Hey there,
Please try to state the purpose of the squid instance in words in order
to understand the situation..(fake IP and domains if you need)
you do have a WWW server right?
what is the logic purpose of the squid instance? is it a forward proxy
for a network??
what is this cache_peer config you are trying to do???
Do you first want to just make it work and later on tune for performance??
please give me a small description of the network infrastructure we are
talking about.
a small example:
http://wiki.squid-cache.org/Features/Wccp
Why do you use WCCP for the interception?is there a specific need for that?
Eliezer
On 08/28/2013 08:52 AM, Mohsen Dehghani wrote:
> Hello
> I think you didn't get my last reply...here is a copy:
> based on your help and this example
> http://wiki.squid-cache.org/ConfigExamples/SmpCarpCluster ,The following is
> my config and access.log.
> the problem is the websites does not load resulting in timeout...
> it works perfectly when commenting out cache peer lines any help is
> appreciated
>
> #######squid.conf########
> # DO change this "somepassword"
> cachemgr_passwd somepassword all
> #debug_options ALL,9
> acl localnet src 178.173.12.70
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> wccp2_router 172.22.122.33
> wccp_version 2
> wccp2_rebuild_wait off
> wccp2_forwarding_method 2
> wccp2_return_method 2
> wccp2_assignment_method 2
> # wccp2_service standard 0
> wccp2_service dynamic 80
> wccp2_service dynamic 90
> wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80
> wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
> priority=240 ports=80
>
>
> # basic safety net access controls.
> # NOTE that user access and local access controls are all in frontend.conf
> http_access deny !Safe_ports http_access deny CONNECT !SSL_ports
>
>
> # 3 workers, using worker #1 as the frontend is important workers 3 if
> ${process_number} = 1 include /etc/squid3/frontend.conf else include
> /etc/squid3/backend.conf endif http_access allow localnet http_access deny
> all
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> #########################################
>
>
> ######frontend.conf#######
> http_port 3128
> http_port 3129 tproxy
> shutdown_lifetime 3 second
> # add user authentication and similar options here http_access allow manager
> localhost http_access allow manager all http_access deny manager
>
> # add backends - one line for each additional worker you configured # NOTE
> how the port number matches the kid number cache_peer localhost parent 4002
> 0 carp login=PASS name=backend-kid2 no-tproxy cache_peer localhost parent
> 4003 0 carp login=PASS name=backend-kid3 no-tproxy
>
> #you want the frontend to have a significant cache_mem cache_mem 512 MB
>
> # change /tmp to your own log directory, e.g. /var/log/squid access_log
> /var/log/squid3/frontend.access.log
> cache_log /var/log/squid3/frontend.cache.log
>
>
> # the frontend requires a different name to the backend(s) visible_hostname
> frontend.example.com http_access allow localhost
> #################################################
>
>
> ########backend.conf###########
> # each backend must listen on a unique port # without this the CARP
> algorithm would be useless http_port 127.0.0.1:400${process_number}
> shutdown_lifetime 3 second # a 10 GB cache of small (up to 32KB) objects
