[squid-users] Re: Strange issues with squid

From: Ryan Thoryk <[email protected]>
Date: Wed, 16 Jan 2008 12:14:16 -0600

Forgot one important thing:

/etc/sysctl.conf

net.inet.icmp.icmplim=0
net.inet.tcp.msl=3000
kern.maxfilesperproc=65536
kern.maxfiles=262144
kern.ipc.maxsockets=131072
kern.ipc.somaxconn=1024
net.inet.tcp.recvspace=16384
net.inet.tcp.sendspace=16384
kern.ipc.nmbclusters=32768
net.inet.ip.forwarding=1
machdep.hyperthreading_allowed=1

Ryan Thoryk wrote:
> We've had a transparent wccp2-based squid cache implementation in place
> for about a month now (we're an ISP), normally serving about 2000 active
> clients among 2 servers, and our performance is very good (I've done
> large amounts of tweaking), but recently we've been getting complaints
> about sites not loading completely (which I also experienced at home
> since I use squid there) where about half of the page loads and the
> browser hangs (happens on multiple browsers; sites like gmail, etc),
> script-related file uploads to certain sites fail (for example, pic
> uploads to myspace), etc. I was thinking that the page hanging issue
> was probably related to the cache not being able to fetch an embedded
> object on the page, and causing the page load to hang halfway through
> until the object times out (normally a browser would render as much as
> it could, even if objects time out).
>
> So any ideas on this would be greatly appreciated. We were thinking
> that if the full-scale transparent wccp2 redirection doesn't work out,
> that we could just redirect the most heavily used IP netblocks (such as
> google, youtube, microsoft, yahoo, myspace, etc), but we'd possibly
> still have the same issues.
>
> Here's our config info:
>
> We're running 2 FreeBSD 6.2 machines with Squid 2.6-STABLE17. Both
> machines are 2.8ghz P4's with hyperthreading enabled, 4GB RAM, and 2
> dedicated 500GB SATA drives in a software raid0 config for the cache
> (system drive is separate). We've had to shrink the max cache size on
> each to 256gb due to memory.
>
> The first machine is handling wccp2 redirects from 4 cisco routers, and
> the second is handling redirects from multiple cisco switches.
>
> Here's the relevant squid config info:
>
> build params:
> ---------
> CFLAGS="-I/usr/local/include -L/usr/local/lib -march=pentium4 -O3 -pipe
> -fomit-frame-pointer -funroll-loops -ffast-math -fno-exceptions"
> export CFLAGS
> ./configure --enable-async-io --enable-icmp --enable-useragent-log
> --enable-snmp --enable-cache-digests --enable-follow-x-forwarded-for
> --enable-storeio=aufs,ufs,coss,null --enable-removal-policies="heap,lru"
> --with-maxfd=16384 --enable-poll --disable-ident-lookups
> --enable-large-cache-files --with-aufs-threads=64 --with-large-files
> --enable-delay-pools --enable-htcp --enable-kqueue
> ---------
> non-default squid.conf stuff:
>
> ---------
> http_port 3128 transparent
> cache_mem 128 MB
> maximum_object_size_in_memory 1 MB
> cache_replacement_policy heap LFUDA
> cache_dir aufs /var/cache/aufs 256000 32 512
> maximum_object_size 100 MB
> cache_swap_low 94
> cache_swap_high 95
> buffered_logs on
> quick_abort_min 0 KB
> quick_abort_max 0 KB
> extension_methods SEARCH PROPFIND PROPPATCH MKCOL MOVE BMOVE DELETE
> BDELETE REPORT MERGE MKACTIVITY CHECKOUT
> half_closed_clients off
> ipcache_size 8192
> ipcache_low 90
> ipcache_high 95
> fqdncache_size 8192
> memory_pools_limit 50 MB
> uri_whitespace allow
> ---------
>
> We're using IPFW port redirection from 80 to 3128, and with the FreeBSD
> kernel, we're mostly using the SMP kernel generic options, with these
> added:
> options PERFMON
> options IPFIREWALL
> options IPFIREWALL_FORWARD
> options IPSTEALTH
> options HZ=1000
> options NET_WITH_GIANT
>
>
> Ryan Thoryk
> System Administrator
> onShore Networks, LLC
>
>
Received on Wed Jan 16 2008 - 11:14:36 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST