Re: [squid-users] Squid Deployment for ISP's
Also, for an ISP like setup, you could try out the latest Squid 2.7, as that has the COSS storage engine, which is much faster for smaller objects (I've mine configured for less than 256kb) than AUFS. My specs for an almost default configuration on a Core 2 Duo machine are here: http://wiki.squid-cache.org/KnowledgeBase/Benchmarks Note mentioned in the above link is that my OS is on a separate IDE HDD. The motherboard is cheap desktop board that supports 8 GB or RAM with 2 IDE and 4 SATA HDDs. They also do around 20% "Byte Hit Ratio" almost consistently. Regards HASSAN On Sat, Apr 17, 2010 at 9:35 AM, Amos Jeffries wrote: > > Ananth wrote: >> >> Dear Team, >> >> I have configure squid 3.1 on Fedora core 12. >> >> my hardware configuration: >> >> CPU INFO: Intel(R) Xeon(R) CPU E5440 @ 2.83GHz >> RAM : 8 GB >> HDD : 160 GB >> >> The problem i m facing is when my http requests are above 130 hist per >> second the pages start browsing slow and time out i cant even access >> cachemanager. if the http hit rate is below 130 hist per second it >> fine. please check if my configuration is correct. sorry for my poor >> english. >> >> Thanks, >> Ananth B.R. >> > > Looks fairly good. There are a few tweaks I'll mention inline. > >> my configuration is as fallows: >> >> ### Start of squid.conf #created by ANANTH# >> cache_effective_user squid >> cache_effective_group squid >> >> http_port 3128 transparent >> >> cache_dir ufs /var/spool/squid 16384 16 256 >> >> cache_access_log /var/log/squid/access.log >> cache_log /var/log/squid/cache.log >> cache_store_log none >> logfile_rotate 7 >> emulate_httpd_log on > > emulate_httpd_log does a little bit of extra work to generate dates etc. > If you can use the native squid log format its faster. > > "emulate_httpd_log on" is also deprecated in favor of setting the "custom" > format type on access_log lines. > >> >> cache_mem 2 GB >> maximum_object_size_in_memory 512 KB > > Memory objects are faster then disk ones in Squid and 3.x do not have the > large object size failures that 2.x has. > The more memory stuff you can do in the newer Squid the faster those requests > are done with and new ones can be handled. > >> memory_replacement_policy lru >> cache_replacement_policy lru > > heap tends to be the replacement policy favored by high-performance people. > It's up to you though. > >> maximum_object_size 64 MB >> >> hierarchy_stoplist cgi-bin ? >> acl QUERY urlpath_regex cgi-bin \? >> no_cache deny QUERY > > Drop the above three lines. They are doing extra work that is not really > needed. > >> >> hosts_file /etc/hosts >> >> refresh_pattern ^ftp: 1440 20% 10080 >> refresh_pattern ^gopher: 1440 0% 1440 >> refresh_pattern . 0 40% 4320 >> >> #acl all src 0.0.0.0/0 >> >> ##Define your network below >> >> acl mynetwork src 192.168.106.0/24 # cbinetwork private >> acl mynetwork src 192.168.107.0/24 # cbinetwork private >> acl mynetwork src 192.168.110.0/24 # cbinetwork private >> acl mynetwork src 192.168.120.0/24 # cbinetwork private >> acl mynetwork src 192.168.121.0/24 # cbinetwork private >> acl mynetwork src 192.168.130.0/24 # cbinetwork private >> acl mynetwork src 192.168.150.0/24 # cbinetwork private >> acl mynetwork src 192.168.151.0/24 # cbinetwork private >> acl mynetwork src 10.100.101.0/24 # cbinetwork private >> acl manager proto cache_object >> acl localhost src 127.0.0.1/32 >> acl localhost src ::1/128 >> acl to_localhost dst 127.0.0.0/8 >> acl to_localhost dst ::1/128 >> acl purge method PURGE >> acl CONNECT method CONNECT >> >> acl Safe_ports port 80 # http >> acl Safe_ports port 21 # ftp >> acl Safe_ports port 443 # https >> >> acl Safe_ports port 1025-65535 #unregistered ports >> >> acl SSL_ports port 443 563 >> >> http_access allow manager localhost >> http_access deny manager >> http_access allow purge localhost >> http_access deny purge >> http_access deny !Safe_ports >> http_access deny CONNECT !SSL_ports >> >> http_access allow localhost >> http_access allow mynetwork >> # http_access deny all > > For peak performance I'd order the above lines a little differently and > remove some. Give these a test out: > > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost > http_access deny manager > http_access deny purge > http_access allow mynetwork > # http_access deny all > >> http_reply_access allow all >> icp_access allow mynetwork >> >> # icp_access deny all >> >> visible_hostname proxy.xxx.xx >> >> coredump_dir /var/spool/squid >> >> End of squid.conf ## > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.1 >
Re: [squid-users] Squid Deployment for ISP's
