Re: [squid-users] Memory issues

On 26/06/11 21:24, Go Wow wrote:
> Hi,
>
> I'm using squid 3.1.8 on centos 5.4 with 3.8GB RAM and Dual Core
> Processor. My swap is been used and 50% of RAM is used by cache&
> buffers. Below link has one week's memory& CPU utilization
> information in form of graph.
>
> Memory usage --> http://img.myph.us/Cr8.jpg
> CPU usage --> http://img.myph.us/PgM.jpg
>
> I'm worried as to why the usage of swap is coming into picture,
> logically if Swap is used then I need to increase the RAM but this
> machine is serving only 12 users.
>
> My squid.conf is here
>
> auth_param negotiate program /usr/lib/squid/squid_kerb_auth -d -s GSS_C_NO_NAME
> auth_param negotiate children 10
> auth_param negotiate keep_alive on
> auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 8
> auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
> auth_param basic credentialsttl 4 hour
> auth_param basic casesensitive off
> auth_param basic children 7
> auth_param basic realm DOMAINNAME
> authenticate_cache_garbage_interval 10 seconds
> authenticate_ttl 0 seconds
> acl ad-auth proxy_auth REQUIRED
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
> acl allow_localnet dst 192.168.110.0/24 192.168.188.0/24
> acl allow_localdomain dstdomain .domain.com
> acl local_net_dst dst 192.168.117.0/24
> acl local_net_src src 192.168.117.0/24
> acl Unsafe_Ports port 5050 843 5100 5101 5000-5010 9085
> acl Unsafe_Ports port 1863
> acl Unsafe_Ports port 5222
> acl SSL_ports port 443
> acl Safe_ports port 80 53 3268 88 5060 5061 5062 5075 5076 5077 50636
> 587 50389 58941 110 995 993 143 389 636 119 25 465 135 102 3000 #
> http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> http_access allow localhost allow_localnet allow_localdomain
> http_access allow manager localhost
> http_access allow ad-auth

> http_access deny manager
> http_access deny Unsafe_Ports !Safe_ports

That wont work. Please see:
  http://wiki.squid-cache.org/SquidFaq/SquidAcls#Common_Mistakes

> http_access deny CONNECT !SSL_ports

None of these security checks will have any effect. You have placed all
of the allows above them to happen first.

> http_access deny all
> redirect_program /usr/local/bin/squidGuard -c
> /usr/local/squidGuard/squidGuard.conf
> redirect_children 15
> icp_access deny all
> htcp_access deny all
> http_port 3128
> cache_mem 128 MB
> cache_dir aufs /var/squid/cache 128 16 256
> hierarchy_stoplist cgi-bin ?
> access_log /var/log/squid/access.log squid
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern (cgi-bin|\?) 0 0% 0

Broken pattern. Use this instead:
   -i (/cgi-bin/|\?)

> refresh_pattern . 0 20% 4320
> icp_port 3130
> pipeline_prefetch off
> #delay_pools 2
> #delay_class 1 4
> #delay_class 2 4
> #delay_access 1 allow local_net_src
> #delay_access 2 allow local_net_dst
> #delay_parameters 1 -1/-1 -1/-1 -1/-1 51200/51200
> #delay_parameters 2 -1/-1 -1/-1 -1/-1 -1/-1
> #delay_initial_bucket_level 75
> httpd_suppress_version_string on
> forwarded_for off
> hosts_file /etc/hosts
> cache_replacement_policy heap LFUDA
> cache_swap_low 90
> cache_swap_high 95
> maximum_object_size_in_memory 50 KB
> memory_pools off
> maximum_object_size 50 MB
> quick_abort_min 0 KB
> quick_abort_max 0 KB
> log_icp_queries off
> client_db off
> buffered_logs on
> half_closed_clients off
>
>
> I had delay pools but I later disabled them as well.

Are you sure it is Squid consuming that memory? Its possibly another
application.
  If you are sure it is Squid please upgrade to a later version. There
were some memory overuse issues fixed between 3.1.8 and 3.1.11.

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.12
   Beta testers wanted for 3.2.0.9 and 3.1.12.3