[squid-users] any chance to optimize squid3? from Fuhrmann, Marcel on 2012-11-16 (squid-users)

From: Fuhrmann, Marcel <Marcel.Fuhrmann_at_lux.ag>
Date: Fri, 16 Nov 2012 10:32:21 +0000

Hi list!

Is there any chance to speed up my squid proxy by changing the config? I don't think my squid is really slow. But some users think so.
Thanks a lot!

Here some information about the Hardware:

# cat /proc/cpuinfo
processor       : 0
vendor_id       : GenuineIntel
cpu family      : 6
model           : 44
model name      : Intel(R) Xeon(R) CPU           X5650 @ 2.67GHz
stepping        : 2
cpu MHz         : 2660.000
cache size      : 12288 KB
fpu             : yes
fpu_exception   : yes
cpuid level     : 11
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology tsc_reliable nonstop_tsc aperfmperf pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt aes hypervisor lahf_lm ida arat
bogomips        : 5320.00
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:

processor       : 1
vendor_id       : GenuineIntel
cpu family      : 6
model           : 44
model name      : Intel(R) Xeon(R) CPU           X5650 @ 2.67GHz
stepping        : 2
cpu MHz         : 2660.000
cache size      : 12288 KB
fpu             : yes
fpu_exception   : yes
cpuid level     : 11
wp              : yes
flags           : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon pebs bts rep_good xtopology tsc_reliable nonstop_tsc aperfmperf pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 popcnt aes hypervisor lahf_lm ida arat
bogomips        : 5320.00
clflush size    : 64
cache_alignment : 64
address sizes   : 40 bits physical, 48 bits virtual
power management:
------------------------------------------
# cat /proc/meminfo
MemTotal:        2057432 kB
MemFree:          330656 kB
Buffers:          138628 kB
Cached:           800828 kB
SwapCached:        24844 kB
Active:           796564 kB
Inactive:         660000 kB
Active(anon):     295336 kB
Inactive(anon):   221812 kB
Active(file):     501228 kB
Inactive(file):   438188 kB
Unevictable:           0 kB
Mlocked:               0 kB
SwapTotal:        407544 kB
SwapFree:         328728 kB
Dirty:               352 kB
Writeback:             0 kB
AnonPages:        492608 kB
Mapped:            14632 kB
Shmem:               132 kB
Slab:             184576 kB
SReclaimable:     160328 kB
SUnreclaim:        24248 kB
KernelStack:        2368 kB
PageTables:        33136 kB
NFS_Unstable:          0 kB
Bounce:                0 kB
WritebackTmp:          0 kB
CommitLimit:     1436260 kB
Committed_AS:   10306360 kB
VmallocTotal:   34359738367 kB
VmallocUsed:      274032 kB
VmallocChunk:   34359460564 kB
HardwareCorrupted:     0 kB
HugePages_Total:       0
HugePages_Free:        0
HugePages_Rsvd:        0
HugePages_Surp:        0
Hugepagesize:       2048 kB
DirectMap4k:       10240 kB
DirectMap2M:    2086912 kB
------------------------------------------
# df -h
/dev/sda1             6,6G 2,8G 3,6G 44% /
/dev/sdb1              10G 7,3G 2,8G 73% /var/spool/squid3
/dev/sda3             912M   94M 772M 11% /var/log

Sdb is a raid10 device.
------------------------------
This is my config.

cache_mem 64 MB
maximum_object_size 1000 KB
maximum_object_size_in_memory 128 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /var/spool/squid3 8000 256 256
dns_nameservers 10.4.1.20
cache_peer localhost parent 8899 0 no-query no-digest
url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
url_rewrite_children 20
cache_effective_user proxy
cache_mgr lux.support_at_lux.ag
error_directory /usr/share/squid3/errors/de-de
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20 startup=0 idle=1
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Domain Proxy Server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
authenticate_cache_garbage_interval 10 seconds
authenticate_ttl 28800 seconds
external_acl_type nt_group ttl=5 children=5 %LOGIN /usr/lib/squid3/wbinfo_group.pl
acl INTERNET_SQUID external nt_group internet
acl snmplux snmp_community kj3v45hv345j23
acl NMS src 10.4.1.234
acl SERVER src 10.2.1.51
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
snmp_port 3401
snmp_access allow snmplux localhost
snmp_access allow snmplux NMS
http_access allow SERVER
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow INTERNET_SQUID
http_access deny all
icp_access deny all
htcp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid3/access.log squid
cache_log /var/log/squid3/cache.log squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i(/cgi-bin/|\?) 0      0%      0
refresh_pattern .               0       20%     4320
icp_port 0

--
Marcel

Received on Fri Nov 16 2012 - 10:32:32 MST

This archive was generated by hypermail 2.2.0 : Fri Nov 16 2012 - 12:00:05 MST