Re: [squid-users] Large ACLs and TCP_OUTGOING_ADDRESS

From: Amos Jeffries <>
Date: Mon, 17 Nov 2008 14:01:03 +1300 (NZDT)

> Hi,
> I run squid in an ISP scenario. We have got two identically configured
> squid caches being load balanced among 4,000 users over a 50 Mbps link.
> The
> system runs quite well, although not without the occassional hiccups.
> But,
> there is a complain from users about not being able to access some
> websites
> because of same external IP. For this, we configured the squid.conf to
> have
> ACLs for different user blocks of /24 and have them mapped through
> different
> external IPs on each of these boxes.
> However, not all /24 blocks have the same number of users, and I also have
> lots of real IPs still lying unused. I thought about creating different
> ACLs for every 5 or 8 users, and then map them to different external IPs.
> But, having them distributed in 8 IPs in each group would mean at least
> 500
> separate ACLs and their corresponding TCP_OUTGOING_ADDRESS directives.
> My question is, will this affect the performance of squid? Can squid
> handle
> this?

Depends on the ACL type. Squid should be able to handle many easily. of
the ACl you need; src is the fastest, next best is dstdomain, then dst. So
for a marginal boost when combining on one line, put then in that order.

Just look for shortcuts as you go.

> My servers are each running on Core 2 Duo 2.33 GHz, 8 GB of RAM, 5 HDDs
> (1x80GB IDE for OS, 4x160GB SATA for cache), total 256GB Cache Store (64GB
> on each HDD). One of the server's stats are (taken at a very low user
> count
> time):

Thank you. We are trying to collect rough capacity info for Squid whenever
the opportunity comes up. Are you able to provide such stats around peak
load for our wiki?
The info we collect can be seen at

Received on Mon Nov 17 2008 - 01:01:06 MST

This archive was generated by hypermail 2.2.0 : Mon Nov 17 2008 - 12:00:03 MST