RE: [squid-users] low squid performance?

From: Chris Robertson <crobertson@dont-contact.us>
Date: Wed, 22 Feb 2006 15:11:34 -0900

> -----Original Message-----
> From: Tomasz Kolaj [mailto:admin@abp.pl]
> Sent: Wednesday, February 22, 2006 2:24 PM
> To: squid-users@squid-cache.org
> Subject: Re: [squid-users] low squid performance?
>
>
> Dnia środa, 22 lutego 2006 23:57, Chris Robertson napisał:
> [cut]
> >
> > The answer to that question is dependant on a whole host of
> > variables, such
> > as ACLs used, whether it's a proxy or an accelerator, the
> > types of clients
> > accessing it (client latency has a dramatic effect on CPU
> > usage), types of
> > content retrieved, how your cache_dirs are defined, etc.
> >
> > Various things that can reduce Squid performance:
> >
> #^ remove wmf after security leaks on ms wmf file format
> acl mGG url_regex ^http://adserver.gadu[\-]?gadu.pl/.*$

If I'm reading the regex right, you could change this to...

acl mGG dstdomain .adserver.gadugadu.pl .adserver.gadu-gadu.pl

...and you might see a reduction in CPU usage. I'm not sure how much of one though...

> redirector_access deny !mGG
> redirector_bypass on
> redirect_program /home/gg_rewrite
> #^redirector ro replece banner in popular polish comunicator

[cut]

> > * High latency clients
>
> What do you mean "high latecy clients"?
>

The majority of my customers have a network path like:

client->squid->satellite->squid->internet

100 requests/second put my CPU usage in the high 80s (on a 32 bit Intel Xeon 3.00GHz).

[cut]

> aragorn squid # squid -v
> Squid Cache: Version 2.5.STABLE12
> configure options: --prefix=/usr --bindir=/usr/bin
> --exec-prefix=/usr
> --sbindir=/usr/sbin --localstatedir=/var --mandir=/usr/share/man
> --sysconfdir=/etc/squid --libexecdir=/usr/lib/squid
> --enable-auth=basic,digest,ntlm --enable-removal-policies=lru,heap
> --enable-linux-netfilter --enable-truncate --with-pthreads
> --enable-epool

Hopefully that's just a misspelling. ;o)

> --disable-follow-x-forwarded-for --host=x86_64-pc-linux-gnu
> --disable-snmp
> --disable-ssl --enable-underscores
> --enable-storeio='diskd,coss,aufs,null'
> --enable-async-io
>
>
> fragmenst of squid.conf:
> -- cut --
> http_port [ip:port]
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
> cache_mem 512 MB
> maximum_object_size 16384 KB
> maximum_object_size_in_memory 16 KB
> cache_replacement_policy heap GDSF
> memory_replacement_policy heap GDSF
> cache_dir aufs /var/cache/squid/dysk1 30000 32 256
> cache_dir aufs /var/cache/squid/dysk2 30000 32 256
> cache_access_log /var/log/squid/access.log
> cache_store_log none
> mime_table /etc/squid/mime.conf
> redirect_children 15
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> auth_param basic casesensitive off
> request_header_max_size 20 KB
> refresh_pattern -i (.*jpg$|.*gif$|.*png$) 0 50% 28800
> refresh_pattern -i (.*html$|.*htm|.*shtml|.*php) 0 20% 1440
> refresh_pattern .               0       20%     4320
> half_closed_clients off
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl administracja src 82.160.43.0/24
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563
> acl Safe_ports port 80          # http
> acl Safe_ports port 21          # ftp
> acl Safe_ports port 443 563     # https, snews
> acl Safe_ports port 70          # gopher
> acl Safe_ports port 210         # wais
> acl Safe_ports port 1025-65535  # unregistered ports
> acl Safe_ports port 280         # http-mgmt
> acl Safe_ports port 488         # gss-http
> acl Safe_ports port 591         # filemaker
> acl Safe_ports port 777         # multiling http
> acl Safe_ports port 901         # SWAT
> acl purge method PURGE
> acl CONNECT method CONNECT
> cache_mgr admin
> http_access allow manager localhost
> http_access allow manager administracja
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> acl badURL url_regex -i .wmf$
> acl mGG url_regex ^http://adserver.gadu[\-]?gadu.pl/.*$
> redirector_access deny !mGG
> redirector_bypass on
> redirect_program /home/gg_rewrite
> acl spywaredomains dstdomain src "/etc/squid/spywaredomains.txt"
> acl our_networks src 82.160.43.0/24 82.160.129.0/24
> http_access deny badURL
> http_access deny spywaredomains
> http_access allow our_networks
> http_access allow localhost
> http_access deny all
> http_reply_access allow all
> icp_access allow all
> cache_mgr admin@abp.pl
> visible_hostname w3cache.abp.pl
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> dns_testnames onet.pl wp.pl microsoft.com abp.pl
> logfile_rotate 10
> append_domain .abp.pl
> forwarded_for off
> log_icp_queries off
> cachemgr_passwd [cut] all
> buffered_logs on
> coredump_dir /var/cache/squid
> store_dir_select_algorithm least-load
> -- cut --
>
>
> Thanks for advice.
> --
> Tomasz Kolaj
>

I don't see any other likely problems (not saying there aren't any).

Chris
Received on Wed Feb 22 2006 - 17:11:41 MST

This archive was generated by hypermail pre-2.1.9 : Wed Mar 01 2006 - 12:00:03 MST