[squid-users] Squid not showing all pages correctly: solved by TCP tuning

From: Rudi Vankemmel <rudi.vankemmel_at_gmail.com>
Date: Thu, 20 Nov 2008 15:44:55 +0100

Hi all,

I am running squid V2.7 Stable 2 in a chroot jail which was running fine
except for some pages that now and then do not showed up correctly or
not at all.
When squid was bypassed, the respective pages did show up correctly.

After quite some information gathering on the net and experimenting
with specific
configuration options for squid (broken_posts, broken_vary_encoding,
relaxed_header_parser, persistent connections settings,...), i still
did not find
a working solution.

At that point i decided to have a look at the basics: what happened
at HTTP level
as well as lower networking levels (TCP). The tcpdump and wireshark
tools are your
friends at this point.

I did notice two things: first while sending multiple zero window size
TCP segments
were seen (look at the TCP information in wireshark):
        [TCP Analysis Flags]
            [This is a ZeroWindow segment]

after which the TCP window gets updated again. However, after that it
starts loosing
segments ( ... [A segment before this frame was lost] ...)
while duplicate acknowledgements are sent (.... [This is a TCP
duplicate ack] ...).
The loss of segments happens especially in the upward link (i.e. from
my station to the
web server).

Secondly it goes really wrong when a HTTP POST was done:

..... HTTP POST /flashservices/gateway HTTP/1.0 (application/x-amf)

in order to trigger a Java application for representing the actual
Our station sends out an ACK after which the web server sends back info to us:
this TCP segment is never received : ...[A segment before this frame
was lost]...
Meaning that the page is never displayed or partially.

The zero window sizes, TCP retransmits, duplicate acknowledgements
have typically to do
with badly sized TCP windows and/or wrong MTU sizes at Ethernet level.
Such problems are typically solved by TCP tuning. After some
experimenting i found that
the cause was a too high MTU size on the outgoing Ethernet interface.
The standard MTU size on my system was 1460 bytes. However, my
connection is an ADSL line
using PPPoE as encapsulation.
Changing my MTU size to 1452 bytes (8 bytes extra overhead for the ppp session)
on my ethernet interface solved the issue. I did furthermore some
further TCP buffer
size (receive/transmit sizes) tuning to account for the very different
speeds on the ADSL line (512k/4.6Mbps). After such optimisation, all
pages showed
correctly via the Squid proxy.

Conclusion: if you are having pages that do not show up via Squid
while they do if
you bypass Squid, then start looking at what happens at TCP level and
start looking into
TCP tuning. Optimise also your MTU size on the outgoing interface.
It solved my problem. There are several good TCP tuning docs and articles on
the internet discussiongroups available.

Hope it is useful for you !
Rudi Vankemmel
Received on Thu Nov 20 2008 - 14:44:59 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 20 2008 - 12:00:03 MST