Hello there!
I installed a TPROXY squid V3.3.7 for a client who originally had an intercept squid V2.7.STABLE9. The request hit ratio of the old squid server is around 35% and byte hit ratio is around 10%. For some reason, the client wanted to keep the original squid server, but he connected it to the new TPROXY as an upstream cache server along with some new small subnets. At first the request hit ratio of the new TPROXY was around 1%, which is extremely low. I thought that was because the cache did not have enough content. Now that the cache of the new TPROXY server has around 1.2 TB of data, the request hit ratio is still very low, around 1.5% and byte hit ratio is around 2%. This time, I thought this very low hit ratio is just due to the fact that the old squid server would also cache any content that the new squid would cache, and thus there would not be any hits to the cached content on the new squid server. Therefore, I asked my client to redirect all traffic
to the new TPROXY server directly, I was disappointed to see that request hit ratio did not exceed 5% and byte hit ratio did not exceed 7%, although I set the maximum cacheable object size on the new squid to be 512 MB, which is quite large!
Do you have any idea about what could be going on? Do you think if we keep all the traffic redirected to the new TPROXY server, the hit ratio would increase after some time?
Just in case you would need to look at the configuration of the new squid, it is pasted below. It is running on a Dell server with 2 X 2.7 GHz CPUs, each with 12 cores. Physical memory is 192 GB. I got the refresh patterns from a friend of mine, I think it's not optimized, and I hate to use things like (override-expire ignore-reload ignore-private ignore-auth) but I just wanted to try everything to improve the extremely low hit ratio.
Do you recommend some refresh patterns that are available online?
Thanks a lot in advance and sorry for my long message!
Best regards,
Firas
/etc/squid/squid.conf:
# Ports:
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# Allow access from your local networks:
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# Squid listening ports:
http_port 3128
http_port 3129 tproxy
# MEMORY CACHE OPTIONS:
cache_mem 143360 MB
maximum_object_size_in_memory 300 KB
memory_replacement_policy heap GDSF
# DISK CACHE OPTIONS:
minimum_object_size 16 KB
maximum_object_size 512 MB
cache_swap_low 97
cache_swap_high 99
cache_replacement_policy heap LFUDA
store_dir_select_algorithm least-load
# cache_dir aufs /mnt/cachedrive1 1342177 128 512
cache_dir aufs /mnt/cachedrive2 1426227 128 512
cache_dir aufs /mnt/cachedrive3 1426227 128 512
cache_dir aufs /mnt/cachedrive4 1426227 128 512
cache_dir aufs /mnt/cachedrive5 427008 128 256
# Logging Options:
cache_store_log none #/var/log/squid/store.log
access_log none
logfile_rotate 5
# WCCP Cnofiguration:
wccp2_router 10.10.255.1
wccp_version 2
wccp2_rebuild_wait on
wccp2_forwarding_method l2
wccp2_assignment_method mask
wccp2_return_method l2
wccp2_service dynamic 80
wccp2_service dynamic 90
wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80
wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=80
# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid
# Other Options:
cache_effective_user squid
cache_effective_group squid
ipcache_size 2048
ipcache_low 90
ipcache_high 95
fqdncache_size 2048
# Caching Options:
quick_abort_min 64 KB
quick_abort_max 64 KB
quick_abort_pct 95
reload_into_ims on
vary_ignore_expire on
pipeline_prefetch on
dns_v4_first on
# Refresh Patterns:
include /etc/squid/refresh.conf
# ToS/DSCP
# Mark local hits with 0x08
qos_flows local-hit=0x08
# Miscellaneous Options
memory_pools on
memory_pools_limit 512 MB
# Warning
high_page_fault_warning 2
high_response_time_warning 1500
*************
/etc/squid/refresh.conf:
# 1 year = 525600 mins, 1 month = 20160 mins, 1 day = 1440
# General:
refresh_pattern -i \.swf$ 20160 80% 20160 override-expire override-lastmod reload-into-ims ignore-reload ignore-private ignore-auth
refresh_pattern -i \.gif$ 20160 80% 20160 override-expire override-lastmod reload-into-ims ignore-reload ignore-private ignore-auth
refresh_pattern -i \.jpg$ 20160 80% 20160 override-expire override-lastmod reload-into-ims ignore-reload ignore-private ignore-auth
refresh_pattern -i \.jpeg$ 20160 80% 20160 override-expire override-lastmod reload-into-ims ignore-reload ignore-private ignore-auth
refresh_pattern -i \.exe$ 20160 80% 20160 override-expire override-lastmod reload-into-ims ignore-reload ignore-private ignore-auth
# Antivirus:
refresh_pattern avast.com.*\.vpx 1440 50% 525600 reload-into-ims
refresh_pattern (avgate|avira).*\.(idx|gz)$ 1440 90% 1440 ignore-reload
refresh_pattern kaspersky.*\.avc$ 1440 50% 525600 ignore-reload
refresh_pattern kaspersky 1440 50% 525600
refresh_pattern mbamupdates.com.*\.ref 1440 50% 525600 reload-into-ims
# Ads
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 20160 20% 20160 ignore-private override-expire ignore-reload ignore-auth
refresh_pattern ^.*safebrowsing.*google 20160 80% 20160 override-expire ignore-reload ignore-private ignore-auth
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 20160 80% 20160 override-expire ignore-reload ignore-private
refresh_pattern ytimg\.com.*\.jpg 20160 80% 20160 override-expire ignore-reload
refresh_pattern images\.friendster\.com.*\.(png|gif) 20160 80% 20160 override-expire ignore-reload
refresh_pattern garena\.com 20160 80% 20160 override-expire reload-into-ims
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 20160 80% 20160 override-expire ignore-reload
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 20160 80% 20160 override-expire override-lastmod
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 20160 80% 20160 reload-into-ims override-expire ignore-private
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\. 20160 80% 20160 reload-into-ims ignore-reload override-expire
refresh_pattern ^http:\/\/www.onemanga.com.*\/ 20160 80% 20160 reload-into-ims ignore-reload override-expire
refresh_pattern ^http://v\.okezone\.com/get_video\/([a-zA-Z0-9]) 20160 80% 20160 override-expire ignore-reload ignore-private ignore-auth override-lastmod
# Facebook Images:
refresh_pattern -i \.facebook.com.*\.(jpg|png|gif) 20160 80% 20160 ignore-reload override-expire
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3) 20160 80% 20160 ignore-reload override-expire
refresh_pattern static\.ak\.fbcdn\.net*\.(jpg|gif|png) 20160 80% 20160 ignore-reload override-expire
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png) 20160 80% 20160 ignore-reload override-expire
#Files
refresh_pattern -i \.(3gp|7z|ace|asx|bin|deb|divx|dvr-ms|ram|rpm|exe|inc|cab|qt) 20160 80% 20160 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)|arj|lha|lzh|zip|tar) 20160 80% 20160 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|dat|ad|txt|dll) 20160 80% 20160 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(avi|ac4|mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rm|r(a|p)m|snd|vob) 20160 80% 20160 override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(pp(t?x)|s|t)|pdf|rtf|wax|wm(a|v)|wmx|wpl|cb(r|z|t)|xl(s?x)|do(c?x)|flv|x-flv) 20160 80% 20160 override-expire override-lastmod reload-into-ims
# Defaults:
refresh_pattern ^ftp: 1440 90% 201600 override-lastmod reload-into-ims
refresh_pattern ^gopher: 1440 0% 1440 override-lastmod reload-into-ims
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 80% 20160 override-lastmod reload-into-ims
Received on Fri Aug 09 2013 - 00:28:58 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 09 2013 - 12:00:06 MDT