Ananth wrote: Dear Team, I have configure squid 3.1 on Fedora core 12. my hardware configuration: CPU INFO: Intel(R) Xeon(R) CPU E5440 @ 2.83GHz RAM : 8 GB HDD : 160 GB The problem i m facing is when my http requests are above 130 hist per second the pages start browsing slow and time out i cant even access cachemanager. if the http hit rate is below 130 hist per second it fine. please check if my configuration is correct. sorry for my poor english. Thanks, Ananth B.R. Looks fairly good. There are a few tweaks I'll mention inline. my configuration is as fallows: ### Start of squid.conf #created by ANANTH# cache_effective_user squid cache_effective_group squid http_port 3128 transparent cache_dir ufs /var/spool/squid 16384 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none logfile_rotate 7 emulate_httpd_log on emulate_httpd_log does a little bit of extra work to generate dates etc. If you can use the native squid log format its faster. "emulate_httpd_log on" is also deprecated in favor of setting the "custom" format type on access_log lines. cache_mem 2 GB maximum_object_size_in_memory 512 KB Memory objects are faster then disk ones in Squid and 3.x do not have the large object size failures that 2.x has. The more memory stuff you can do in the newer Squid the faster those requests are done with and new ones can be handled. memory_replacement_policy lru cache_replacement_policy lru heap tends to be the replacement policy favored by high-performance people. It's up to you though. maximum_object_size 64 MB hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY Drop the above three lines. They are doing extra work that is not really needed. hosts_file /etc/hosts refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 40% 4320 #acl all src 0.0.0.0/0 ##Define your network below acl mynetwork src 192.168.106.0/24 # cbinetwork private acl mynetwork src 192.168.107.0/24 # cbinetwork private acl mynetwork src 192.168.110.0/24 # cbinetwork private acl mynetwork src 192.168.120.0/24 # cbinetwork private acl mynetwork src 192.168.121.0/24 # cbinetwork private acl mynetwork src 192.168.130.0/24 # cbinetwork private acl mynetwork src 192.168.150.0/24 # cbinetwork private acl mynetwork src 192.168.151.0/24 # cbinetwork private acl mynetwork src 10.100.101.0/24 # cbinetwork private acl manager proto cache_object acl localhost src 127.0.0.1/32 acl localhost src ::1/128 acl to_localhost dst 127.0.0.0/8 acl to_localhost dst ::1/128 acl purge method PURGE acl CONNECT method CONNECT acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 1025-65535 #unregistered ports acl SSL_ports port 443 563 http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow mynetwork # http_access deny all For peak performance I'd order the above lines a little differently and remove some. Give these a test out: http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access deny manager http_access deny purge http_access allow mynetwork # http_access deny all http_reply_access allow all icp_access allow mynetwork # icp_access deny all visible_hostname proxy.xxx.xx coredump_dir /var/spool/squid End of squid.conf ## Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.1
Re: [squid-users] Squid Deployment for ISP's
> CPU INFO: Intel(R) Xeon(R) CPU E5440 @ 2.83GHz > RAM : 8 GB > HDD : 160 GB > > The problem i m facing is when my http requests are above 130 hist per > second the pages start browsing slow and time out i cant even access > cachemanager. if the http hit rate is below 130 hist per second it > fine. please check if my configuration is correct. sorry for my poor > english. How is your file descriptor usage? Matt
Re: [squid-users] Squid Deployment for ISP's
Em 16/04/2010 11:57, Ananth escreveu: Dear Team, I have configure squid 3.1 on Fedora core 12. my hardware configuration: CPU INFO: Intel(R) Xeon(R) CPU E5440 @ 2.83GHz RAM : 8 GB HDD : 160 GB 160Gb is a common SATA disk size. Are you using a single SATA disk for holding cache_dir AND logs for a squid system running at 130 requests/second ? If you answered YES, than you're probably having I/O problems !!! try disabling logs and maybe even disabling cache_dir (set a null cache_dir) and see if things get better. If yes, than you really should get a decent I/O subsystem for this heavy-loaded squid box. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [squid-users] Squid Deployment for ISP's
