Re: [squid-users] What exactly makes accelerator mode faster then transparent mode ?
I have a last question concerning this topic : Suppose I would tell you : In front of my internet server I have a WC in transparant mode and it works. the Internet DNS points the URL to the TP-WC and the TP-WC caches the content of the server. Since there is only one webserver (apart from DOS attacks, and operating system security) I do not need a Firewall to divert traffic. Is there any reason why I should change the transparent WC into an accelerator mode WC and why ? What benefit would an accelerator WC give me above the transparent one ? --- Henrik Nordstrom [EMAIL PROTECTED] wrote: On Thu, 2008-03-20 at 05:31 -0700, Raemaekers Mark wrote: What mode of WC (so transparent or accelerator) will give me the best performance and why ? Or is there no difference with respect to performance ? The different modes is not about performance but different use cases. accelerator or reverse proxy - Squid sits infront of your own web server (or one you host), offloading traffic from the web server. The DNS is registered so that Internet users visiting your site contact the Squid server. transparent interception - Squid sits in the path of your LAN users outgoing web traffic and port 80 traffic is transparently diverted to the proxy by firewall rules. This is a workaround to make all LAN client HTTP traffic go via the proxy even if they haven't configured the proxy settings correct. normal proxy - The clients is configured to use the proxy, either manuall or via automatic means such as WPAD. accelerator more is Internet users - your web server. transparent interception and normal mode is your local LAN users going out to random web servers out on the Internet. Regards Henrik Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Re: [squid-users] What exactly makes accelerator mode faster then transparent mode ?
Thank you Amos, Suppose that I have to put a WC in front of ONLY ONE HTTP server and both WC and web server are behind a load balancer, so the clients will never see whether traffic comes from a WC or from the server, anyway. What mode of WC (so transparent or accelerator) will give me the best performance and why ? Or is there no difference with respect to performance ? you mention : reverse-proxy (or accelerator) - software that performs many of the service duties of a 'true' web-server What web duties can an accelerator WC do, that a transparent WC cannot do ? Thanks in advance, Mark. --- Amos Jeffries [EMAIL PROTECTED] wrote: Raemaekers Mark wrote: For me it is not clear why an accelerator mode WC is faster then a Transparant Mode webcache. This is how I understand both modes after googling for about half a day on this topic : WC IN TRANSPARANT MODE (WCTM), When an http request hits the WCTM for the second time, then the WC will send its cached contents back to the client. Since the info is in the cache, the real web server does not have to be contacted by the WCTM. WC IN ACCELERATOR MODE (WCAM) : when an http request hits the WCAM for the second time,the the WC will look if this request is in its cache and send the cached response of this request back to the client. Since the info is in the cache, the real web server does not have to be contaced by the WCAM. In both cases (from the second request onwards) the real web server is not contacted. So, what exactly makes an accelerator mode WC go faster then ? Nothing. Neither name accurately reflects the operation of the cache. Whats the confusion? proxy - software that sits between a web server and a web-client with purpose of resource saving or improving web service to the clients. intercepting proxy - software that performs as a proxy, but additionally can handle traffic redirected to it by a FW without the web-clients knowledge. Usually typed 'transparent' by those who confuse client-hidden with totally-invisible. transparent proxy - software that performs all duties of proxy and additionally spoofs/hide its IP from both parties such that neither can detect its existence. reverse-proxy - software that performs many of the service duties of a web-server. Redirecting all requests it can't handle to a separate 'true' web-server or more authoritative source. accelerator - nickname for reverse-proxy. Amos -- Please use Squid 2.6STABLE17+ or 3.0STABLE1+ There are serious security advisories out on all earlier releases. Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
[squid-users] What exactly makes accelerator mode faster then transparent mode ?
