[squid-users] TCP connection to parent failed

Hi List,

I am facing a problem with squid. I have around 30-40 req/s with
around 350 users.

A lot of TCP connection to 10.1.1.1 (10.1.1.1:8080) failed in my cache.log
appear and it affects users while they are accessing mainly https sites.
The error given in the client is the same as the one in the cache.log:
Tcp connection to 10.1.1.1 failed

I tried to google around, but couldn't really find a solution...
Any help/suggestions would be appreciated.

Thanks a lot,
Josh

Below the configuration i have:

OS: OpenBSD 4.3

# squid -v
Squid Cache: Version 2.7.STABLE3
configure options: '--datadir=/usr/local/share/squid'
'--localstatedir=/var/squid' '--disable-linux-netfilter'
'--disable-linux-tproxy' '--disable-epoll' '--enable-arp-acl'
'--enable-async-io' '--enable-auth=basic digest ntlm'
'--enable-basic-auth-helpers=NCSA YP' '--enable-digest-auth-helpers=password'
'--enable-cache-digests' '--enable-large-cache-files' '--enable-carp'
'--enable-delay-pools' '--enable-external-acl-helpers=ip_user session
unix_group wbinfo_group' '--enable-htcp' '--enable-ntlm-auth-helpers=SMB'
'--enable-referer-log' '--enable-removal-policies=lru heap' '--enable-snmp'
'--enable-ssl' '--enable-storeio=ufs aufs coss diskd null'
'--enable-underscores' '--enable-useragent-log' '--enable-wccpv2' '--with-aio'
'--with-large-files' '--with-pthreads' '--with-maxfd=32768'
'CPPFLAGS=-I/usr/local/include' 'LDFLAGS=-L/usr/local/lib'
'CFLAGS=-DNUMTHREADS=128' '--prefix=/usr/local' '--sysconfdir=/etc'
'--mandir=/usr/local/man' '--infodir=/usr/local/info' 'CC=cc'

squid.conf
==========
http_port 8080
icp_port 0
cache_peer 10.1.1.1 parent 8080 0 default no-query no-digest
no-netdb-exchange
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 512 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 64 MB
maximum_object_size_in_memory 512 KB
ipcache_size 8192
ipcache_low 90
ipcache_high 95
fqdncache_size 8192
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /var/squid/cache 60000 16 256
access_log /var/squid/logs/access.log squid
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
positive_dns_ttl 24 hours
half_closed_clients off
connect_timeout 1 minute
peer_connect_timeout 1 minute
pconn_timeout 1 minute
shutdown_lifetime 5 seconds
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl purge method PURGE
acl CONNECT method CONNECT
acl snmppublic snmp_community public
acl corpnet dstdomain .corp.local
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow CONNECT SSL_ports
http_access allow Safe_ports
http_access deny all
httpd_suppress_version_string on
visible_hostname proxy
memory_pools off
log_icp_queries off
client_db off
buffered_logs on
never_direct deny corpnet
never_direct allow all
coredump_dir /var/squid/logs
pipeline_prefetch on

cache.log
=========
# tail -f /var/squid/logs/cache.log
2008/09/19 12:35:20| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:22| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:23| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:27| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:27| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:29| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:31| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:32| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:33| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:34| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:36| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:37| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:37| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:38| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:38| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:40| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:41| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:41| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:41| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:41| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:43| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:43| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:44| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:44| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:45| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed
2008/09/19 12:35:45| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed

# tail -f /var/log/daemon
Sep 19 12:34:13 proxy squid[6221]: clientTryParseRequest: FD 185
(10.112.75.24:1640) Invalid Request
Sep 19 12:34:15 proxy squid[6221]: TCP connection to 10.1.1.1
(10.1.1.1:8080) failed
Sep 19 12:34:49 proxy last message repeated 36 times
Sep 19 12:34:59 proxy last message repeated 9 times
Sep 19 12:34:59 proxy squid[6221]: parseHttpRequest: Unsupported method
'\^E\^ACONNECT'
Sep 19 12:34:59 proxy squid[6221]: clientTryParseRequest: FD 81
(10.176.113.6:2058) Invalid Request
Sep 19 12:35:00 proxy squid[6221]: TCP connection to 10.1.1.1
(10.1.1.1:8080) failed
Sep 19 12:35:00 proxy squid[6221]: TCP connection to 10.1.1.1
(10.1.1.1:8080) failed
Sep 19 12:35:02 proxy squid[6221]: TCP connection to 10.1.1.1
(10.1.1.1:8080) failed
Sep 19 12:35:06 proxy last message repeated 4 times
Sep 19 12:35:07 proxy squid[6221]: parseHttpRequest: Unsupported method
'\^E\^ACONNECT'
Sep 19 12:35:07 proxy squid[6221]: clientTryParseRequest: FD 124
(10.51.128.52:3953) Invalid Request
Sep 19 12:35:08 proxy squid[6221]: TCP connection to 10.1.1.1
(10.1.1.1:8080) failed
Sep 19 12:35:40 proxy last message repeated 28 times

