Hello,
I wanted to get some suggestions on my current setup and ask if i'm
expecting too much out of my hardware for the traffic load.
it appears i am running into out of memory problems and hitting swap,
squid processes then end up dying out.
[root_at_squid01 squid]# dmesg | grep "page allocation"
swapper: page allocation failure. order:1, mode:0x20
kswapd0: page allocation failure. order:1, mode:0x20
kswapd0: page allocation failure. order:1, mode:0x20
kswapd0: page allocation failure. order:1, mode:0x20
kswapd0: page allocation failure. order:1, mode:0x20
kswapd0: page allocation failure. order:1, mode:0x20
kswapd0: page allocation failure. order:1, mode:0x20
kswapd0: page allocation failure. order:1, mode:0x20
kswapd0: page allocation failure. order:1, mode:0x20
kswapd0: page allocation failure. order:1, mode:0x20
squid: page allocation failure. order:1, mode:0x20
I currently have 2 dell 2950's running squid 3.1.10, we generally see
~200Mbps total.
box stats are:
2x Six-Core AMD Opteron(tm) Processor 2427 @2.2Ghz
32gb ram
1x Intel E1G44HTBLK Server Adapter I340-T4 all 4 ports bonded with 802.3ad
/var/spool/squid 512G raid5
The boxes are both running 10 squid processes on different ports in
transparent mode
I am using iptables rules to redirect traffic to the different squid ports ex:
22M 1351M REDIRECT tcp -- * * 10.96.0.0/15
0.0.0.0/0 statistic mode random probability 0.100000 tcp
dpt:80 redir ports 3120
20M 1216M REDIRECT tcp -- * * 10.96.0.0/15
0.0.0.0/0 statistic mode random probability 0.100000 tcp
dpt:80 redir ports 3121
18M 1094M REDIRECT tcp -- * * 10.96.0.0/15
0.0.0.0/0 statistic mode random probability 0.100000 tcp
dpt:80 redir ports 3122
16M 985M REDIRECT tcp -- * * 10.96.0.0/15
0.0.0.0/0 statistic mode random probability 0.100000 tcp
dpt:80 redir ports 3123
15M 886M REDIRECT tcp -- * * 10.96.0.0/15
0.0.0.0/0 statistic mode random probability 0.100000 tcp
dpt:80 redir ports 3124
13M 798M REDIRECT tcp -- * * 10.96.0.0/15
0.0.0.0/0 statistic mode random probability 0.100000 tcp
dpt:80 redir ports 3125
12M 718M REDIRECT tcp -- * * 10.96.0.0/15
0.0.0.0/0 statistic mode random probability 0.100000 tcp
dpt:80 redir ports 3126
11M 647M REDIRECT tcp -- * * 10.96.0.0/15
0.0.0.0/0 statistic mode random probability 0.100000 tcp
dpt:80 redir ports 3127
9631K 582M REDIRECT tcp -- * * 10.96.0.0/15
0.0.0.0/0 statistic mode random probability 0.100000 tcp
dpt:80 redir ports 3128
8668K 524M REDIRECT tcp -- * * 10.96.0.0/15
0.0.0.0/0 statistic mode random probability 0.100000 tcp
dpt:80 redir ports 3129
sysctl.conf:
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.netfilter.nf_conntrack_max = 196608
example squid config file: squid-p3120.conf
acl adminnet src 10.3.25.0/24
acl proxyvlan src 10.5.22.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow manager adminnet
http_access allow manager proxyvlan
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localhost
http_access allow customers
http_access deny all
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid/p3120
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
hosts_file /etc/hosts
dns_nameservers 10.5.7.13 10.5.7.23
cache_replacement_policy heap LFUDA
cache_swap_low 90
cache_swap_high 95
maximum_object_size_in_memory 96 KB
maximum_object_size 100 MB
cache_dir aufs /var/spool/squid/p3120 204800 16 256
cache_mem 100 MB
logfile_rotate 10
memory_pools off
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off
url_rewrite_children 20
pid_filename /var/run/squid-p3120.pid
unique_hostname squid01-p3120.eng.XXXXXX
visible_hostname squid.eng.XXXXXXX
icp_port 3100
tcp_outgoing_address 10.5.22.101
emulate_httpd_log on
Anyone have any suggestions on whether or not i'm doing something
terribly wrong her or missing some kind of performance tuning?
Received on Fri Aug 16 2013 - 18:45:31 MDT
This archive was generated by hypermail 2.2.0 : Tue Aug 20 2013 - 12:00:05 MDT