For me it is not clear why an accelerator mode WC is faster then a Transparant Mode webcache. This is how I understand both modes after googling for about half a day on this topic : WC IN TRANSPARANT MODE (WCTM), When an http request hits the WCTM for the second time, then the WC will send its cached contents back to the client. Since the info is in the cache, the real web server does not have to be contacted by the WCTM. WC IN ACCELERATOR MODE (WCAM) : when an http request hits the WCAM for the second time,the the WC will look if this request is in its cache and send the cached response of this request back to the client. Since the info is in the cache, the real web server does not have to be contaced by the WCAM. In both cases (from the second request onwards) the real web server is not contacted. So, what exactly makes an accelerator mode WC go faster then ? Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
[squid-users] TCP/IP multiplexing using BIGIP F5 load-balancer
Dear squid-users, -I have 2 squid 2.6.STABLE16 machines on linux -one loadbalancer of F5 (version 9) -one apache http server. The loadbalancer has the functionality of opening only 1 TCP connection to a certain squid wc. This means that the TCP connections of several HTTP clients are actually multiplexed over 1 and the same TCP session towards the squid. This feature is called Oneconnect at F5 or more in general TCP multiplexing. The big advantage is that the squid WC does not have to deal with opening/closing TCP connections for each HTTP connection. This however can only work if squid send connetion: Keep-alive back inside the returning http packets. I see that the squid always sends back connection: close. How can I make sure that squid sends back connection: keep-alive in stead of connection:close ? I noticed both auth_param ntlm keep_alive on and auth_param negotiate keep_alive on parameters, but these are only during authentication phases. How can I tell the squid to send connection:keep-alive for all the http requests so that the TCP session of the BIGIP will always remain open ? Note : My clients are HTTP1.1 users. Thanx in advance. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: [squid-users] Why does squid 2.6 stable 16 running in accelerator mode NEVER caches html requests ?
Thanks for your input, but unfortunately it is still not working. each time I launch : [curl-machine]#curl http://omp.wc.be/home.html I get in store.log : 1192090981.782 RELEASE 00 0018 CE042BF5E20CD75407DE72B1C8D0CA2C 200 1192093905 1192089432-1 text/html 18/18 GET http://omp.wc.be/home.html 1192090981.782 SWAPOUT 00 0019 EFE6712C44DC67B734C8EC1E9436327C 200 1192093910 1192089432-1 text/html 18/18 GET http://omp.wc.be/home.html ... and I see on the http server ther reqest coming in, so squid is still not caching. I do not understand why squid RELEASES the object first and then does SWAPOUT to disk. Here you see the result of curl -I http://omp.wc.be/home.html (also same behaviour on squid machine, meaning squid machine still contacts http server. [curl-machine]#curl -I http://omp.wc.be/home.html HTTP/1.0 200 OK Date: Thu, 11 Oct 2007 09:27:48 GMT Server: Apache/2.0.52 (Red Hat) Last-Modified: Thu, 11 Oct 2007 07:57:12 GMT ETag: 99c3-12-f3228600 Accept-Ranges: bytes Content-Length: 18 Content-Type: text/html; charset=UTF-8 X-Cache: MISS from omp.wc.be Via: 1.0 omp.wc.be:80 (squid/2.6.STABLE16) Connection: close tail -n 42 cache.log says : [EMAIL PROTECTED] logs]# tail -n 42 cache.log 2007/10/11 10:34:17| Starting Squid Cache version 2.6.STABLE16 for i686-pc-linux-gnu... 2007/10/11 10:34:17| Process ID 19543 2007/10/11 10:34:17| With 1024 file descriptors available 2007/10/11 10:34:17| Using epoll for the IO loop 2007/10/11 10:34:17| Performing DNS Tests... 2007/10/11 10:34:17| Successful DNS name lookup tests... 2007/10/11 10:34:17| DNS Socket created at 0.0.0.0, port 32776, FD 5 2007/10/11 10:34:17| Adding nameserver 127.0.0.1 from squid.conf 2007/10/11 10:34:17| Unlinkd pipe opened on FD 9 2007/10/11 10:34:17| Swap maxSize 102400 KB, estimated 7876 objects 2007/10/11 10:34:17| Target number of buckets: 393 2007/10/11 10:34:17| Using 8192 Store buckets 2007/10/11 10:34:17| Max Mem size: 51200 KB 2007/10/11 10:34:17| Max Swap size: 102400 KB 2007/10/11 10:34:17| Rebuilding storage in /usr/local/squid/var/cache (CLEAN) 2007/10/11 10:34:17| Using Least Load store dir selection 2007/10/11 10:34:17| Current Directory is /usr/local/squid/var/logs 2007/10/11 10:34:17| Loaded Icons. 2007/10/11 10:34:17| Accepting accelerated HTTP connections at 0.0.0.0, port 80, FD 11. 2007/10/11 10:34:17| Accepting ICP messages at 0.0.0.0, port 3130, FD 12. 2007/10/11 10:34:17| Accepting SNMP messages on port 3401, FD 13. 2007/10/11 10:34:17| WCCP Disabled. 2007/10/11 10:34:17| Configuring Parent 10.10.10.3/80/0 2007/10/11 10:34:17| Ready to serve requests. 2007/10/11 10:34:18| Done reading /usr/local/squid/var/cache swaplog (1 entries) 2007/10/11 10:34:18| Finished rebuilding storage from disk. 2007/10/11 10:34:18| 1 Entries scanned 2007/10/11 10:34:18| 0 Invalid entries. 2007/10/11 10:34:18| 0 With invalid flags. 2007/10/11 10:34:18| 1 Objects loaded. 2007/10/11 10:34:18| 0 Objects expired. 2007/10/11 10:34:18| 0 Objects cancelled. 2007/10/11 10:34:18| 0 Duplicate URLs purged. 2007/10/11 10:34:18| 0 Swapfile clashes avoided. 2007/10/11 10:34:18| Took 0.3 seconds ( 3.8 objects/sec). 2007/10/11 10:34:18| Beginning Validation Procedure 2007/10/11 10:34:18| Completed Validation Procedure 2007/10/11 10:34:18| Validated 1 Entries 2007/10/11 10:34:18| store_swap_size = 4k 2007/10/11 10:34:18| storeLateRelease: released 0 objects Very strange is that : 1. apparantly 1 Object is loaded (and I only ask for 1 object) home.html and I am the only user on this test system. this indicates to me that the page is cached, but the squid allways fetches the object from the http sever ... Using following conf (using comments by Amos) ... #ACCELERATOR ### http_port 80 accel defaultsite=omp.wc.be cache_peer 10.10.10.3 parent 80 0 no-query originserver name=webserver ##ACLS### acl all src all cache_peer_domain webserver omp.wc.be acl mydomain dstdomain omp.wc.be http_access allow mydomain never_direct allow mydomain http_access deny all #CACHING RULES ### acl QUERY urlpath_regex cgi-bin \? cache deny QUERY cache allow all refresh_pattern . 1440 20% 4320 #MISCELLANIOUS ##3 visible_hostname omp.wc.be cache_effective_user squid #cache_effective_group squid dns_testnames omp.wc.be dns_nameservers 127.0.0.1 cache_mem 50 MB [EMAIL PROTECTED] etc]# ... I allready tried the following : 1. removeing the cache_dir (squid -k shutdown ; rm -fr /usr/local/squid/var/cache/* ; squid -z) and recreating it; start squid 2. added the dns_nameservers 127.0.0.1 statement, bcc otherwise I get warning at startup that there are no DNS servers specified in /etc/resolv.conf /etc/resolv.conf only contains files an I am using /etc/hosts for dns lookup on the squid machine. cat /etc/hosts looks like this : 127.0.0.1 rack4top localhost.localdomain localhost 13.1.1.1
Re: [squid-users] Why does squid 2.6 stable 16 running in accelerator mode NEVER caches html requests ?