# tail -f /var/log/messages
Sep 19 12:34:59 proxy squid[6221]: parseHttpRequest: Unsupported method
'\^E\^ACONNECT'
Sep 19 12:34:59 proxy squid[6221]: clientTryParseRequest: FD 81
(10.176.113.6:2058) Invalid Request
Sep 19 12:35:00 proxy squid[6221]: TCP connection to 10.1.1.1
(10.1.1.1:8080) failed
Sep 19 12:35:00 proxy squid[6221]: TCP connection to 10.1.1.1
(10.1.1.1:8080) failed
Sep 19 12:35:02 proxy squid[6221]: TCP connection to 10.1.1.1
(10.1.1.1:8080) failed
Sep 19 12:35:06 proxy last message repeated 4 times
Sep 19 12:35:07 proxy squid[6221]: parseHttpRequest: Unsupported method
'\^E\^ACONNECT'
Sep 19 12:35:07 proxy squid[6221]: clientTryParseRequest: FD 124
(10.51.128.52:3953) Invalid Request
Sep 19 12:35:08 proxy squid[6221]: TCP connection to 10.1.1.1
(10.1.1.1:8080) failed
Sep 19 12:35:40 proxy last message repeated 28 times
Sep 19 12:36:02 proxy last message repeated 26 times
Sep 19 12:36:03 proxy squid[6221]: parseHttpRequest: Unsupported method
'\^E\^ACONNECT'
Sep 19 12:36:03 proxy squid[6221]: clientTryParseRequest: FD 16
(10.112.75.24:1657) Invalid Request
Sep 19 12:36:03 proxy squid[6221]: TCP connection to 10.1.1.1
(10.1.1.1:8080) failed
Sep 19 12:36:39 proxy last message repeated 31 times
Sep 19 12:36:58 proxy last message repeated 32 times
Sep 19 12:36:59 proxy squid[6221]: httpAppendBody: Request not yet
fully sent "POST
http://blugro1relay.groove.microsoft.com/2.0/blugro1relay.groove.microsoft.com/8kf3cwcmatvdtxbqdhfq8pimqa84beeq5a8ij8s,ConnType=LongLived"
Sep 19 12:36:59 proxy squid[6221]: parseHttpRequest: Unsupported method
'\^E\^ACONNECT'
Sep 19 12:36:59 proxy squid[6221]: clientTryParseRequest: FD 200
(10.176.113.6:2071) Invalid Request
Sep 19 12:36:59 proxy squid[6221]: httpAppendBody: Request not yet
fully sent "POST
http://blugro1relay.groove.microsoft.com/2.0/blugro1relay.groove.microsoft.com/8kf3cwcmatvdtxbqdhfq8pimqa84beeq5a8ij8s,ConnType=LongLived"
Sep 19 12:36:59 proxy squid[6221]: TCP connection to 10.1.1.1
(10.1.1.1:8080) failed
Sep 19 12:37:00 proxy squid[6221]: httpAppendBody: Request not yet
fully sent "POST
http://blugro1relay.groove.microsoft.com/2.0/blugro1relay.groove.microsoft.com/8kf3cwcmatvdtxbqdhfq8pimqa84beeq5a8ij8s,ConnType=LongLived"
Sep 19 12:37:00 proxy squid[6221]: TCP connection to 10.1.1.1
(10.1.1.1:8080) failed
Sep 19 12:37:04 proxy last message repeated 7 times
Sep 19 12:37:04 proxy squid[6221]: httpAppendBody: Request not yet
fully sent "POST
http://blugro1relay.groove.microsoft.com/2.0/blugro1relay.groove.microsoft.com/nver529yip5guwwtywu9zde24r4p65chsr4ceua,ConnType=LongLived"
Sep 19 12:37:05 proxy squid[6221]: httpAppendBody: Request not yet
fully sent "POST
http://blugro1relay.groove.microsoft.com/2.0/blugro1relay.groove.microsoft.com/nver529yip5guwwtywu9zde24r4p65chsr4ceua,ConnType=LongLived"
Sep 19 12:37:05 proxy squid[6221]: httpAppendBody: Request not yet
fully sent "POST
http://blugro1relay.groove.microsoft.com/2.0/blugro1relay.groove.microsoft.com/nver529yip5guwwtywu9zde24r4p65chsr4ceua,ConnType=LongLived"
Sep 19 12:37:06 proxy squid[6221]: TCP connection to 10.1.1.1
(10.1.1.1:8080) failed

# sysctl -a | grep tcp
net.inet.tcp.rfc1323=1
net.inet.tcp.keepinittime=150
net.inet.tcp.keepidle=14400
net.inet.tcp.keepintvl=150
net.inet.tcp.slowhz=2
net.inet.tcp.baddynamic=587,749,750,751,871
net.inet.tcp.recvspace=65536
net.inet.tcp.sendspace=32768
net.inet.tcp.sack=1
net.inet.tcp.mssdflt=512
net.inet.tcp.rstppslimit=100
net.inet.tcp.ackonpush=0
net.inet.tcp.ecn=0
net.inet.tcp.syncachelimit=10255
net.inet.tcp.synbucketlimit=105
net.inet.tcp.rfc3390=1
net.inet.tcp.reasslimit=3072
net.inet.tcp.sackholelimit=32768

# sysctl -a | grep "net.inet.ip" | grep -v ipsec
net.inet.ip.forwarding=1
net.inet.ip.redirect=1
net.inet.ip.ttl=64
net.inet.ip.sourceroute=0
net.inet.ip.directed-broadcast=0
net.inet.ip.portfirst=1024
net.inet.ip.portlast=49151
net.inet.ip.porthifirst=49152
net.inet.ip.porthilast=65535
net.inet.ip.maxqueue=300
net.inet.ip.encdebug=0
net.inet.ip.mtudisc=1
net.inet.ip.mtudisctimeout=600
net.inet.ip.ifq.len=0
net.inet.ip.ifq.maxlen=256
net.inet.ip.ifq.drops=0
net.inet.ip.mforwarding=0
net.inet.ip.multipath=0
net.inet.ipip.allow=0
net.inet.ipcomp.enable=0
Received on Fri Sep 19 2008 - 03:26:54 MDT