> mikie_at_x.org.pl wrote:
>>> mikie_at_x.org.pl wrote:
>>>> Hi all,
>>>>
>>>> I'm going crazy with squid configuration. I've been trying to make it
work
>>>> fine for couple of weeks and finally gave up. Please, help! :)
>>>>
>>>> The problem is that squid responses are very very slow. I can notice
a significant delays even when I use squid by myself (only my browser
using
>>>> it) and if I let some more people use it as transparent proxy, there is
>>>> barely any response from squid on all machines.
>>>>
>>>> I install squid on slackware 12.2. Already tried few versions
(2.7.STABLE5,2.7.STABLE6, 3.0.STABLE11) and many compile parameters.
Let's
>>>> say I do:
>>>>
>>>> ./configure \
>>>> --prefix=/usr \
>>>> --includedir=/usr/include \
>>>> --datadir=/usr/share \
>>>> --bindir=/usr/sbin \
>>>> --libexecdir=/usr/lib/squid \
>>>> --localstatedir=/var \
>>>> --sysconfdir=/etc/squid
>>>>
>>>> I have the other instance of squid on other machine which works fine.
But
>>>> even when I move the config from this machine to my slackware box it
does
>>>> the same way - SLOW.
>>>>
>>>> System configuration is:
>>>>
>>>> # uname -a
>>>> Linux ninja 2.6.27.7-smp #2 SMP Thu Nov 20 22:32:43 CST 2008 i686
Intel(R)
>>>> Xeon(TM) CPU 3.40GHz GenuineIntel GNU/Linux
>>>>
>>>> # free -m
>>>> total used free shared buffers
>>>> cached
>>>> Mem: 3036 666 2370 0 356 203
>>>> -/+ buffers/cache: 107 2929
>>>> Swap: 4102 0 4102
>>>>
>>>> # df -h
>>>> Filesystem Size Used Avail Use% Mounted on
>>>> /dev/root 30G 6.8G 22G 24% /
>>>> tmpfs 1.5G 0 1.5G 0% /dev/shm
>>>>
>>>>
>>>>
>>>> This is what I call SLOW:
>>>>
>>>> $ time w3m -dump www.slackware.org
>>>> [...]
>>>> real 3m9.045s
>>>> ^^^^^^^^ !!!
>>>> user 0m0.032s
>>>> sys 0m0.008s
>>>>
>>>>
>>> Where was this request run from (the proxy itself, or another
>>> computer)? Was this request intercepted by the proxy, and if so, how?
>>
>> It was run from another computer. Intercepted by proxy.
>>
>> The configuration is something like:
>>
>>
>> Internet
>> |
>> eth0 |
>> |-------------|
>> | Proxy Box |
>> | ninja |
>> |-------------|
>> eth1 |10.10.0.26
>> |
>> |
>> | 10.10.0.0/22 network
>> |
>> |
>> Client (10.10.1.4)
>>
>> There is iptables rule at proxy box:
>>
>> iptables -A PREROUTING -t nat -i eth1 -s 10.10.0.0/22 -p tcp --dport 80 -j
>> REDIRECT --to-port 3128
>>
>>
>>> What does the access log look like after this request?
>>
>> In access.log around this request there was :
>>
[... cut ...]
>>
>>> Any additional
>>> entries in the cache log?
>>
>> 2009/02/12 15:14:49| NOTICE: no explicit transparent proxy support
enabled. Assuming getsockname() works on intercepted connections
2009/02/12 15:14:49| WARNING: Forwarding loop detected for:
>> Client: 10.10.0.26 http_port: 10.10.0.26:3128
>> GET
>> http://10.10.0.26:3128/40E800104644424D5953464849455343475448506C000001BD6600000001760000003DEB000530BCC2C7CC
HTTP/1.0
>> Via: 1.0 ninja:3128 (squid/2.7.STABLE6)
>> X-Forwarded-For: 10.10.2.191
>> Host: 10.10.0.26:3128
>> Cache-Control: max-age=259200
>> Connection: keep-alive
>>
>>
>> Hmmm... I didn't find such a records in cache.log before ("no explicit
transparent proxy supported"). May be because I compiled squid with
"--enable-linux-netfilter" that time. Anyway it worked the same way
then.
>>
>
> That message only occurs when interception support is DISABLED during
build and attempted to be used at run-time.
>
> It's probably causing the forwarding loops, which are guaranteed speed
killers.
Sorry guys for giving misleading data while asking for help.
The problem still occurs and neither "forwarding loops" nor "no explicit
transparent proxy support" was the source of the problem.
I got rid of both of those by:
1. compiling squid with "--enable-linux-netfilter"
2. modifying iptables rule into:
iptables -A PREROUTING -t nat -i eth1 -s 10.10.0.0/22 -d ! 10.10.0.0/22 -p
tcp --dport 80 -j REDIRECT --to-port 3128
[ the problem with loops was caused by requests to local web servers (in
10.10.0.0/22 network) which shouldn't go through squid ]
So now there is no messages in cache.log during "high load".
I don't think the problem is DNS related as someone suggested (average dns
query time is near 0).
Any other suggestions? May be squid debug log would help? If so I can run
squid with "-k debug" and post a fragment.
Thanks for your attention!
Mike
Received on Fri Feb 13 2009 - 13:10:42 MST
This archive was generated by hypermail 2.2.0 : Fri Feb 13 2009 - 12:00:02 MST