I found the cause of my problem !! Apparantly curl uses BY DEFAULT the pragma : no-cache option ... This means indeed that the WC never caches the pages. By using curl-loader (who does not use the no-cache option) I noticed that indeed object was cached ! so I compared capture of both request and then I noticed the pragma option ... I spend 4 days on this default value and I want to thank you for your effort ! --- Raemaekers Mark [EMAIL PROTECTED] wrote: Thanks for your input, but unfortunately it is still not working. each time I launch : [curl-machine]#curl http://omp.wc.be/home.html I get in store.log : 1192090981.782 RELEASE 00 0018 CE042BF5E20CD75407DE72B1C8D0CA2C 200 1192093905 1192089432-1 text/html 18/18 GET http://omp.wc.be/home.html 1192090981.782 SWAPOUT 00 0019 EFE6712C44DC67B734C8EC1E9436327C 200 1192093910 1192089432-1 text/html 18/18 GET http://omp.wc.be/home.html ... and I see on the http server ther reqest coming in, so squid is still not caching. I do not understand why squid RELEASES the object first and then does SWAPOUT to disk. Here you see the result of curl -I http://omp.wc.be/home.html (also same behaviour on squid machine, meaning squid machine still contacts http server. [curl-machine]#curl -I http://omp.wc.be/home.html HTTP/1.0 200 OK Date: Thu, 11 Oct 2007 09:27:48 GMT Server: Apache/2.0.52 (Red Hat) Last-Modified: Thu, 11 Oct 2007 07:57:12 GMT ETag: 99c3-12-f3228600 Accept-Ranges: bytes Content-Length: 18 Content-Type: text/html; charset=UTF-8 X-Cache: MISS from omp.wc.be Via: 1.0 omp.wc.be:80 (squid/2.6.STABLE16) Connection: close tail -n 42 cache.log says : [EMAIL PROTECTED] logs]# tail -n 42 cache.log 2007/10/11 10:34:17| Starting Squid Cache version 2.6.STABLE16 for i686-pc-linux-gnu... 2007/10/11 10:34:17| Process ID 19543 2007/10/11 10:34:17| With 1024 file descriptors available 2007/10/11 10:34:17| Using epoll for the IO loop 2007/10/11 10:34:17| Performing DNS Tests... 2007/10/11 10:34:17| Successful DNS name lookup tests... 2007/10/11 10:34:17| DNS Socket created at 0.0.0.0, port 32776, FD 5 2007/10/11 10:34:17| Adding nameserver 127.0.0.1 from squid.conf 2007/10/11 10:34:17| Unlinkd pipe opened on FD 9 2007/10/11 10:34:17| Swap maxSize 102400 KB, estimated 7876 objects 2007/10/11 10:34:17| Target number of buckets: 393 2007/10/11 10:34:17| Using 8192 Store buckets 2007/10/11 10:34:17| Max Mem size: 51200 KB 2007/10/11 10:34:17| Max Swap size: 102400 KB 2007/10/11 10:34:17| Rebuilding storage in /usr/local/squid/var/cache (CLEAN) 2007/10/11 10:34:17| Using Least Load store dir selection 2007/10/11 10:34:17| Current Directory is /usr/local/squid/var/logs 2007/10/11 10:34:17| Loaded Icons. 2007/10/11 10:34:17| Accepting accelerated HTTP connections at 0.0.0.0, port 80, FD 11. 2007/10/11 10:34:17| Accepting ICP messages at 0.0.0.0, port 3130, FD 12. 2007/10/11 10:34:17| Accepting SNMP messages on port 3401, FD 13. 2007/10/11 10:34:17| WCCP Disabled. 2007/10/11 10:34:17| Configuring Parent 10.10.10.3/80/0 2007/10/11 10:34:17| Ready to serve requests. 2007/10/11 10:34:18| Done reading /usr/local/squid/var/cache swaplog (1 entries) 2007/10/11 10:34:18| Finished rebuilding storage from disk. 2007/10/11 10:34:18| 1 Entries scanned 2007/10/11 10:34:18| 0 Invalid entries. 2007/10/11 10:34:18| 0 With invalid flags. 2007/10/11 10:34:18| 1 Objects loaded. 2007/10/11 10:34:18| 0 Objects expired. 2007/10/11 10:34:18| 0 Objects cancelled. 2007/10/11 10:34:18| 0 Duplicate URLs purged. 2007/10/11 10:34:18| 0 Swapfile clashes avoided. 2007/10/11 10:34:18| Took 0.3 seconds ( 3.8 objects/sec). 