Re: [squid-users] Squid and OS tuning

From: zen <zen@dont-contact.us>
Date: Thu, 05 Apr 2007 08:26:48 +0700

Tek Bahadur Limbu wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Wed, 04 Apr 2007 13:27:05 +0700
>zen <zen@tk-pttuntex.com> wrote:
>
>
>
>>Dear Users.
>>i'm planning to build a proxy server and it will be serving 10k of
>>users/clients,
>>it's a AMD X2 3800 AM2 and currently installed RAM are 4Gigs, and 2
>>SATA HDD 300GB
>>and running FreeBSD 6.2STABLE am64 build.
>>i would like to ask for guidance how to build and optimized this proxy
>>server ( OS base or Squid base )
>>kindly one of you share the tips/tricks regarding this problems.
>>
>>
>>
>
>Hi Zen,
>
>Do you want to run Squid in transparent mode? If so, which firewall (ipfw/pf/ipf) will you be using?
>
>Try to do download the source package and compile it manually rather than using FreeBSD's ports.
>
>You can using the following compilation options:
>
>- --bindir=/usr/local/sbin \
>- --sysconfdir=/usr/local/etc/squid \
>- --datadir=/usr/local/etc/squid \
>- --libexecdir=/usr/local/libexec/squid \
>- --localstatedir=/usr/local/squid \
>- --enable-removal-policies=heap,lru \
>- --enable-async-io \
>- --enable-storeio=diskd,aufs,coss,ufs,null \
>- --enable-time-hack \
>- --enable-snmp \
>- --enable-kqueue \
>- --with-large-files \
>- --prefix=/usr/local \
>- --disable-ident-lookups
>
>For full compilation options, see:
>
>#~ ./configure --help | less
>
>Also, try to use the Squid-2.6 version. It's quite stable and extremely CPU friendly.
>
>In your Kernel, you can use the following options:
>
>options SMP
>
>options SHMSEG=128
>options SHMMNI=256
>options SHMMAX=33554432 # max shared memory segment size (bytes)
>options SHMALL=16384 # max amount of shared memory (pages)
>options MSGMNB=16384 # max # of bytes in a queue
>options MSGMNI=48 # number of message queue identifiers
>options MSGSEG=768 # number of message segments
>options MSGSSZ=64 # size of a message segment
>options MSGTQL=4096 # max messages in system
>
>
>options IPFIREWALL #Only for IPFW firewall
>options IPFIREWALL_VERBOSE #Only for IPFW enable logging to syslogd(8)
>options IPFIREWALL_FORWARD #Only for IPFW enable transparent proxy support
>
>
>For some optimization and also since your users/clients base is about 10000, you might want to try the following values.
>
>/boot/loader.conf:
>
>kern.maxusers=0
>kern.ipc.nmbclusters=65536
>kern.maxfiles=16384
>kern.maxproc=8192
>kern.ipc.somaxconn: 8192
>kern.ipc.maxsockets=16384
>
>
>/etc/sysctl.conf:
>
># TCP/IP optimization
>net.inet.tcp.recvspace=65535
>net.inet.tcp.sendspace=65535
>kern.maxfilesperproc=8192
>
>
>For squid.conf:
>cache_effective_user nobody
>cache_effective_group nobody
>
>cache_mem 128 MB
>cache_swap_low 90
>cache_swap_high 98
>
>http_port 3128 transparent # Only if you want Squid to run transparently
>
>maximum_object_size 131072 KB
>maximum_object_size_in_memory 16 KB
>
>tcp_recv_bufsize 65535 bytes
>ipcache_size 4096
>fqdncache_size 4096
>
>emulate_httpd_log on
>
>client_persistent_connections off
>half_closed_clients off
>
>cache_dir diskd /cache1 100000 64 512 Q1=72 Q2=64
>cache_dir diskd /cache2 100000 64 512 Q1=72 Q2=64
>
>hierarchy_stoplist cgi-bin ?
>
>acl QUERY urlpath_regex cgi-bin \?
>no_cache deny QUERY
>
>negative_dns_ttl 2 minutes
>
>#Default pattern is good enough
>refresh_pattern ^ftp: 1440 20% 10080
>refresh_pattern ^gopher: 1440 0% 1440
>refresh_pattern . 0 20% 4320
>
>
>Also regarding DISKD storage system, see the great FAQ below:
>
>http://wiki.squid-cache.org/SquidFaq/CyclicObjectStorageSystem
>
>Even though, it is quite outdated, it offers enough insight about DiskD and FreeBSD in general.
>
>
>Note: This values should normally work but what works for me does not necessarily mean that it will work for all.
>
>Also I welcome any suggestions and feedback for the above mentioned values of mine. I may have miss something myself.
>
>Thanking you...
>
>
>
>>TIA
>>
>>Zen
>>
>>
>>
>
>
>- --
>
>
>With best regards and good wishes,
>
>Yours sincerely,
>
>Tek Bahadur Limbu
>
>(TAG/TDG Group)
>Jwl Systems Department
>
>Worldlink Communications Pvt. Ltd.
>
>Jawalakhel, Nepal
>
>http://www.wlink.com.np
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.2.2 (FreeBSD)
>
>iD8DBQFGE5cLVrOl+eVhOvYRAtwKAJ4ptACbnnkxKlhoYj/h/V6O92sYiQCgmd8Z
>TlzhH69L16FH+0iyz0Nh9NI=
>=G/3Y
>-----END PGP SIGNATURE-----
>
>
>
thanks for sharing the tips,
but onething i wanna ask you,
is option SMP on the kernel side necessary?
because Hendrik said squid only know/work with single proc.

TIA

Zen
Received on Wed Apr 04 2007 - 19:23:40 MDT

This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT