Re: [squid-users] [NEED HELP] TPROXY + L2 WCCP + multi cpu
l/update.ver - HIER_DIRECT/93.184.71.21 - > 1377506574.698 183217 178.173.12.70 TCP_MISS/503 4133 GET > http://www.googletagservices.com/tag/js/gpt.js - HIER_DIRECT/173.194.36.25 > text/html > 1377506590.529 180754 178.173.12.70 TCP_MISS/503 4127 GET > http://cm.g.doubleclick.net/pixel? - HIER_DIRECT/173.194.36.13 text/html > 1377506615.522 59940 178.173.12.70 TCP_MISS/503 4016 GET > http://wiki.squid-cache.org/favicon.ico - HIER_DIRECT/77.93.254.178 > text/html > 1377506618.708 60994 178.173.12.70 TCP_MISS/503 4052 GET > http://devel.squid-cache.org/favicon.ico - HIER_DIRECT/216.34.181.97 > text/html > 1377506618.708 60988 178.173.12.70 TCP_MISS/503 4036 GET > http://www.pmoghadam.com/favicon.ico - HIER_DIRECT/79.175.162.79 text/html > 1377506618.709 60995 178.173.12.70 TCP_MISS/503 4224 GET > http://www.netcontractor.pl/favicon.ico - HIER_DIRECT/78.46.37.186 text/html > 1377506618.709 60835 178.173.12.70 TCP_MISS/503 4199 GET > http://etutorials.org/favicon.ico - HIER_DIRECT/195.234.5.139 text/html > 1377506618.709 61011 178.173.12.70 TCP_MISS/503 4420 GET > http://www.packtpub.com/favicon.ico - HIER_DIRECT/83.166.169.231 text/html > 1377506620.529 60830 178.173.12.70 TCP_MISS/503 4223 GET > http://www.thegeekstuff.com/favicon.ico - HIER_DIRECT/192.254.201.75 > text/html > 1377506620.529 60659 178.173.12.70 TCP_MISS/503 4053 GET > http://www.web-polygraph.org/favicon.ico - HIER_DIRECT/209.169.10.130 > text/html > 1377506620.530 60829 178.173.12.70 TCP_MISS/503 4099 GET > http://ubuntuforums.org/favicon.ico - HIER_DIRECT/91.189.94.12 text/html > 1377506622.740 240843 178.173.12.70 TCP_MISS/503 4964 GET > http://code.google.com/p/shellinabox/ - HIER_DIRECT/74.125.236.164 text/html > 1377506624.743 61038 178.173.12.70 TCP_MISS/503 4150 GET > http://www.tucny.com/favicon.ico - HIER_DIRECT/74.125.135.121 text/html > 1377506625.548 240492 178.173.12.70 TCP_MISS/503 4263 GET > http://gravatar.com/avatar/33be8eebf9ff1375eecabb6d45bb84f0/? - > HIER_DIRECT/72.233.69.5 text/html > 1377506625.744 240688 178.173.12.70 TCP_MISS/503 4263 GET > http://gravatar.com/avatar/10c08133f930b023f8a29f7aca903ade/? - > HIER_DIRECT/72.233.69.4 text/html > 1377506625.744 240687 178.173.12.70 TCP_MISS/503 4263 GET > http://gravatar.com/avatar/bbafaf9e10ccbeadb05132f0907eef62/? - > HIER_DIRECT/72.233.69.4 text/html > 1377506629.328 59995 178.173.12.70 TCP_MISS_ABORTED/000 0 GET > http://um16.eset.com/eset_eval/update.ver - HIER_DIRECT/93.184.71.10 - > 1377506633.748 240973 178.173.12.70 TCP_MISS/503 7081 GET > http://cisco.112.2o7.net/b/ss/cisco-us,cisco-usprodswitches/1/H.24.3/s641795 > 77133309? - HIER_DIRECT/66.235.132.232 text/html > 1377506674.091 0 :: TCP_DENIED/403 3788 GET > http://backend-kid2:4002/squid-internal-periodic/store_digest - HIER_NONE/- > text/html > 1377506675.522 59980 178.173.12.70 TCP_MISS/503 4048 GET > http://wiki.squid-cache.org/favicon.ico - HIER_DIRECT/77.93.254.178 > text/html > 1377506680.531 59983 178.173.12.70 TCP_MISS/503 4053 GET > http://www.web-polygraph.org/favicon.ico - HIER_DIRECT/209.169.10.130 > text/html > 1377506687.797 61064 178.173.12.70 TCP_MISS/503 4920 GET > http://beacon-1.newrelic.com/1/c7e812077e? - HIER_DIRECT/50.31.164.168 > text/html > 1377506690.518 61188 178.173.12.70 TCP_MISS/503 4163 GET > http://um16.eset.com/eset_eval/update.ver - HIER_DIRECT/93.184.71.10 > text/html > 1377506734.092 0 :: TCP_DENIED/403 3788 GET > http://backend-kid3:4003/squid-internal-periodic/store_digest - HIER_NONE/- > text/html > 1377506740.804 180166 178.173.12.70 TCP_MISS/503 4044 GET > http://packages.debian.org/favicon.ico - HIER_DIRECT/82.195.75.113 text/html > 1377506863.961 241103 178.173.12.70 TCP_MISS/503 4951 GET > http://code.google.com/favicon.ico - HIER_DIRECT/74.125.236.166 text/html > ## > > -Original Message- > From: Amos Jeffries [mailto:squ...@treenet.co.nz] > Sent: Wednesday, August 28, 2013 9:55 AM > To: Mohsen Dehghani > Subject: Re: [squid-users] [NEED HELP] TPROXY + L2 WCCP + multi cpu > > On 24/08/2013 6:26 p.m., Mohsen Dehghani wrote: >> Thanks >> But my bandwidth is gonna to be extended to 2Gbps. Are workers still >> perform better than multi instance? > > I'm not sure of the answer to that one sorry. You are in a quite select > group at present dealing with Gbps traffic rates. > (If you understand Eliezers response earlier it sounds good thoguh I'm not > sure I udnerstand the specifics myself yet). > > Amos > >
RE: [squid-users] [NEED HELP] TPROXY + L2 WCCP + multi cpu
de.google.com/p/shellinabox/ - HIER_DIRECT/74.125.236.164 text/html 1377506624.743 61038 178.173.12.70 TCP_MISS/503 4150 GET http://www.tucny.com/favicon.ico - HIER_DIRECT/74.125.135.121 text/html 1377506625.548 240492 178.173.12.70 TCP_MISS/503 4263 GET http://gravatar.com/avatar/33be8eebf9ff1375eecabb6d45bb84f0/? - HIER_DIRECT/72.233.69.5 text/html 1377506625.744 240688 178.173.12.70 TCP_MISS/503 4263 GET http://gravatar.com/avatar/10c08133f930b023f8a29f7aca903ade/? - HIER_DIRECT/72.233.69.4 text/html 1377506625.744 240687 178.173.12.70 TCP_MISS/503 4263 GET http://gravatar.com/avatar/bbafaf9e10ccbeadb05132f0907eef62/? - HIER_DIRECT/72.233.69.4 text/html 1377506629.328 59995 178.173.12.70 TCP_MISS_ABORTED/000 0 GET http://um16.eset.com/eset_eval/update.ver - HIER_DIRECT/93.184.71.10 - 1377506633.748 240973 178.173.12.70 TCP_MISS/503 7081 GET http://cisco.112.2o7.net/b/ss/cisco-us,cisco-usprodswitches/1/H.24.3/s641795 77133309? - HIER_DIRECT/66.235.132.232 text/html 1377506674.091 0 :: TCP_DENIED/403 3788 GET http://backend-kid2:4002/squid-internal-periodic/store_digest - HIER_NONE/- text/html 1377506675.522 59980 178.173.12.70 TCP_MISS/503 4048 GET http://wiki.squid-cache.org/favicon.ico - HIER_DIRECT/77.93.254.178 text/html 1377506680.531 59983 178.173.12.70 TCP_MISS/503 4053 GET http://www.web-polygraph.org/favicon.ico - HIER_DIRECT/209.169.10.130 text/html 1377506687.797 61064 178.173.12.70 TCP_MISS/503 4920 GET http://beacon-1.newrelic.com/1/c7e812077e? - HIER_DIRECT/50.31.164.168 text/html 1377506690.518 61188 178.173.12.70 TCP_MISS/503 4163 GET http://um16.eset.com/eset_eval/update.ver - HIER_DIRECT/93.184.71.10 text/html 1377506734.092 0 :: TCP_DENIED/403 3788 GET http://backend-kid3:4003/squid-internal-periodic/store_digest - HIER_NONE/- text/html 1377506740.804 180166 178.173.12.70 TCP_MISS/503 4044 GET http://packages.debian.org/favicon.ico - HIER_DIRECT/82.195.75.113 text/html 1377506863.961 241103 178.173.12.70 TCP_MISS/503 4951 GET http://code.google.com/favicon.ico - HIER_DIRECT/74.125.236.166 text/html ## -Original Message- From: Amos Jeffries [mailto:squ...