Problem: internet navigation is extremely slow.
I've used squid from 1999 with no problems at all; during last month,
one proxy gave me a lot of troubles.
First we upgraded the system, from RHEL5.x - squid 2.6.x to RHEL6.x
squid3.4.x with no improvements.
Second, we have bypassed the Trend Micro Interscan proxy (the parent
proxy) without success.
Third: I do not know what to do.
So what should be done?
Some configuration improvements (sysctl/squid)?
Could it be a network related problem? (bandwidth/delay/MTU/other)?
Pls., give me some hints. My boss wants to use bluecoat. I want to
solve the issue.
Regards
Michele Masè
Here are the configuration and some info:
Environment:
1Gbit lan; 200Mbit internet bandwidth; Squid 3.4.0.2 from
http://www1.ngtech.co.il/rpm/centos/6/$basearch, 2GB ram + 2x xeon
3GHZ, RHEL6, guest on VMware ESXi
The server is more than 80% idle, more than 1GB free memory, no iowait.
Configuration: see below:
squid.conf:
workers 2
acl SSL_ports port 443
acl Safe_ports port "/etc/squid/acls/Safe_ports.acl.list"
acl myexample dstdomain "/etc/squid/acls/myexample.acl.list"
acl domain-dst-direct dstdomain "/etc/squid/acls/domain-dst-direct.acl.list"
acl ip-dst-direct dst "/etc/squid/acls/ip-dst-direct.acl.list"
acl localnet src "/etc/squid/acls/ip-src-localnet.acl.list"
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
always_direct allow all
always_direct allow myexample
always_direct allow localhost
always_direct allow domain-dst-direct
always_direct allow ip-dst-direct
always_direct allow SSL_ports
never_direct deny localhost
never_direct deny domain-dst-direct
never_direct allow all
coredump_dir /var/spool/squid
minimum_object_size 64 KB
maximum_object_size 256 MB
maximum_object_size_in_memory 2 MB
cache_mem 1024 MB
cache_dir ufs /cache 9000 16 256
cache_access_log stdio:/logs/squid/access.log
cache_log /logs/squid/cache.log
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
sysctl.conf
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_max_syn_backlog = 4096
net.core.somaxconn = 1024
net.ipv4.tcp_keepalive_time = 3600
net.ipv4.ip_local_port_range = 1024 65000
net.core.netdev_max_backlog = 2048
The Response Time is slow and comparatively slower than bluecoat proxy
During working hours extremely slow and sometimes some sites seems blocked
Here are the connections:
TIME_WAIT 4012 #################################################
CLOSE_WAIT 81 #
FIN_WAIT1 42 #
SYN_SENT 591 ########
FIN_WAIT2 136 ##
ESTABLISHED 4950 ############################################################
SYN_RECV 13 #
CLOSING 13 #
LAST_ACK 81 #
LISTEN 11 #
-------------------------------------------------------------------------------
TOTAL 9930
squidclient mgr:info|grep file\ desc
Sending HTTP request ... done.
Maximum number of file descriptors: 32768
Largest file desc currently in use: 3419
Number of file desc currently in use: 6022
Available number of file descriptors: 26746
Reserved number of file descriptors: 200
With Proxy Blue Coat:
Navigation is little bit better.
Note:
There is an external acl on firewall that allow network access to
trusted sources only.
Received on Mon Nov 25 2013 - 10:26:33 MST
This archive was generated by hypermail 2.2.0 : Mon Nov 25 2013 - 12:00:05 MST