Hello all,
I have recently installed SquidNT (2.5STABLE3) on a Win2000 server.
Everything works just fine, exepct a few days my main router interconnecting
branch offices started to go down in random pattern.
INTERNET---W2000+SQUID---SWICH---*LAN
|
--ROUTER1--FrameRelay--ROUTER2--*REMOTE-LAN
If someone from remote LAN starts to browser network Squid floods
ROUTER1 with a high volume TCP packets (10000 in 5 seconds) sized ~62 bytes.
Router is old Motorola Vanguard hardware router and from such spike its
TCP/IP stack is killed, only low-level protocols like ARP, LLC, ir UDP based
ones - DHCP, NetBIOS-NS, NT-BROWSER a able to pass ROUTER1 through in both
directions.
I am unable to find a reason why and exactly when Squid starts to flood,
but it happens a few times a day and router is dead until cold-reset. The
only thing I can do at this moment is to post TCP packet, which floods
router (ethereal capture).
So the main question is: why Squid starts to vomit packets at such
unusual rate?
Thanks for a prompt reply!
--------------------------------------------------------------------------
Aditional info:
Clients - W2000/XP, su IE 6.0 SP1, Squid proxy is the only gateway to
the internet, integrated NTLM autentification is on (SquidNT use it to
separate user to different delay-pools), clients are set to use HTTP 1.1
through proxy connections, some hosts (like ads.;banners. ir so on) - banned
from squid.
When I decoded TCP packet stream, which caused router failure, I found
out that it was just a 17 kB local news page (a few dozens pictures mayby).
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:27 MST