@treenet.co.nz] Sent: Wednesday, August 28, 2013 9:55 AM To: Mohsen Dehghani Subject: Re: [squid-users] [NEED HELP] TPROXY + L2 WCCP + multi cpu On 24/08/2013 6:26 p.m., Mohsen Dehghani wrote: > Thanks > But my bandwidth is gonna to be extended to 2Gbps. Are workers still > perform better than multi instance? I'm not sure of the answer to that one sorry. You are in a quite select group at present dealing with Gbps traffic rates. (If you understand Eliezers response earlier it sounds good thoguh I'm not sure I udnerstand the specifics myself yet). Amos
Re: [squid-users] [NEED HELP] TPROXY + L2 WCCP + multi cpu
On 21/08/2013 1:17 a.m., Mohsen Dehghani wrote: Hi team I have already implemented tproxy + L2 wccp and it works perfectly except one: squid just uses one cpu(core) and other cores on a DELL R710 are wasted. I have about 140 Mbps traffic and it utilizes 50% of one core. When decided to run multicpu squid using this help: http://wiki.squid-cache.org/ConfigExamples/MultiCpuSystem I noticed that the backend receives the requests with the ip address of frontend(127.0.0.1). As my squid machine do not have any public ip ( I just used tproxy before ) so it cannot get the request and forward it to the frontend. It means the backend does not spoof the client ip. My question is how can I force the backend to use the client ip address to get request from internet servers? My squid version is 3.3.8 My machine does not have any public IP With 3.3 series you are likely to find http://wiki.squid-cache.org/Features/SmpScale workers are better than separate Squid instances. The config file is far simpler and being a single layer the TPROXY relay issue is not present. In theory you can pass TPROXY details through two layers by using the "no-tproxy" option on the front layers cache_peer line, "follow_x_forwarded_for allow localhost" on the backend layer. It may also require tproxy http_port option on the backend layer to handle setup of the outgoing spoofing properly. Just theorizing here, if anyone wants to try it please inform us on how it goes :-) It will definitely fail unless both layers are on the same box, otherwise it should work. Amos
[squid-users] [NEED HELP] TPROXY + L2 WCCP + multi cpu
Hi team I have already implemented tproxy + L2 wccp and it works perfectly except one: squid just uses one cpu(core) and other cores on a DELL R710 are wasted. I have about 140 Mbps traffic and it utilizes 50% of one core. When decided to run multicpu squid using this help: http://wiki.squid-cache.org/ConfigExamples/MultiCpuSystem I noticed that the backend receives the requests with the ip address of frontend(127.0.0.1). As my squid machine do not have any public ip ( I just used tproxy before ) so it cannot get the request and forward it to the frontend. It means the backend does not spoof the client ip. My question is how can I force the backend to use the client ip address to get request from internet servers? My squid version is 3.3.8 My machine does not have any public IP