[squid-users] High load squid setup from Timur Irmatov on 2012-05-14 (squid-users)

From: Timur Irmatov <irmatov_at_gmail.com>
Date: Mon, 14 May 2012 17:22:59 +0500

Hi!

I would like to receive an advice from people more experienced with
squid than me.. :)

We are trying to setup fully transparent squid proxy (with TPROXY) for
about 6000 clients, according to instructions on wiki.

At the moment system is configured and working well at the half of
planned load - 3000 clients, with 120 Mbit/s peak traffic at 1000
requests/sec max. System is Ubuntu 12.04, Squid version is 3.1.19.
Server has two 2.6 GHz Xeon CPUs and 6 SCSI drives.

What is the way to double that load on server? I suppose there could
be several bottlenecks:

== CPU load ==

Current stable Squid version does not take advantage of several CPUs,
but we can work around this by configuring second squid instance on
another port. Then half of the clients will be served by one instance
and half by other. Both instances will be configured as siblings and
proxy-only.

== Disk access performance ==

Well, this is what we just need to test and see if current setup will
be enough or not. If not then more spindles is the way to go. Another
option would be to use a couple of SSDs, but I am not sure if they are
reliable enough for this kind of load and what models should we use.
(We just haven't used any SSDs before, advices would be greatly
appreciated).

== Outgoing connections number ==

As you can see from output of following one-liner, there are only two
local ports that have more than one connection on it:

netstat -tn|awk '/ESTABLISHED/ && NR > 2 {print $4}'|perl -pe
's/.*://'|sort|uniq -c |awk '$1!=1 {print}'
2 22
16959 80

There are two connections to ssh port (22) and almost 17k connections
to local port 80 (which is TPROXYied to Squid). So, all other outgoing
connections are using unique random ports. Then there is a limit of
65k outgoing connections for this box as a whole. Am I right? Is there
anything we can do?

Anything other I missed?

Any other performance/ reliability recommendations for our setup would
be greatly apreciated.

-- 
Timur Irmatov, xmpp:irmatov_at_jabber.ru

Received on Mon May 14 2012 - 12:23:05 MDT

This archive was generated by hypermail 2.2.0 : Mon May 14 2012 - 12:00:02 MDT