I switched to htcp, but I'm still getting false hits (504).
On Wed, 2010-03-24 at 15:10 +0100, Taylan Develioglu wrote:
> I know it's bad form to reply to your own post, but I found a partial
> explanation.
>
> from
> http://linuxdevcenter.com/pub/a/linux/2001/09/17/squidpeering.html?page=2
>
> FALSE HITS: (ICP only) Because ICP does not communicate request headers
> (only the URI is presented in an ICP query), it is possible for a peer
> to return an affirmative for a given URI but not be able to satisfy the
> request from cache.
>
>
> * cache1 sends an ICP query to cache2 for
> http://www.example.org/index.html.
>
> * cache2 has a cached copy of the object (87,376 seconds old), and
> answers in the affirmative.
>
> * cache1 then issues the request to cache2, but the request
> headers contain "Max-Age: 86400"). cache2's copy is too old to
> satisfy this request.
>
> * If cache1 has miss_access on cache2, then cache2 will go forward
> to the origin server (or a parent) and fetch a new copy,
> If not, cache2 will return a 504 HTTP response and cache1 will
> have to select a new source for the object.
>
> But why is it then recommended that miss_access be disabled for
> siblings? Would it be a bad thing for cache2 to fetch a new copy ?
>
> As far as I can see cache1 doesn't cache the object retrieved from the
> new source after the 504.
>
> On Wed, 2010-03-24 at 13:40 +0100, Taylan Develioglu wrote:
> > Hi,
> >
> > I'm trying to set up two squid siblings in front of lighttpd as reverse
> > proxies and have a question about some behavior I'm seeing.
> >
> > Squid versions are 2.7.STABLE7-1~bpo50+1 from the debian backports
> > repository.
> >
> > My goal is to create a setup with two cache siblings and one origin
> > server (lighttpd) where no duplicate cached entries between siblings
> > exist.
> >
> > I am getting these TCP_HIT/504's and I can't understand why they are
> > happening.
> >
> > When I do a refresh in firefox and request a picture from sibling1,
> > requested before on sibling2, I see the following:
> >
> > sibling1 is 5.5.5.5
> >
> > - The original request on sibling 1:
> >
> > 1269431848.626 4 1.1.1.1 TCP_MISS/304 378 GET
> > http://pictures.something.com/pics/d/3/c/picture.jpg -
> > DEFAULT_PARENT/pict-dev image/jpeg
> >
> > - A UDP_HIT occurs on sibling2, sibling1 tries to fetch the file but it
> > received a 504 instead (excerpt below).
> >
> > 269431848.881 0 5.5.5.5 UDP_HIT/000 76 ICP_QUERY
> > http://pictures.something.com/pics/d/3/c/picture.jpg - NONE/- -
> > 1269431848.883 1 5.5.5.5 TCP_HIT/504 1752 GET
> > http://pictures.something.com/pics/d/3/c/picture.jpg - NONE/- text/html
> >
> > ----start----
> >
> > HTTP/1.0 504 Gateway Time-out
> > Expires: Wed, 24 Mar 2010 09:55:19 GMT
> > X-Squid-Error: ERR_ONLY_IF_CACHED_MISS 0
> > Age: 1269424520
> > Warning: 113 localhost (squid/3.0.STABLE8) This cache hit is still fresh
> > and more than 1 day old
> > X-Cache: HIT from localhost
> > X-Cache-Lookup: HIT from localhost:80
> >
> > The requested URL could not be retrieved
> > Valid document was not found in the cache and 'only-if-cached'
> > directive was specified.
> >
> > You have issued a request with a 'only-if-cached' cache control
> > directive. The document was not found in the cache, or it required
> > revalidation prohibited by 'only-if-cached' directive.
> >
> > ----end----
> >
> > Why does sibling2 respond with a UDP_HIT but then sends a 504 error page
> > to sibling1 when sibling1 tries to fetch the picture?
> >
> > Is this normal behavior or am I doing something wrong here? Please see
> > my squid.conf below, suggestions are very much appreciated and thanks in
> > advance.
> >
> > acl all src all
> > acl manager proto cache_object
> > acl localhost src 127.0.0.1/32
> > acl to_localhost dst 127.0.0.0/8
> > acl SSL_ports port 443
> > acl Safe_ports port 80 #http
> > acl Safe_ports port 21 #ftp
> > acl Safe_ports port 443 #https
> > acl Safe_ports port 70 #gopher
> > acl Safe_ports port 210 #wais
> > acl Safe_ports port 1025-65535 #unregistered ports
> > acl Safe_ports port 280 #http-mgmt
> > acl Safe_ports port 488 #gss-http
> > acl Safe_ports port 591 #filemaker
> > acl Safe_ports port 777 #multiling http
> > acl CONNECT method CONNECT
> >
> > acl sites dstdomain pictures.something.com
> > acl siblings src 6.6.6.6
> >
> > cache_peer 4.4.4.4 parent 80 0 default no-query no-digest originserver
> > name=lighttpd-server login=PASS
> > cache_peer 6.6.6.6 sibling 80 9832 proxy-only
> > name=sibling2
> >
> > cache_peer_access lighttpd-server allow sites
> > cache_peer_access sibling2 allow sites
> >
> > http_access allow sites
> > http_access allow siblings
> > http_access allow manager localhost
> > http_access deny manager
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> > http_access allow localhost
> > http_access deny all
> >
> > icp_access allow siblings
> > icp_access deny all
> >
> > htcp_access deny all
> >
> > miss_access deny siblings
> >
> > http_port 80 act-as-origin accel vhost
> > icp_port 9832
> >
> > access_log /var/log/squid/access.log
> > debug_options ALL,3
> > cache_mgr cachmgr_at_domain.com
> >
> > cache_dir aufs /var/spool/squid 4000 32 128
> >
> > refresh_pattern ^ftp: 1440 20% 10080
> > refresh_pattern ^gopher: 1440 0% 1440
> > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> > refresh_pattern . 0 20% 4320
> >
> >
>
>
Received on Wed Mar 24 2010 - 15:06:13 MDT
This archive was generated by hypermail 2.2.0 : Wed Mar 24 2010 - 12:00:06 MDT