> accessible by any backend worker #cache_dir rock /mnt/cacheRock 10240
> max-size=32768 follow_x_forwarded_for allow localhost # NP: for now AUFS
> does not support SMP but the CARP algorithm helps reduce object duplications
> # a 10 GB cache of large ( over 32KB) objects per-worker cache_dir aufs
> /mnt/cache${process_number} 10240 128 128 min-size=32769
>
> # the default maximum cached object size is a bit small # you want the
> backend to be able to cache some fairly large objects maximum_object_size
> 512 MB
>
> # you want the backend to have a small cache_mem cache_mem 4 MB
>
> # the backends require a different name to frontends, but can share one #
> this prevents forwarding loops between backends while allowing # frontend to
> forward via the backend visible_hostname backend-kid${process_number}
>
> # change /var/log/squid to your own log directory access_log
> /var/log/squid3/backend.access.log
> cache_log /var/log/squid3/backend.cache.log
>
> # add just enough access permissions to allow the frontend http_access allow
> localhost ########################################
>
>
> #######frontend.log###########
> 1377506559.692 61025 178.173.12.70 TCP_MISS/503 4201 GET
> http://ubuntuforums.org/favicon.ico - CARP/127.0.0.1 text/html
> 1377506559.692 61025 178.173.12.70 TCP_MISS/503 4252 GET
> http://www.tucny.com/favicon.ico - CARP/127.0.0.1 text/html
> 1377506559.692 61025 178.173.12.70 TCP_MISS/503 4135 GET
> http://www.crypt.gen.nz/favicon.ico - CARP/127.0.0.1 text/html
> 1377506560.528 185790 178.173.12.70 TCP_MISS/503 4234 GET
> http://packages.debian.org/jessie/amd64/squid3/download - CARP/127.0.0.1
> text/html
> 1377506569.155 59998 178.173.12.70 TCP_MISS_ABORTED/000 0 GET
> http://um10.eset.com/eset_eval/update.ver - CARP/127.0.0.1 -
> 1377506574.699 183383 178.173.12.70 TCP_MISS/503 4267 GET
> http://www.googletagservices.com/tag/js/gpt.js - CARP/127.0.0.1 text/html
> 1377506590.529 180764 178.173.12.70 TCP_MISS/503 4261 GET
> http://cm.g.doubleclick.net/pixel? - CARP/127.0.0.1 text/html
> 1377506615.522 59941 178.173.12.70 TCP_MISS/503 4150 GET
> http://wiki.squid-cache.org/favicon.ico - CARP/127.0.0.1 text/html
> 1377506618.710 60996 178.173.12.70 TCP_MISS/503 4186 GET
> http://devel.squid-cache.org/favicon.ico - CARP/127.0.0.1 text/html
> 1377506618.710 60990 178.173.12.70 TCP_MISS/503 4170 GET
> http://www.pmoghadam.com/favicon.ico - CARP/127.0.0.1 text/html
> 1377506618.710 61012 178.173.12.70 TCP_MISS/503 4554 GET
> http://www.packtpub.com/favicon.ico - CARP/127.0.0.1 text/html
> 1377506618.710 60996 178.173.12.70 TCP_MISS/503 4358 GET
> http://www.netcontractor.pl/favicon.ico - CARP/127.0.0.1 text/html
> 1377506618.710 60836 178.173.12.70 TCP_MISS/503 4333 GET
> http://etutorials.org/favicon.ico - CARP/127.0.0.1 text/html
> 1377506620.530 60830 178.173.12.70 TCP_MISS/503 4357 GET
> http://www.thegeekstuff.com/favicon.ico - CARP/127.0.0.1 text/html
> 1377506620.530 60660 178.173.12.70 TCP_MISS/503 4187 GET
> http://www.web-polygraph.org/favicon.ico - CARP/127.0.0.1 text/html
> 1377506620.531 60830 178.173.12.70 TCP_MISS/503 4233 GET
> http://ubuntuforums.org/favicon.ico - CARP/127.0.0.1 text/html
> 1377506622.740 241014 178.173.12.70 TCP_MISS/503 5098 GET
> http://code.google.com/p/shellinabox/ - CARP/127.0.0.1 text/html
