832 KB
> Memory accounted for:
> Total accounted: 1396 KB
> memPoolAlloc calls: 130764
> memPoolFree calls: 122430
> File descriptor usage for squid:
> Maximum number of file descriptors: 1024
> Largest file desc currently in use: 22
> Number of file desc currently in use: 19
> Files queued for open: 0
> Available number of file descriptors: 1005
> Reserved number of file descriptors: 100
> Store Disk files open: 0
> Internal Data Structures:
> 1515 StoreEntries
> 176 StoreEntries with MemObjects
> 174 Hot Object Cache Items
> 1488 on-disk objects
>
>
>
>

IMHO the RAM upgrade cannot be the culprit for the slowdown. I think in
99% cases one can only benefit from a ram upgrade.

I would look at connection problems (i.e. firewall rules, do a bandwidth
test, check for other connections not under control of squid travelling
on the same outbount connection, etc.)

HTH.

-- 
Marcello Romani
Responsabile IT
Ottotecnica s.r.l.
http://www.ottotecnica.com