Re: [squid-users] Squid 3.0STABLE19 - performance

From: Marcus Kool <marcus.kool_at_urlfilterdb.com>
Date: Tue, 13 Oct 2009 18:53:40 -0300

in case it is not clear: the 'aufs' option for cache_dir is much faster
than the 'ufs' which you are using now.

Marcus

George Herbert wrote:
> Multiple hard disks, and spreading out Squid's logs and cache dirs
> onto separate disks, helps a lot.
>
> The big prod squid environment I was running for a while used 4 disks
> - 1 OS, 1 logs, 2 separate aufs cache disks.
>
> If you can't do that with your hardware, even adding a second hard
> drive, with logs on the OS disk and the cache on the second disk, will
> help some.
>
>
> -george
>
> On Tue, Oct 13, 2009 at 10:52 AM, Mariel Sebedio <msebedio_at_invap.com.ar> wrote:
>> Hello, I have a problem with the Squid performance.
>>
>> I have a RHEL 5.4 whit Squid 3.0STABLE19 compiled with the following
>> options: '--prefix=/usr' '--sysconfdir=/etc/squid' '--enable-snmp'
>> '--enable-cache-digest' '--enable-err-language=Spanish'
>> '--enable-delay-pools'
>>
>> The hardware of the Proxy server machine is:
>>
>> processor : 0
>> vendor_id : GenuineIntel
>> cpu family : 15
>> model : 4
>> model name : Intel(R) Pentium(R) 4 CPU 3.00GHz
>> stepping : 1
>> cpu MHz : 3000.177
>> cache size : 1024 KB
>> physical id : 0
>> siblings : 2
>> core id : 0
>> cpu cores : 1
>> apicid : 0
>> fdiv_bug : no
>> hlt_bug : no
>> f00f_bug : no
>> coma_bug : no
>> fpu : yes
>> fpu_exception : yes
>> cpuid level : 5
>> wp : yes
>> flags : fpu vme de pse tsc msr pae mce cx8 apic mtrr pge mca cmov pat
>> pse36 clflush dts
>> acpi mmx fxsr sse sse2 ss ht tm pbe nx constant_tsc pni monitor ds_cpl cid
>> xtpr
>> bogomips : 5999.92
>>
>> The filesystem information is this:
>>
>> Filesystem 1K-blocks Used Available Use% Mounted on
>> /dev/sda2 5080828 4252116 566452 89% /
>> /dev/sda5 141129204 2496448 131348084 2% /var
>> /dev/sda1 101086 11303 84564 12% /boot
>> tmpfs 1031764 0 1031764 0% /dev/shm
>>
>> The top output
>>
>> top - 09:50:08 up 3 days, 17:07, 1 user, load average: 0.09, 0.06, 0.01
>> Tasks: 88 total, 1 running, 87 sleeping, 0 stopped, 0 zombie
>> Cpu(s): 0.5%us, 0.5%sy, 0.0%ni, 98.5%id, 0.0%wa, 0.2%hi, 0.3%si,
>> 0.0%st
>> Mem: 2063532k total, 2001504k used, 62028k free, 199476k buffers
>> Swap: 5245212k total, 0k used, 5245212k free, 1415224k cached
>>
>> The ammount of connections oscilates between 400-600. ([]# netstat -an |grep
>> STABL |wc -l)
>> I can see that when I request a page it takes a long time to appear on
>> my browser, and If at that moment I look at the option "Client-side
>> Active Requests" on the statistics, I can't see anything referring to my
>> request
>>
>> It also takes a lot of time for the request to appear in the access.log
>>
>> When I have a page request, it doesn't arrive in a short period of time,
>> So I stop my browser and resend it, and it arrives quickly the second
>> time.
>>
>> Is there something wrong with my squid.conf or my kernel configuration.
>> Any suggestions of where to look or what to change to improve
>> performance?
>>
>> How can I determine if it is a matter of DNS response or squid
>> congestion or simply a delay related to the page requested itself?
>>
>> Thanks in advance for the help.
