RE: [squid-users] Squid box dropping connections

From: Jenny Lee <bodycare_5_at_live.com>
Date: Thu, 17 Nov 2011 17:30:50 +0000

> I am running CentOS v5.1 with Squid-2.6 STABLE22 and Tproxy
> (cttproxy-2.6.18-2.0.6). My kernel is kernel-2.6.18-92. This is the most
> reliable setup I ever made running Squid. My problem is that I am having
> serious connections troubles when running squid over 155000 conntrack
> connections.
>
> From my clients I start losing packets to router when the
> connections go over 155000. My kernel is prepared to run over 260k
> connections.
...
> $SYS net.ipv4.netfilter.ip_conntrack_max=262144
>
 
Just because you have conntract max at 260K does not mean that you can handle 260K connections.
 
You will need to increase hashsize as well:
 
echo 262144 > /sys/module/ip_conntrack/parameters/hashsize
 
I would be checking kernel logs for "conntrack overflows" and cache log for "commBind" errors. You might need to increase ephemeral port ranges to 64K (don't know if this would apply to tproxy though).
 
Jenny
 
 
PS: I am not responsible if this blows up your datacenter. It works for me when i am doing 500-600 reqs/sec with CONNECTs on forward proxy.
Received on Thu Nov 17 2011 - 17:30:58 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 17 2011 - 12:00:02 MST