El 16/08/13 15:45, inittab escribió:
> Hello,
>
> I wanted to get some suggestions on my current setup and ask if i'm
> expecting too much out of my hardware for the traffic load.
>
> it appears i am running into out of memory problems and hitting swap,
> squid processes then end up dying out.
> [root_at_squid01 squid]# dmesg | grep "page allocation"
> swapper: page allocation failure. order:1, mode:0x20
> kswapd0: page allocation failure. order:1, mode:0x20
> kswapd0: page allocation failure. order:1, mode:0x20
> kswapd0: page allocation failure. order:1, mode:0x20
> kswapd0: page allocation failure. order:1, mode:0x20
> kswapd0: page allocation failure. order:1, mode:0x20
> kswapd0: page allocation failure. order:1, mode:0x20
> kswapd0: page allocation failure. order:1, mode:0x20
> kswapd0: page allocation failure. order:1, mode:0x20
> kswapd0: page allocation failure. order:1, mode:0x20
> squid: page allocation failure. order:1, mode:0x20
>
>
>
> I currently have 2 dell 2950's running squid 3.1.10, we generally see
> ~200Mbps total.
>
> box stats are:
> 2x Six-Core AMD Opteron(tm) Processor 2427 @2.2Ghz
> 32gb ram
> 1x Intel E1G44HTBLK Server Adapter I340-T4 all 4 ports bonded with 802.3ad
> /var/spool/squid 512G raid5
>
> The boxes are both running 10 squid processes on different ports in
> transparent mode
> I am using iptables rules to redirect traffic to the different squid ports ex:
> 22M 1351M REDIRECT tcp -- * * 10.96.0.0/15
> 0.0.0.0/0 statistic mode random probability 0.100000 tcp
> dpt:80 redir ports 3120
> 20M 1216M REDIRECT tcp -- * * 10.96.0.0/15
> 0.0.0.0/0 statistic mode random probability 0.100000 tcp
> dpt:80 redir ports 3121
> 18M 1094M REDIRECT tcp -- * * 10.96.0.0/15
> 0.0.0.0/0 statistic mode random probability 0.100000 tcp
> dpt:80 redir ports 3122
> 16M 985M REDIRECT tcp -- * * 10.96.0.0/15
> 0.0.0.0/0 statistic mode random probability 0.100000 tcp
> dpt:80 redir ports 3123
> 15M 886M REDIRECT tcp -- * * 10.96.0.0/15
> 0.0.0.0/0 statistic mode random probability 0.100000 tcp
> dpt:80 redir ports 3124
> 13M 798M REDIRECT tcp -- * * 10.96.0.0/15
> 0.0.0.0/0 statistic mode random probability 0.100000 tcp
> dpt:80 redir ports 3125
> 12M 718M REDIRECT tcp -- * * 10.96.0.0/15
> 0.0.0.0/0 statistic mode random probability 0.100000 tcp
> dpt:80 redir ports 3126
> 11M 647M REDIRECT tcp -- * * 10.96.0.0/15
> 0.0.0.0/0 statistic mode random probability 0.100000 tcp
> dpt:80 redir ports 3127
> 9631K 582M REDIRECT tcp -- * * 10.96.0.0/15
> 0.0.0.0/0 statistic mode random probability 0.100000 tcp
> dpt:80 redir ports 3128
> 8668K 524M REDIRECT tcp -- * * 10.96.0.0/15
> 0.0.0.0/0 statistic mode random probability 0.100000 tcp
> dpt:80 redir ports 3129
>
> sysctl.conf:
> net.ipv4.ip_forward = 0
> net.ipv4.conf.default.rp_filter = 1
> net.ipv4.conf.default.accept_source_route = 0
> kernel.sysrq = 0
> kernel.core_uses_pid = 1
> net.ipv4.tcp_syncookies = 1
> net.bridge.bridge-nf-call-ip6tables = 0
> net.bridge.bridge-nf-call-iptables = 0
> net.bridge.bridge-nf-call-arptables = 0
> kernel.msgmnb = 65536
> kernel.msgmax = 65536
> kernel.shmmax = 68719476736
> kernel.shmall = 4294967296
> net.netfilter.nf_conntrack_max = 196608
>
>
> example squid config file: squid-p3120.conf
> acl adminnet src 10.3.25.0/24
> acl proxyvlan src 10.5.22.0/24
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access allow manager adminnet
> http_access allow manager proxyvlan
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny to_localhost
> http_access allow localhost
> http_access allow customers
> http_access deny all
> hierarchy_stoplist cgi-bin ?
> coredump_dir /var/spool/squid/p3120
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> hosts_file /etc/hosts
> dns_nameservers 10.5.7.13 10.5.7.23
> cache_replacement_policy heap LFUDA
> cache_swap_low 90
> cache_swap_high 95
> maximum_object_size_in_memory 96 KB
> maximum_object_size 100 MB
> cache_dir aufs /var/spool/squid/p3120 204800 16 256
> cache_mem 100 MB
> logfile_rotate 10
> memory_pools off
> quick_abort_min 0 KB
> quick_abort_max 0 KB
> log_icp_queries off
> client_db off
> buffered_logs on
> half_closed_clients off
> url_rewrite_children 20
> pid_filename /var/run/squid-p3120.pid
> unique_hostname squid01-p3120.eng.XXXXXX
> visible_hostname squid.eng.XXXXXXX
> icp_port 3100
> tcp_outgoing_address 10.5.22.101
> emulate_httpd_log on
>
You should try not using any RAID.
Just use many cache_dir
Received on Tue Aug 20 2013 - 13:37:52 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 20 2013 - 12:00:05 MDT