>>
>> My squid.conf is there:
>> authenticate_cache_garbage_interval 3600 seconds
>> authenticate_ttl 3600 seconds
>> authenticate_ip_ttl 0 seconds
>> acl all src 0.0.0.0/0.0.0.0
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1
>> acl to_localhost dst 0.0.0.0 127.0.0.0/255.0.0.0
>> acl mynet src "/etc/squid/mynet" ###### allow over 400 Ips
>> acl snmppublic snmp_community proxy
>> acl administrador src "/etc/squid/administradores" ###### only 3 Ips
>> acl SSL_ports port 443
>> acl Safe_ports port 80 81 21 443 70 210 1025-65535 280 488 591 777
>> acl CONNECT method CONNECT
>> http_access Allow manager administrador
>> http_access Deny manager
>> http_access Deny !Safe_ports
>> http_access Deny CONNECT !SSL_ports
>> http_access Allow mynet
>> http_access Deny all
>> icp_access Allow mynet
>> icp_access Deny all
>> htcp_access Allow mynet
>> htcp_access Deny all
>> htcp_clr_access Deny all
>> ident_lookup_access Deny all
>> http_port 0.0.0.0:3128
>> dead_peer_timeout 10 seconds
>> hierarchy_stoplist cgi-bin
>> hierarchy_stoplist ?
>> cache_mem 33554432 bytes
>> maximum_object_size_in_memory 8192 bytes
>> memory_replacement_policy lru
>> cache_replacement_policy lru
>> cache_dir ufs /var/spool/squid/cache 80000 16 256 IOEngine=Blocking
>> store_dir_select_algorithm least-load
>> max_open_disk_fds 0
>> minimum_object_size 0 bytes
>> maximum_object_size 4194304 bytes
>> cache_swap_low 90
>> cache_swap_high 95
>> access_log /var/log/squid/access.log squid
>> cache_log /var/log/squid/cache.log
>> cache_store_log /var/log/squid/store.log
>> logfile_rotate 9
>> emulate_httpd_log off
>> log_ip_on_direct on
>> mime_table /etc/squid/mime.conf
>> log_mime_hdrs off
>> pid_filename /var/run/squid.pid
>> debug_options ALL,1
>> log_fqdn off
>> client_netmask 255.255.255.255
>> strip_query_terms on
>> buffered_logs off
>> ftp_user anonymous_at_XXX.com.ar
>> ftp_list_width 32
>> ftp_passive on
>> ftp_sanitycheck on
>> ftp_telnet_protocol on
>> diskd_program /usr/libexec/diskd
>> unlinkd_program /usr/libexec/unlinkd
>> url_rewrite_children 5
>> url_rewrite_concurrency 0
>> url_rewrite_host_header on
>> url_rewrite_bypass off
>> refresh_pattern ^ftp: 1440 20% 10080
>>
>> refresh_pattern ^gopher: 1440 0% 1440
>>
>> refresh_pattern (cgi-bin|\?) 0 0% 0
>>
>> refresh_pattern . 0 20% 4320
>>
>> quick_abort_min 16 KB
>> quick_abort_max 16 KB
>> quick_abort_pct 95
>> read_ahead_gap 16384 bytes
>> negative_ttl 300 seconds
>> positive_dns_ttl 21600 seconds
>> negative_dns_ttl 60 seconds
>> range_offset_limit 0 bytes
>> minimum_expiry_time 60 seconds
>> store_avg_object_size 13 KB
>> store_objects_per_bucket 20
>> request_header_max_size 20480 bytes
>> reply_header_max_size 20480 bytes
>> request_body_max_size 0 bytes
>> chunked_request_body_max_size 65536 bytes
>> via on
>> ie_refresh off
>> vary_ignore_expire off
>> request_entities off
>> relaxed_header_parser on
>> forward_timeout 240 seconds
>> connect_timeout 60 seconds
>> peer_connect_timeout 30 seconds
>> read_timeout 900 seconds
>> request_timeout 300 seconds
>> persistent_request_timeout 120 seconds
