Re: [squid-users] Squid Maxing Out - Help required

From: Michael Alger <squid_at_mm.quex.org>
Date: Tue, 22 Jul 2008 20:18:40 +0800

On Tue, Jul 22, 2008 at 03:44:13PM +0800, Thompson, Scott (WA) wrote:
> I have MRTG installed and for HTTP In and Out we are seeing it max
> out at 14.4MB/s as well as Server In/Out traffic

Is this HTTP In and Out actually measuring HTTP traffic, or simply
traffic coming to/from the squid server?

Is this max occurring constantly, or at particular times of day, or
seemingly randomly, or...?

> I assume this means that the LAN card in the squid server is
> saturated with traffic and I suspect this is why the server is not
> responding to requests from the users. 14.4MB/s = 100Mb which is
> what the LAN card is
> Usually hitting refresh a few times will load the page in question
> The squid server is located in a DMZ behind a Cisco PIX, the MRTG
> traffic reported on the DMZ interface on the PIX shows a max in
> and out of about 512KB/s (5 minute averages)

What is the traffic path between your clients and the server running
squid? Does it all pass through the PIX's DMZ interface? If so, then
my priority would be to determine what's causing all the traffic on
the squid server.

Are there other servers in the DMZ that could be communicating with
squid through the local network segment (i.e. without having to go
through the PIX)? That might explain how it's possible squid could
be maxing out its link.

> We are running Squid 2.5 Stable6, I know this is a fairly old
> version. This has only started happening since we have
> implemented a hosted solution for our reporting systems for our
> retail stores as well as for the users who need to get these
> reports and information.
> If anyone can offer any insights to this it would be greatly
> appreciated. If you require more information don't hesitate to let
> me know.

I would guess you've got some kind of loop happening that for
whatever reason is not / cannot be detected by the servers involved
and terminated.

What's the load of your squid box like?

It might be very helpful to use something like jnettop, if you can
run it on your squid server, to see exactly what traffic is being
sent/received that could be maxing out the link. Possibly a tcpdump
for a short duration could work as well.

Failing that, are you logging all requests through your squid? If
so, is the number and size of the requests enough to saturate a
100mbit link?
Received on Tue Jul 22 2008 - 12:18:45 MDT

This archive was generated by hypermail 2.2.0 : Tue Jul 22 2008 - 12:00:04 MDT