Hi! It have been a long time since the last time I saw a large amount of users with just one squid proxy (8 years or so). Anyway, from what I can remember, I had a couple of interesting points: number of opened files, and number of simultaneous connections. I had to tune: kernel (proc), system (ulimit) and squid parameters back then. Anyway, If I find my really old notes, I may be able to give some more useful info, in the meantime, analyze these points. I hope this helps, Ildefonso Camargo On Fri, Apr 16, 2010 at 10:27 AM, Ananth wrote: > Dear Team, > > I have configure squid 3.1 on Fedora core 12. > > my hardware configuration: > > CPU INFO: Intel(R) Xeon(R) CPU E5440 @ 2.83GHz > RAM : 8 GB > HDD : 160 GB > > The problem i m facing is when my http requests are above 130 hist per > second the pages start browsing slow and time out i cant even access > cachemanager. if the http hit rate is below 130 hist per second it > fine. please check if my configuration is correct. sorry for my poor > english. > > Thanks, > Ananth B.R. > > my configuration is as fallows: > > ### Start of squid.conf #created by ANANTH# > cache_effective_user squid > cache_effective_group squid > > http_port 3128 transparent > > cache_dir ufs /var/spool/squid 16384 16 256 > > cache_access_log /var/log/squid/access.log > cache_log /var/log/squid/cache.log > cache_store_log none > logfile_rotate 7 > emulate_httpd_log on > > cache_mem 2 GB > maximum_object_size_in_memory 512 KB > memory_replacement_policy lru > cache_replacement_policy lru > maximum_object_size 64 MB > > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > no_cache deny QUERY > > hosts_file /etc/hosts > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 40% 4320 > > #acl all src 0.0.0.0/0 > > ##Define your network below > > acl mynetwork src 192.168.106.0/24 # cbinetwork private > acl mynetwork src 192.168.107.0/24 # cbinetwork private > acl mynetwork src 192.168.110.0/24 # cbinetwork private > acl mynetwork src 192.168.120.0/24 # cbinetwork private > acl mynetwork src 192.168.121.0/24 # cbinetwork private > acl mynetwork src 192.168.130.0/24 # cbinetwork private > acl mynetwork src 192.168.150.0/24 # cbinetwork private > acl mynetwork src 192.168.151.0/24 # cbinetwork private > acl mynetwork src 10.100.101.0/24 # cbinetwork private > acl manager proto cache_object > acl localhost src 127.0.0.1/32 > acl localhost src ::1/128 > acl to_localhost dst 127.0.0.0/8 > acl to_localhost dst ::1/128 > acl purge method PURGE > acl CONNECT method CONNECT > > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > > acl Safe_ports port 1025-65535 #unregistered ports > > acl SSL_ports port 443 563 > > http_access allow manager localhost > http_access deny manager > http_access allow purge localhost > http_access deny purge > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > > http_access allow localhost > http_access allow mynetwork > # http_access deny all > http_reply_access allow all > icp_access allow mynetwork > > # icp_access deny all > > visible_hostname proxy.xxx.xx > > coredump_dir /var/spool/squid > > End of squid.conf ## >
[squid-users] Squid Deployment for ISP's
Dear Team, I have configure squid 3.1 on Fedora core 12. my hardware configuration: CPU INFO: Intel(R) Xeon(R) CPU E5440 @ 2.83GHz RAM : 8 GB HDD : 160 GB The problem i m facing is when my http requests are above 130 hist per second the pages start browsing slow and time out i cant even access cachemanager. if the http hit rate is below 130 hist per second it fine. please check if my configuration is correct. sorry for my poor english. Thanks, Ananth B.R. my configuration is as fallows: ### Start of squid.conf #created by ANANTH# cache_effective_user squid cache_effective_group squid http_port 3128 transparent cache_dir ufs /var/spool/squid 16384 16 256 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none logfile_rotate 7 emulate_httpd_log on cache_mem 2 GB maximum_object_size_in_memory 512 KB memory_replacement_policy lru cache_replacement_policy lru maximum_object_size 64 MB hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY hosts_file /etc/hosts refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 40% 4320 #acl all src 0.0.0.0/0 ##Define your network below acl mynetwork src 192.168.106.0/24 # cbinetwork private acl mynetwork src 192.168.107.0/24 # cbinetwork private acl mynetwork src 192.168.110.0/24 # cbinetwork private acl mynetwork src 192.168.120.0/24 # cbinetwork private acl mynetwork src 192.168.121.0/24 # cbinetwork private acl mynetwork src 192.168.130.0/24 # cbinetwork private acl mynetwork src 192.168.150.0/24 # cbinetwork private acl mynetwork src 192.168.151.0/24 # cbinetwork private acl mynetwork src 10.100.101.0/24 # cbinetwork private acl manager proto cache_object acl localhost src 127.0.0.1/32 acl localhost src ::1/128 acl to_localhost dst 127.0.0.0/8 acl to_localhost dst ::1/128 acl purge method PURGE acl CONNECT method CONNECT acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 1025-65535 #unregistered ports acl SSL_ports port 443 563 http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow mynetwork # http_access deny all http_reply_access allow all icp_access allow mynetwork # icp_access deny all visible_hostname proxy.xxx.xx coredump_dir /var/spool/squid End of squid.conf ##