> 1377506624.744 61206 178.173.12.70 TCP_MISS/503 4284 GET
> http://www.tucny.com/favicon.ico - CARP/127.0.0.1 text/html
> 1377506625.549 240496 178.173.12.70 TCP_MISS/503 4397 GET
> http://gravatar.com/avatar/33be8eebf9ff1375eecabb6d45bb84f0/? -
> CARP/127.0.0.1 text/html
> 1377506625.744 240691 178.173.12.70 TCP_MISS/503 4397 GET
> http://gravatar.com/avatar/10c08133f930b023f8a29f7aca903ade/? -
> CARP/127.0.0.1 text/html
> 1377506625.744 240691 178.173.12.70 TCP_MISS/503 4397 GET
> http://gravatar.com/avatar/bbafaf9e10ccbeadb05132f0907eef62/? -
> CARP/127.0.0.1 text/html
> 1377506629.328 59998 178.173.12.70 TCP_MISS_ABORTED/000 0 GET
> http://um16.eset.com/eset_eval/update.ver - CARP/127.0.0.1 -
> 1377506633.749 241284 178.173.12.70 TCP_MISS/503 7215 GET
> http://cisco.112.2o7.net/b/ss/cisco-us,cisco-usprodswitches/1/H.24.3/s641795
> 77133309? - CARP/127.0.0.1 text/html
> 1377506634.605 820 178.173.12.70 TCP_MISS/200 1650 GET
> http://www.cisco.com/favicon.ico - HIER_DIRECT/2.21.32.170 image/x-icon
> 1377506675.522 59980 178.173.12.70 TCP_MISS/503 4182 GET
> http://wiki.squid-cache.org/favicon.ico - CARP/127.0.0.1 text/html
> 1377506680.531 59983 178.173.12.70 TCP_MISS/503 4187 GET
> http://www.web-polygraph.org/favicon.ico - CARP/127.0.0.1 text/html
> 1377506687.797 61209 178.173.12.70 TCP_MISS/503 5054 GET
> http://beacon-1.newrelic.com/1/c7e812077e? - CARP/127.0.0.1 text/html
> 1377506690.518 61188 178.173.12.70 TCP_MISS/503 4297 GET
> http://um16.eset.com/eset_eval/update.ver - CARP/127.0.0.1 text/html
> 1377506740.805 180167 178.173.12.70 TCP_MISS/503 4178 GET
> http://packages.debian.org/favicon.ico - CARP/127.0.0.1 text/html
> 1377506863.962 241107 178.173.12.70 TCP_MISS/503 5085 GET
> http://code.google.com/favicon.ico - CARP/127.0.0.1 text/html
> #################################
>
> #############backend.log################
>
> 1377506560.528 181935 178.173.12.70 TCP_MISS/503 4100 GET
> http://packages.debian.org/jessie/amd64/squid3/download -
> HIER_DIRECT/213.165.95.4 text/html
> 1377506569.155 59998 178.173.12.70 TCP_MISS_ABORTED/000 0 GET
> http://um10.eset.com/eset_eval/update.ver - HIER_DIRECT/93.184.71.21 -
> 1377506574.698 183217 178.173.12.70 TCP_MISS/503 4133 GET
> http://www.googletagservices.com/tag/js/gpt.js - HIER_DIRECT/173.194.36.25
> text/html
> 1377506590.529 180754 178.173.12.70 TCP_MISS/503 4127 GET
> http://cm.g.doubleclick.net/pixel? - HIER_DIRECT/173.194.36.13 text/html
> 1377506615.522 59940 178.173.12.70 TCP_MISS/503 4016 GET
> http://wiki.squid-cache.org/favicon.ico - HIER_DIRECT/77.93.254.178
> text/html
> 1377506618.708 60994 178.173.12.70 TCP_MISS/503 4052 GET
> http://devel.squid-cache.org/favicon.ico - HIER_DIRECT/216.34.181.97
> text/html
> 1377506618.708 60988 178.173.12.70 TCP_MISS/503 4036 GET
> http://www.pmoghadam.com/favicon.ico - HIER_DIRECT/79.175.162.79 text/html
> 1377506618.709 60995 178.173.12.70 TCP_MISS/503 4224 GET
> http://www.netcontractor.pl/favicon.ico - HIER_DIRECT/78.46.37.186 text/html
> 1377506618.709 60835 178.173.12.70 TCP_MISS/503 4199 GET
> http://etutorials.org/favicon.ico - HIER_DIRECT/195.234.5.139 text/html
> 1377506618.709 61011 178.173.12.70 TCP_MISS/503 4420 GET
> http://www.packtpub.com/favicon.ico - HIER_DIRECT/83.166.169.231 text/html
> 1377506620.529 60830 178.173.12.70 TCP_MISS/503 4223 GET
