Re: [squid-users] tuning an overloaded server

From: Chris Robertson <>
Date: Fri, 21 Nov 2008 13:39:58 -0900

Al - Image Hosting Services wrote:
> Hi,
> I hope that someone can help me. I have 3 servers running squid acting
> as a web accelerator for a single http server. I have been having a
> large amount of problems with the http server locking up and having
> drive failures and squid seems to be a great solution. I was
> pleasantly surprised at the performance of squid when I first
> installed it. Even on the slowest of my servers, it seemed faster than
> directly from the http server, but after I put the load back on the
> slowest of my servers it was 0% idle.

Where is the CPU usage at, User, System or Wait?

> Since this server had a second hard drive that was basically not being
> used, I moved the squid cache over to it. I then did some googling and
> I made some other changes and the server is now only 0% idle a few
> times a day. I am really suprised at just how tunable squid is and it
> was wonderful that a change in configuration could make such a
> difference. But since the busy season is coming, I still think that
> more can be done to tune it.
> Here are the changes that I made to the squid.conf:
> redirect_rewrites_host_header off
> acl all src
> acl manager proto cache_object
> acl localhost src
> acl to_localhost dst
> acl SSL_ports port 443
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow all
> icp_access allow all
> http_port 80 accel vhost
> cache_peer parent 80 0 no-query originserver
> hierarchy_stoplist cgi-bin ?
> cache_mem 16 MB
> maximum_object_size_in_memory 128 KB
> memory_replacement_policy heap GDSF
> cache_replacement_policy heap GDSF
> cache_dir ufs /var/squid/cache 200 16 256
> maximum_object_size 2048 KB
> cache_swap_low 90
> cache_swap_high 98
> access_log /var/log/squid/access.log squid
> cache_log /var/log/squid/cache.log
> cache_store_log /var/log/squid/store.log
> emulate_httpd_log on
> buffered_logs on
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> acl apache rep_header Server ^Apache
> broken_vary_encoding allow apache
> half_closed_clients off
> icp_port 0
> log_icp_queries off
> coredump_dir /var/squid/cache
> Are there any other changes that can be made to improve cpu usage?
> I also did an install from source, since I am using NetBSD systems I
> used pkgsrc to install it. There are several build options:
> arp-acl
> aufs
> carp
> coss
> diskd
> icmp
> ipf-transparent
> pam-helper
> pf-transparent
> snmp
> ssl
> unlinkd
> I looked up what some of these are, but I am not sure how they are
> used by squid or if I really need them. My thought is that if I
> compiled squid without these options it could improve performance. I
> wish there was more information on running squid on BSD systems
> (especially recent info) and then maybe I could be sure what effect
> compiling without an option would have. For example, I know what pam
> is, but do I need it?

You are not using authentication, so could do without PAM.

> I looked up what unlinkd does and I can see it running, but will it
> help cpu usage to use it?

Using --enable-truncate "gives a little performance improvement, but may
cause problems when used with async I/O. Truncate uses more filesystem
inodes than unlink.." asynch I/O refers to diskd, aufs and coss. The
only way to see if that will lower your CPU usage is to try, but...

> I don't see diskd running as a seperate process, so I don't know that
> I am even using it.

Your cache_dir line specifies "ufs". To use diskd, you need to change
that line to...

cache_dir diskd /var/squid/cache 200 16 256

... with a couple more optional parameters to tune outstanding
requests. To use aufs use...

cache_dir aufs /var/squid/cache 200 16 256

Either one is likely to have a positive effect on your CPU utilization
as Squid will spend less time waiting for I/O. Turning off the
cache_store_log is probably not going to hurt anything. Making sure
your origin server gives proper expiry information and removing the
QUERY acl (and the "cache deny QUERY" line that relies on it) would
remove one more CPU sink.

> The only one that I am sure that I need is ssl.
> Any help would be greatly appreciated!
> Best Regards,
> Al

Received on Fri Nov 21 2008 - 22:40:36 MST

This archive was generated by hypermail 2.2.0 : Sat Nov 22 2008 - 12:00:03 MST