Re: [squid-users] Squid Deployment for ISP's

From: Nyamul Hassan <mnhassan_at_usa.net>
Date: Sun, 18 Apr 2010 18:54:20 +0600

Also, for an ISP like setup, you could try out the latest Squid 2.7,
as that has the COSS storage engine, which is much faster for smaller
objects (I've mine configured for less than 256kb) than AUFS.

My specs for an almost default configuration on a Core 2 Duo machine are here:
http://wiki.squid-cache.org/KnowledgeBase/Benchmarks

Note mentioned in the above link is that my OS is on a separate IDE
HDD. The motherboard is cheap desktop board that supports 8 GB or RAM
with 2 IDE and 4 SATA HDDs. They also do around 20% "Byte Hit Ratio"
almost consistently.

Regards
HASSAN

On Sat, Apr 17, 2010 at 9:35 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
> Ananth wrote:
>>
>> Dear Team,
>>
>> I have configure squid 3.1 on Fedora core 12.
>>
>> my hardware configuration:
>>
>> CPU INFO: Intel(R) Xeon(R) CPU E5440 @ 2.83GHz
>> RAM : 8 GB
>> HDD : 160 GB
>>
>> The problem i m facing is when my http requests are above 130 hist per
>> second the pages start browsing slow and time out i cant even access
>> cachemanager. if the http hit rate is below 130 hist per second it
>> fine. please check if my configuration is correct. sorry for my poor
>> english.
>>
>> Thanks,
>> Ananth B.R.
>>
>
> Looks fairly good. There are a few tweaks I'll mention inline.
>
>> my configuration is as fallows:
>>
>> ########### Start of squid.conf #created by ANANTH#############
>> cache_effective_user squid
>> cache_effective_group squid
>>
>> http_port 3128 transparent
>>
>> cache_dir ufs /var/spool/squid 16384 16 256
>>
>> cache_access_log /var/log/squid/access.log
>> cache_log /var/log/squid/cache.log
>> cache_store_log none
>> logfile_rotate 7
>> emulate_httpd_log on
>
> emulate_httpd_log does a little bit of extra work to generate dates etc.
> If you can use the native squid log format its faster.
>
> "emulate_httpd_log on" is also deprecated in favor of setting the "custom" format type on access_log lines.
>
>>
>> cache_mem 2 GB
>> maximum_object_size_in_memory 512 KB
>
> Memory objects are faster then disk ones in Squid and 3.x do not have the large object size failures that 2.x has.
> The more memory stuff you can do in the newer Squid the faster those requests are done with and new ones can be handled.
>
>> memory_replacement_policy lru
>> cache_replacement_policy lru
>
> heap tends to be the replacement policy favored by high-performance people. It's up to you though.
>
>> maximum_object_size 64 MB
>>
>> hierarchy_stoplist cgi-bin ?
>> acl QUERY urlpath_regex cgi-bin \?
>> no_cache deny QUERY
>
> Drop the above three lines. They are doing extra work that is not really needed.
>
>>
>> hosts_file /etc/hosts
>>
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern . 0 40% 4320
>>
>> #acl all src 0.0.0.0/0
>>
>> ##Define your network below
>>
>> acl mynetwork src 192.168.106.0/24 # cbinetwork private
>> acl mynetwork src 192.168.107.0/24 # cbinetwork private
>> acl mynetwork src 192.168.110.0/24 # cbinetwork private
>> acl mynetwork src 192.168.120.0/24 # cbinetwork private
>> acl mynetwork src 192.168.121.0/24 # cbinetwork private
>> acl mynetwork src 192.168.130.0/24 # cbinetwork private
>> acl mynetwork src 192.168.150.0/24 # cbinetwork private
>> acl mynetwork src 192.168.151.0/24 # cbinetwork private
>> acl mynetwork src 10.100.101.0/24 # cbinetwork private
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/32
>> acl localhost src ::1/128
>> acl to_localhost dst 127.0.0.0/8
>> acl to_localhost dst ::1/128
>> acl purge method PURGE
>> acl CONNECT method CONNECT
>>
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 # https
>>
>> acl Safe_ports port 1025-65535 #unregistered ports
>>
>> acl SSL_ports port 443 563
>>
>> http_access allow manager localhost
>> http_access deny manager
>> http_access allow purge localhost
>> http_access deny purge
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>>
>> http_access allow localhost
>> http_access allow mynetwork
>> # http_access deny all
>
> For peak performance I'd order the above lines a little differently and remove some. Give these a test out:
>
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access deny manager
> http_access deny purge
> http_access allow mynetwork
> # http_access deny all
>
>> http_reply_access allow all
>> icp_access allow mynetwork
>>
>> # icp_access deny all
>>
>> visible_hostname proxy.xxx.xx
>>
>> coredump_dir /var/spool/squid
>>
>> ######## End of squid.conf ##########
>
> Amos
> --
> Please be using
> Current Stable Squid 2.7.STABLE9 or 3.1.1
>
Received on Sun Apr 18 2010 - 12:54:53 MDT

This archive was generated by hypermail 2.2.0 : Sun Apr 18 2010 - 12:00:04 MDT