2007/10/11 10:34:18| Beginning Validation Procedure 2007/10/11 10:34:18| Completed Validation Procedure 2007/10/11 10:34:18| Validated 1 Entries 2007/10/11 10:34:18| store_swap_size = 4k 2007/10/11 10:34:18| storeLateRelease: released 0 objects Very strange is that : 1. apparantly 1 Object is loaded (and I only ask for 1 object) home.html and I am the only user on this test system. this indicates to me that the page is cached, but the squid allways fetches the object from the http sever ... Using following conf (using comments by Amos) ... #ACCELERATOR ### http_port 80 accel defaultsite=omp.wc.be cache_peer 10.10.10.3 parent 80 0 no-query originserver name=webserver ##ACLS### acl all src all cache_peer_domain webserver omp.wc.be acl mydomain dstdomain omp.wc.be http_access allow mydomain never_direct allow mydomain http_access deny all #CACHING RULES ### acl QUERY urlpath_regex cgi-bin \? cache deny QUERY cache allow all refresh_pattern . 1440 20% 4320 #MISCELLANIOUS ##3 visible_hostname omp.wc.be cache_effective_user squid #cache_effective_group squid
[squid-users] Can squid 2.6 STABLE 16 in accelerator mode, run on only one interface ?
Hi squid-users, I am wondering if it possible to run squid on a machine having only one ethernet interface. This means that both the requests coming from http clients and request going to originserver acutally go over one and the same ethernet interface. In addition , can the IP address of the originserver and the IP address of the interface where squid is listening on, can be in the same subnet, or do I need to create secondary IP address for the squid -- originserver traffic ? I am very reluctant to go for this setup since I expect a lot of performance issues. Do you agree with me ? Is there any estimate with respect to performance loss ? What is your opinion about this ? thanks in advance. Check out the hottest 2008 models today at Yahoo! Autos. http://autos.yahoo.com/new_cars.html
[squid-users] Why does squid 2.6 stable 16 running in accelerator mode NEVER caches html requests ?
Dear squid-cache.org, I have three RHEL4 servers : 1. configured with squid 2.6 Version 2.6.STABLE16 in accelerator mode 2. configured with (apache) httpd daemon 3. this machine has curl installed (to generate http requests) Each time I do curl http://omp.wc.be/home.html, I notice that the WC ALLWAYS sends the reqeust to the http server. It does NOT cache my home.html page. If I remove the always_direct allow all statement then I get the error back from WC that it is unable to forward request. I have : cache allow all statement. refresh_pattern but even if I comment it, I have the same issue. What is wrong in my configuration that the accelerator does not cache the file, but always asks for it ? #[root] #[root]cat squid.conf #ACCELERATOR ### http_port 80 defaultsite=10.10.10.3 cache_peer omp.wc.be parent 80 0 no-query originserver ##ACLS### acl all src 0.0.0.0/0.0.0.0 acl port80 port 80 http_access allow port80 always_direct allow all #CACHING RULES ### acl QUERY urlpath_regex cgi-bin \? cache deny QUERY cache allow all refresh_pattern . 1440 20% 4320 #MISCELLANIOUS ##3 visible_hostname omp.wc.be cache_effective_user squid cache_effective_group squid dns_testnames omp.wc.be cache_mem 50 MB #[root] #[root] #[root] note : 10.10.10.3 is the IP of the http server omp.wc.be is referenced as 10.10.10.3 by DNS. on curl-machine omp.wc.be is resolved as 12.1.1.1 (=listening interface on squid) note : home.html is only a one-line html page with no cgi, ... in it ! Many thanks in advance ! Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games. http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow