Re: [squid-users] poor performance

From: Tek Bahadur Limbu <[email protected]>
Date: Fri, 31 Aug 2007 00:26:54 +0545

Hi Lutieri,

Lutieri G. wrote:
> Hi!
>
> Today i'm running squid 2.5stable9 in a debian sarg box SUN v20z. All
> works very nice. Although, i need to migrate squid to a new server SUN
> x4100 running FreeBSD. And now begin my problems.
> I was talking about my performance problems with freebsd mailing list.
> But we can't find a solution for my problem described below:
>
> First of all, i'll paste some informations about my new server.
>
> #uname -a
> FreeBSD sd.xyz.com.br 6.2-STABLE FreeBSD 6.2-STABLE #0: Wed Aug 29
> 10:26:18 BRT 2007
> root@sd.xyz.com.br:/usr/src/sys/amd64/compile/LGB amd64
>
> #mount
> /dev/da0s1a on / (ufs, local)
> devfs on /dev (devfs, local)
> /dev/da0s1e on /tmp (ufs, local, soft-updates)
> /dev/da0s1f on /usr (ufs, local, soft-updates)
> /dev/da0s1d on /var (ufs, local, soft-updates)
> /dev/da0s2a on /cache (ufs, local, soft-updates)
> devfs on /var/chroot/named/dev (devfs, local)
>
>
> #df -h
> Filesystem Size Used Avail Capacity Mounted on
> /dev/da0s1a 496M 88M 368M 19% /
> devfs 1.0K 1.0K 0B 100% /dev
> /dev/da0s1e 496M 538K 456M 0% /tmp
> /dev/da0s1f 9.4G 4.5G 4.1G 52% /usr
> /dev/da0s1d 4.7G 1.5G 2.9G 34% /var
> /dev/da0s2a 9.4G 89M 8.6G 1% /cache
> devfs 1.0K 1.0K 0B 100% /var/chroot/named/dev
>
> My kernel was compiled in the day before yesterday with some tunning options:
>
> Commented:
> options INET6 # IPv6
>
> - included:
> options SYSVSHM #SYSV-style shared memory
> options SYSVMSG #SYSV-style message queues
> options SYSVSEM #SYSV-style semaphores
> options SMP # Symmetric
>
> options HZ=2000
> options DEVICE_POLLING # Soft intrrupt's
> options VFS_AIO
> options MAXDSIZ=(4096UL*1024*1024) # Conf para 4Gb
> options MAXSSIZ=(256UL*1024*1024) # E aqui vai pra 128
> options DFLDSIZ=(4096UL*1024*1024) # 4096 tb!
>
> # Message Queues [Based on Squid FAQ]
>
> option MSGMNB=262144 # Number of bytes in a queue
> option MSGMNI=128 # Need to be at least 2 times the number of
> cache_dir entries in the squid
> option MSGSSZ=256 # Size of the message segment in a queue
> option MSGTQL=16384 # Number of max queue identifiers versus 128
> option MSGSEG=2048 # Number of messages segments
>
> # Shared Memory [Based on Squid FAQ]
> options SHMMNI=256 # The half of the message queues at least [1 for
> each cache_dir]
> options SHMALL=65536 #
> options SHMMAX=(128UL*1024*1024) #
> options SHMSEG=128

I am not really an expert in FreeBSD kernel compilation and tweaking.
I am using the following kernel parameters in one of my FreeBSD Squid box:

options DEVICE_POLLING
options HZ=1000

options SHMSEG=128
options SHMMNI=256
options SHMMAX=50331648 # max shared memory segment size (bytes)
options SHMALL=16384 # max amount of shared memory (pages)
options MSGMNB=16384 # max # of bytes in a queue
options MSGMNI=48 # number of message queue identifiers
options MSGSEG=768 # number of message segments
options MSGSSZ=64 # size of a message segment
options MSGTQL=4096 # max messages in system

By the way, what do you have in the following sysctl tunables?

kern.maxusers
kern.ipc.somaxconn
kern.maxfiles
kern.maxfilesperproc
kern.ipc.nmbclusters

>
>
> In squid.conf file :
>
> cache_dir diskd /usr/local/squid/cache/cache1 5120 16 256 Q1=128 Q2=100
> cache_dir diskd /usr/local/squid/cache/cache2 5120 16 256 Q1=128 Q2=100

You can try something like:

cache_dir diskd /usr/local/squid/cache/cache1 3600 16 256 Q1=72 Q2=64
cache_dir diskd /usr/local/squid/cache/cache2 3600 16 256 Q1=72 Q2=64

But since you have 2 hard drives, I think the following will be much better:

cache_dir diskd /usr/local/squid/cache/cache1 5120 16 256 Q1=72 Q2=64
cache_dir diskd /cache 7168 16 256 Q1=72 Q2=64

>
> cache_replacement_policy heap LFUDA
>
> memory_replacement_policy heap GDSF
>
> cache_mem 1536 MB

For a start, you can try:

cache_mem 128 MB

>
> cache_swap_low 65
> cache_swap_high 80

cache_swap_low 90
cache_swap_high 92

>
> maximum_object_size 64 MB
> minimum_object_size 0 KB
> maximum_object_size_in_memory 2560 Kb

maximum_object_size_in_memory 32 Kb

>
> #squid -v
> Squid Cache: Version 2.6.STABLE14
> configure options: '--bindir=/usr/local/sbin'
> '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid'
> '--libexecdir=/usr/local/libexec/squid'
> '--localstatedir=/usr/local/squid' '--sysconfdir=/usr/local/etc/squid'
> '--enable-removal-policies=lru heap' '--disable-linux-netfilter'
> '--disable-linux-tproxy' '--disable-epoll' '--enable-auth=basic ntlm
> digest' '--enable-basic-auth-helpers=DB NCSA PAM MSNT SMB YP'
> '--enable-digest-auth-helpers=password'
> '--enable-external-acl-helpers=ip_user session unix_group
> wbinfo_group' '--enable-ntlm-auth-helpers=SMB'
> '--enable-negotiate-auth-helpers=squid_kerb_auth' '--with-pthreads'
> '--enable-storeio=ufs diskd null aufs' '--enable-delay-pools'
> '--enable-snmp' '--disable-carp' '--enable-ssl' '--with-openssl=/usr'
> '--enable-cache-digests' '--enable-arp-acl'
> '--enable-follow-x-forwarded-for' '--with-large-files'
> '--enable-large-cache-files' '--enable-err-languages=Azerbaijani
> Bulgarian Catalan Czech Danish Dutch English Estonian Finnish French
> German Greek Hebrew Hungarian Italian Japanese Korean Lithuanian
> Polish Portuguese Romanian Russian-1251 Russian-koi8-r Serbian
> Simplify_Chinese Slovak Spanish Swedish Traditional_Chinese Turkish'
> '--enable-default-err-language=English' '--enable-ntlm-fail-open'
> '--prefix=/usr/local' '--mandir=/usr/local/man'
> '--infodir=/usr/local/info/' 'amd64-portbld-freebsd6.2' 'CC=cc'
> 'CFLAGS=-O2 -fno-strict-aliasing -pipe -I/usr/include' 'CPPFLAGS='
> 'LDFLAGS= -rpath=/usr/lib:/usr/local/lib -L/usr/lib'
> 'build_alias=amd64-portbld-freebsd6.2'
> 'host_alias=amd64-portbld-freebsd6.2'
> 'target_alias=amd64-portbld-freebsd6.2'
>

 From the above, I see that you installed Squid from FreeBSD ports which
is fine.

But just in case you want to install from source, you can try the
following compilation parameters:

  '--bindir=/usr/local/sbin' '--sysconfdir=/usr/local/etc/squid'
'--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid'
'--localstatedir=/usr/local/squid' '--enable-removal-policies=heap,lru'
'--enable-storeio=ufs,coss,diskd,aufs,null' '--enable-delay-pools'
'--enable-snmp' '--enable-cache-digests' '--enable-underscores'
'--enable-useragent-log' '--with-large-files'
'--enable-large-cache-files' '--prefix=/usr/local'
'--enable-follow-x-forwarded-for' '--disable-ident-lookups'
'--with-maxfd=8192' '--enable-kqueue'

But again, your needs and mileage may differ. 1 factor which will help
you in your future compilations is that if you don't understand what the
configure options does, then it is better not to use it.

>
> My new box is a X4100 SUN.
> With 4 gigabits NIC.
> Two SAS disks.
> 4Gb RAM

Seems like you got yourself a very decent server!

>
> I tryed use with and without RAID but I got the same problem.
>
> Let me explain my environment:
> All my users use IE6 and they have proxy config like this:
> host: proxy.xyz.com.br
> port 3128
>
> Once i need to migrate all users to my new server with FreeBSD ,I only
> change the IP address of proxy register in DNS server.
> Ok. After two minutes i can see some users in the new server log(access.log).
>
> After 10 minutes squidclient mgr:info return me 70 clients and the
> speed connection goes very low for the users.

How do you get your bandwidth and how much is your bandwidth?

Also are you running any kind of firewall on your Squid box?

Can you post your squid.conf and also the output of "squidclient
mgr:info" and "squidclient mgr:5min | grep client"

>
> I commented out all acl's and authentication scheme in squid conf
> file. Running squid i'm monitoring with systat -v and iostat but CPU
> and disks is working almost all time as idle.

You are saying that the performance of Squid does not improve even after
commenting out all your ACLs? If so, then your ACLs are not the cause of
your problem.

>
> cache.log doesn't show me errors. only this messages:
> 2007/08/30 08:13:31| httpAccept: FD 39: accept failure: (53) Software
> caused connection abort
> 2007/08/30 08:13:32| httpAccept: FD 39: accept failure: (53) Software
> caused connection abort
> 2007/08/30 08:13:32| httpAccept: FD 39: accept failure: (53) Software
> caused connection abort
> 2007/08/30 08:13:32| httpAccept: FD 39: accept failure: (53) Software
> caused connection abort
> 2007/08/30 08:13:32| httpAccept: FD 39: accept failure: (53) Software
> caused connection abort
> 2007/08/30 08:13:32| httpAccept: FD 39: accept failure: (53) Software
> caused connection abort
> 2007/08/30 08:13:32| httpAccept: FD 39: accept failure: (53) Software
> caused connection abort
> 2007/08/30 08:13:32| httpAccept: FD 39: accept failure: (53) Software
> caused connection abort
> 2007/08/30 08:13:32| httpAccept: FD 39: accept failure: (53) Software
> caused connection abort
> 2007/08/30 08:13:50| httpAccept: FD 39: accept failure: (53) Software
> caused connection abort
>
> I've read that is harmless.

Most probably, they are harmless and are probably caused by your clients
browsers aborting requests.

>
> But the low speed continue.
> This is not a DNS problem. I've tested.

Are you running a local caching name server?

 From your Squid box, what does a traceroute to yahoo.com look like?

What is your query time when you:

dig www.unknownsite.com

Hope it helps.

Thanking you.....

>
> Any suggestion?!?!
>
> tanx
>
>

-- 
With best regards and good wishes,
Yours sincerely,
Tek Bahadur Limbu
(TAG/TDG Group)
Jwl Systems Department
Worldlink Communications Pvt. Ltd.
Jawalakhel, Nepal
http://www.wlink.com.np
Received on Thu Aug 30 2007 - 12:42:25 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT