Re: [squid-users] fyi

From: Marc Elsen <marc.elsen@dont-contact.us>
Date: Thu, 14 Mar 2002 10:59:19 +0100

Van Bossche Koen wrote:
>
> Hi all,
>
> I have about 20 proxyservers running now very well with squid DEV2.5. They
> work very well for about 6 weeks now.
>
> To make them all performing better, I have done the following :
> 1/ installed local caching nameserver on all
> 2/ tuned the smb_auth
> 3/ and added to sysctl.conf
> # Disables packet forwarding
> net.ipv4.ip_forward = 0
> # Enables source route verification
> net.ipv4.conf.all.rp_filter = 1
> # Disables automatic defragmentation (needed for masquerading, LVS)
> net.ipv4.ip_always_defrag = 0
> # Disables the magic-sysrq key
> kernel.sysrq = 0
> # Increase number of filedescriptors available
> fs.file-max = 16384
> # change bdflush parameters for vm
> vm.bdflush = 100 1200 128 512 15 5000 500 1884 2
> # change buffermem parameter for vm
> vm.buffermem = 70 10 60
> # Decrease the time default value for tcp_fin_timeout connection
> net.ipv4.tcp_fin_timeout = 30
> # Decrease the time default value for tcp_keepalive_time connection
> net.ipv4.tcp_keepalive_time = 1800
> # Turn off the tcp_window_scaling
> net.ipv4.tcp_window_scaling = 0
> # Turn off the tcp_sack
> net.ipv4.tcp_sack = 0
> # Turn off the tcp_timestamps
> net.ipv4.tcp_timestamps = 0
>
> These changes (most of all local dns) made a big difference. The 3 parent
> proxies have now 251req/min (serving 600 users), 259 req/min (serving 600
> users) and 450req/min (serving 1500 users).
> I hope this information is usefull to others, but also wonder what other
> users might have done to tune there systems. Let me know!
>
> I have 2 more questions to you all. There are 2 more things I would like to
> add to my configuration :
> 1/ user policy page when auth box appears. How can this be implemented? I

 Nearly impossible I think. This protocol stage does not run in the
 context of normal http info switch between browser and whatever source.
 It is a specific handshaking between browser and cache, in the
 context of certain http 'features'.

> have seen the same question several times, but did not see any answers yet.
> 2/ interface for filtering, webpage or something. Squid has a lot of
> possibilities, however many local administrators are used to work with
> Windows and expect a GUI. I have reviewed Webmanager and SurfControl for

 ?? Good graze and smiley.

 Perhaps SQUID is my only hope in life, to assert the fact that
 there is world without Windows out there ...

 :-) (10x10)

> this purpose, however this costs a lot and in fact most of there features
> squid can handle. However I cannot convince a Windows guy to edit a text
> file on a linux box.
> I myself am not a developer. Does somebody use a self written or open source
> software to implement or change rules to squid.conf or to edit text files on
> a linux box through web interface? Do you want to share this information.
> Something like SWAT for Samba is very usefull.
>
> Kind Regards,
> ./koen
>
> Koen Van Bossche
>
> KONE International SA
> KCO Telecom
> Ave E. Van Nieuwenhuyse, 6
> B - 1160 Brussels, Belgium
> Tel : +32 (0)2 676.93.81
> Fax : +32 (0)2 676.93.91

-- 
 'Time is a consequence of Matter thus
 General Relativity is a direct consequence of QM
 (M.E. Mar 2002)
Received on Thu Mar 14 2002 - 02:59:23 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:55 MST