>> client_lifetime 86400 seconds
>> half_closed_clients off
>> pconn_timeout 60 seconds
>> ident_timeout 10 seconds
>> shutdown_lifetime 30 seconds
>> cache_mgr soporte_at_XXX.com.ar
>> mail_program mail
>> cache_effective_user squid
>> cache_effective_group squid
>> httpd_suppress_version_string off
>> visible_hostname proxy134.XXX.com.ar
>> umask 23
>> announce_period 31536000 seconds
>> announce_host tracker.ircache.net
>> announce_port 3131
>> delay_pools 0
>> delay_initial_bucket_level 50
>> wccp_router 0.0.0.0
>> wccp_version 4
>> wccp2_rebuild_wait on
>> wccp2_forwarding_method 1
>> wccp2_return_method 1
>> wccp2_assignment_method 1
>> wccp2_service standard 0
>> wccp2_weight 10000
>> wccp_address 0.0.0.0
>> wccp2_address 0.0.0.0
>> client_persistent_connections on
>> server_persistent_connections on
>> persistent_connection_after_error off
>> detect_broken_pconn off
>> snmp_port 3401
>> snmp_access Allow snmppublic localhost
>> snmp_access Deny all
>> snmp_incoming_address 0.0.0.0
>> snmp_outgoing_address 255.255.255.255
>> icp_port 3130
>> htcp_port 0
>> log_icp_queries on
>> udp_incoming_address 0.0.0.0
>> udp_outgoing_address 255.255.255.255
>> icp_hit_stale off
>> minimum_direct_hops 4
>> minimum_direct_rtt 400
>> netdb_low 900
>> netdb_high 1000
>> netdb_ping_period 300 seconds
>> query_icmp off
>> test_reachability off
>> icp_query_timeout 0
>> maximum_icp_query_timeout 2000
>> minimum_icp_query_timeout 5
>> background_ping_rate 10 seconds
>> mcast_icp_query_timeout 2000
>> icon_directory /usr/share/icons
>> global_internal_static on
>> short_icon_urls on
>> error_directory /usr/share/errors/templates
>> err_html_text
>> email_err_data on
>> nonhierarchical_direct on
>> prefer_direct off
>> incoming_icp_average 6
>> incoming_http_average 4
>> incoming_dns_average 4
>> min_icp_poll_cnt 8
>> min_dns_poll_cnt 8
>> min_http_poll_cnt 8
>> tcp_recv_bufsize 0 bytes
>> check_hostnames off
>> allow_underscore on
>> dns_retransmit_interval 5 seconds
>> dns_timeout 120 seconds
>> dns_defnames off
>> hosts_file /etc/hosts
>> dns_testnames netscape.com
>> dns_testnames internic.net
>> dns_testnames nlanr.net
>> dns_testnames microsoft.com
>> ignore_unknown_nameservers on
>> ipcache_size 1024
>> ipcache_low 90
>> ipcache_high 95
>> fqdncache_size 1024
>> memory_pools on
>> memory_pools_limit 5242880 bytes
>> forwarded_for on
>> cachemgr_passwd XXXXXXXXXX all
>> client_db on
>> refresh_all_ims off
>> reload_into_ims off
>> maximum_single_addr_tries 1
>> retry_on_error off
>> as_whois_server whois.ra.net
>> offline_mode off
>> uri_whitespace strip
>> coredump_dir /var/spool/squid/cache
>> balance_on_multiple_ip on
>> pipeline_prefetch off
>> high_response_time_warning 0
>> high_page_fault_warning 0
>> high_memory_warning 0 bytes
>> sleep_after_fork 0
>> windows_ipaddrchangemonitor on
>>
>> --
>> Lic. Mariel Sebedio
>> Division Computos y Sistemas
>> Tel (02944)-445400 int 2307
>> INVAP S.E. - www.invap.com.ar
>>
>>
>
>
>
Received on Tue Oct 13 2009 - 21:53:49 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 14 2009 - 12:00:02 MDT