> http://www.thegeekstuff.com/favicon.ico - HIER_DIRECT/192.254.201.75
> text/html
> 1377506620.529 60659 178.173.12.70 TCP_MISS/503 4053 GET
> http://www.web-polygraph.org/favicon.ico - HIER_DIRECT/209.169.10.130
> text/html
> 1377506620.530 60829 178.173.12.70 TCP_MISS/503 4099 GET
> http://ubuntuforums.org/favicon.ico - HIER_DIRECT/91.189.94.12 text/html
> 1377506622.740 240843 178.173.12.70 TCP_MISS/503 4964 GET
> http://code.google.com/p/shellinabox/ - HIER_DIRECT/74.125.236.164 text/html
> 1377506624.743 61038 178.173.12.70 TCP_MISS/503 4150 GET
> http://www.tucny.com/favicon.ico - HIER_DIRECT/74.125.135.121 text/html
> 1377506625.548 240492 178.173.12.70 TCP_MISS/503 4263 GET
> http://gravatar.com/avatar/33be8eebf9ff1375eecabb6d45bb84f0/? -
> HIER_DIRECT/72.233.69.5 text/html
> 1377506625.744 240688 178.173.12.70 TCP_MISS/503 4263 GET
> http://gravatar.com/avatar/10c08133f930b023f8a29f7aca903ade/? -
> HIER_DIRECT/72.233.69.4 text/html
> 1377506625.744 240687 178.173.12.70 TCP_MISS/503 4263 GET
> http://gravatar.com/avatar/bbafaf9e10ccbeadb05132f0907eef62/? -
> HIER_DIRECT/72.233.69.4 text/html
> 1377506629.328 59995 178.173.12.70 TCP_MISS_ABORTED/000 0 GET
> http://um16.eset.com/eset_eval/update.ver - HIER_DIRECT/93.184.71.10 -
> 1377506633.748 240973 178.173.12.70 TCP_MISS/503 7081 GET
> http://cisco.112.2o7.net/b/ss/cisco-us,cisco-usprodswitches/1/H.24.3/s641795
> 77133309? - HIER_DIRECT/66.235.132.232 text/html
> 1377506674.091 0 :: TCP_DENIED/403 3788 GET
> http://backend-kid2:4002/squid-internal-periodic/store_digest - HIER_NONE/-
> text/html
> 1377506675.522 59980 178.173.12.70 TCP_MISS/503 4048 GET
> http://wiki.squid-cache.org/favicon.ico - HIER_DIRECT/77.93.254.178
> text/html
> 1377506680.531 59983 178.173.12.70 TCP_MISS/503 4053 GET
> http://www.web-polygraph.org/favicon.ico - HIER_DIRECT/209.169.10.130
> text/html
> 1377506687.797 61064 178.173.12.70 TCP_MISS/503 4920 GET
> http://beacon-1.newrelic.com/1/c7e812077e? - HIER_DIRECT/50.31.164.168
> text/html
> 1377506690.518 61188 178.173.12.70 TCP_MISS/503 4163 GET
> http://um16.eset.com/eset_eval/update.ver - HIER_DIRECT/93.184.71.10
> text/html
> 1377506734.092 0 :: TCP_DENIED/403 3788 GET
> http://backend-kid3:4003/squid-internal-periodic/store_digest - HIER_NONE/-
> text/html
> 1377506740.804 180166 178.173.12.70 TCP_MISS/503 4044 GET
> http://packages.debian.org/favicon.ico - HIER_DIRECT/82.195.75.113 text/html
> 1377506863.961 241103 178.173.12.70 TCP_MISS/503 4951 GET
> http://code.google.com/favicon.ico - HIER_DIRECT/74.125.236.166 text/html
> ######################################################
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Wednesday, August 28, 2013 9:55 AM
> To: Mohsen Dehghani
> Subject: Re: [squid-users] [NEED HELP] TPROXY + L2 WCCP + multi cpu
>
> On 24/08/2013 6:26 p.m., Mohsen Dehghani wrote:
>> Thanks
>> But my bandwidth is gonna to be extended to 2Gbps. Are workers still
>> perform better than multi instance?
>
> I'm not sure of the answer to that one sorry. You are in a quite select
> group at present dealing with Gbps traffic rates.
> (If you understand Eliezers response earlier it sounds good thoguh I'm not
> sure I udnerstand the specifics myself yet).
>
> Amos
>
>
Received on Wed Aug 28 2013 - 08:55:58 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 28 2013 - 12:00:15 MDT