Re: [squid-users] 100% CPU Load problem with squid 3.3.8

From: Pavel Kazlenka <pavel.kazlenka_at_measurement-factory.com>
Date: Tue, 10 Sep 2013 11:48:09 +0300

Hi Mohsen,

Please note, that there are also system limit on opened file descriptors
number (that is set by default to 1024 per user in most linux systems).
You could see/change current system limits using ulimit tool or in
/etc/security/limits.d/ files.

Best wishes,
Pavel

On 09/10/2013 11:34 AM, Mohsen Dehghani wrote:
> I have compiled and installed squid 3.3.8.
> I have about 160Mbps bandwidth and about 18000 http request per minute.
> The problem is that as soon as I redirect traffic to squid, its cpu usage
> reaches 100% and it hangs and even "squidclient" will not work.
>
> What is weird is that when I remove traffic from squid, CPU usage does not
> go down immediately, but with a delay of about 2 or 3 minutes!
> While in version 3.1.19(which previously I was using), as soon as I remove
> traffic from squid, its cpu usage goes down. By the way in 3.1.19, CPU usage
> never exceeded 30%.
>
> When I debug , I see some lines saying: WARNING! Your cache is running out
> of filedescriptors
>
> I don't know this is the cause or not. But I've already compiled squid with
> 65536 filedescriptors
>
> I have disabled disk swap for testing, but the problem yet exists.
>
> Any help is appreciated
>
> I have attached my compile options and config
>
> _______________________________________
>
> #squid -v
> Squid Cache: Version 3.3.8
> configure options: '--prefix=/usr/local/squid' '--build=x86_64-linux-gnu'
> '--enable-storeio=ufs,aufs,diskd' '--enable-follow-x-forwarded-for'
> '--with-filedescriptors=65536' '--with-large-files'
> '--with-default-user=proxy' '--enable-linux-netfilter'
> 'build_alias=x86_64-linux-gnu' --enable-ltdl-convenience
>
>
> ###config:####
> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> shutdown_lifetime 3 second
> wccp2_router 172.22.122.254
> wccp_version 2
> wccp2_rebuild_wait on
> wccp2_forwarding_method 2
> wccp2_return_method 2
> wccp2_assignment_method 2
> # wccp2_service standard 0
> wccp2_service dynamic 80
> wccp2_service dynamic 90
> wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80
> wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
> priority=240 ports=80
>
> http_port 3129 tproxy
> qos_flows local-hit=0x18
> cache_mem 2000 MB
> maximum_object_size_in_memory 10 MB
>
> access_log none
>
> snmp_port 3401
> acl snmppublic snmp_community golabi
> snmp_access allow snmppublic trusted
> http_access deny !Safe_ports
>
> http_access deny CONNECT !SSL_ports
>
> http_access allow localhost manager
> http_access deny manager
> http_access allow localnet
> http_access allow localhost
>
> http_access deny all
>
> http_port 3128
>
> coredump_dir /usr/local/squid/var/cache/squid
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
>
>
Received on Tue Sep 10 2013 - 08:48:24 MDT

This archive was generated by hypermail 2.2.0 : Tue Sep 10 2013 - 12:00:04 MDT