Re: [squid-users] Squid does not respond to TCP SYN when there are thousands of connection

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 15 Feb 2013 23:18:21 +1300

On 15/02/2013 10:43 p.m., dahanhsi wrote:
> Thanks for your reply,
> provide more information below:
>
> 2013/2/15 Amos Jeffries <squid3_at_treenet.co.nz>:
>> On 15/02/2013 10:12 p.m., dahanhsi wrote:
>>> Hi all,
>>>
>>> I use squid as a reverse proxy, and make thousands of connection to the
>>> it.
>> Which version of Squid?
> I use Squid 2.7

Output of "squid -v" please.

>
>> What do you mean by "thousands of connections". 1's of tousands? 10's of
>> thousands? 100's of thousands?
> # netstat -nat|grep -i "80"|wc -l
> the result vary from 4651 to 9404
>
>>
>>> There are one ten of all connections can not establish in TCP layer,
>>> because squid does not respond SYN-ACK to client's SYN packet. How can
>>> I solve it?
>>> Thanks
>>
>> Check ulimit settings for Squid?
>>
> # ulimit -a
> core file size (blocks, -c) 0
> data seg size (kbytes, -d) unlimited
> scheduling priority (-e) 20
> file size (blocks, -f) unlimited
> pending signals (-i) 16382
> max locked memory (kbytes, -l) 64
> max memory size (kbytes, -m) unlimited
> open files (-n) 655360
> pipe size (512 bytes, -p) 8
> POSIX message queues (bytes, -q) 819200
> real-time priority (-r) 0
> stack size (kbytes, -s) 8192
> cpu time (seconds, -t) unlimited
> max user processes (-u) unlimited
> virtual memory (kbytes, -v) unlimited
> file locks (-x) unlimited
>
>> Check your cache.log for messages about running out of filedescriptors?
> I set my limit.conf to:
> root soft nofile 655360
> root hard nofile 655360

That does not answer the question. Squid may have been built or
configured with a limit of less than 655360 filedescriptors.
cache.log should tell you if Squid is reaching some limit like this.

Amos
Received on Fri Feb 15 2013 - 10:18:44 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 15 2013 - 12:00:04 MST