Re: [squid-users] Squid does not respond to TCP SYN when there are thousands of connection
On 8/03/2013 3:25 a.m., dahanhsi wrote: hi all, in Squid 2.7, should --with-maxfd not be necessary if I set the max_filedescriptors? thanks The build-time --with option sets the default value for the configuration file directive. If the --with option is not provided the compiler will set a low number usually 1K-4K based on the build machine settings. PS. Please seriously consider upgrading to a current stable (today that is 3.3.2). We are not even porting security vulnerability fixes back to 2.7 any more. Amos 2013/2/16 dahanhsi: 2013/2/15 Amm: ulimit -n must be run as the same user that the proxy is running. In debian/ubuntu that user is proxy, and if you type ulimit as root you will get a different answer that if you type ulimit logged in as proxy user. Be sure to check the ulimit for the right user Or you can check current limits using: /proc/SQUIDPID/limits Hi, I set my /etc/security/limit.conf: * softnofile 655360 * hardnofile 655360 so user squid also has limit in 655360: # cat /proc/SQUIDPID/limits Limit Soft Limit Hard Limit Units Max cpu time unlimitedunlimitedseconds Max file size unlimitedunlimitedbytes Max data size unlimitedunlimitedbytes Max stack size10485760 unlimitedbytes Max core file sizeunlimitedunlimitedbytes Max resident set unlimitedunlimitedbytes Max processes 257742 257742 processes Max open files655360 655360 files Max locked memory 6553665536bytes Max address space unlimitedunlimitedbytes Max file locksunlimitedunlimitedlocks Max pending signals 257742 257742 signals Max msgqueue size 819200 819200 bytes Max nice priority 00 Max realtime priority 00 Max realtime timeout unlimitedunlimitedus and my fd.file-max is 655360 too: # cat /proc/sys/fs/file-max 655360
Re: [squid-users] Squid does not respond to TCP SYN when there are thousands of connection
hi all, in Squid 2.7, should --with-maxfd not be necessary if I set the max_filedescriptors? thanks 2013/2/16 dahanhsi : > 2013/2/15 Amm : >> >> >>> ulimit -n must be run as the same user that the proxy is running. >>> >>> In debian/ubuntu that user is proxy, and if you type ulimit as root you >>> will get a different answer that if you type ulimit logged in as proxy user. >>> >>> Be sure to check the ulimit for the right user >> >> Or you can check current limits using: >> >> /proc/SQUIDPID/limits >> > > Hi, > > I set my /etc/security/limit.conf: > * softnofile 655360 > * hardnofile 655360 > > so user squid also has limit in 655360: > # cat /proc/SQUIDPID/limits > Limit Soft Limit Hard Limit Units > Max cpu time unlimitedunlimitedseconds > Max file size unlimitedunlimitedbytes > Max data size unlimitedunlimitedbytes > Max stack size10485760 unlimitedbytes > Max core file sizeunlimitedunlimitedbytes > Max resident set unlimitedunlimitedbytes > Max processes 257742 257742 processes > Max open files655360 655360 files > Max locked memory 6553665536bytes > Max address space unlimitedunlimitedbytes > Max file locksunlimitedunlimitedlocks > Max pending signals 257742 257742 signals > Max msgqueue size 819200 819200 bytes > Max nice priority 00 > Max realtime priority 00 > Max realtime timeout unlimitedunlimitedus > > and my fd.file-max is 655360 too: > # cat /proc/sys/fs/file-max > 655360
Re: [squid-users] Squid does not respond to TCP SYN when there are thousands of connection
2013/2/15 Amm : > > >> ulimit -n must be run as the same user that the proxy is running. >> >> In debian/ubuntu that user is proxy, and if you type ulimit as root you >> will get a different answer that if you type ulimit logged in as proxy user. >> >> Be sure to check the ulimit for the right user > > Or you can check current limits using: > > /proc/SQUIDPID/limits > Hi, I set my /etc/security/limit.conf: * softnofile 655360 * hardnofile 655360 so user squid also has limit in 655360: # cat /proc/SQUIDPID/limits Limit Soft Limit Hard Limit Units Max cpu time unlimitedunlimitedseconds Max file size unlimitedunlimitedbytes Max data size unlimitedunlimitedbytes Max stack size10485760 unlimitedbytes Max core file sizeunlimitedunlimitedbytes Max resident set unlimitedunlimitedbytes Max processes 257742 257742 processes Max open files655360 655360 files Max locked memory 6553665536bytes Max address space unlimitedunlimitedbytes Max file locksunlimitedunlimitedlocks Max pending signals 257742 257742 signals Max msgqueue size 819200 819200 bytes Max nice priority 00 Max realtime priority 00 Max realtime timeout unlimitedunlimitedus and my fd.file-max is 655360 too: # cat /proc/sys/fs/file-max 655360
Re: [squid-users] Squid does not respond to TCP SYN when there are thousands of connection
> ulimit -n must be run as the same user that the proxy is running. > > In debian/ubuntu that user is proxy, and if you type ulimit as root you > will get a different answer that if you type ulimit logged in as proxy user. > > Be sure to check the ulimit for the right user Or you can check current limits using: /proc/SQUIDPID/limits
Re: [squid-users] Squid does not respond to TCP SYN when there are thousands of connection
On 02/15/2013 11:11 AM, dahanhsi wrote: There you go then. Squid is not permitted to _use_ more than 1651 FD. Every client TCP connection uses at least 1, sometimes 2 FD. When all the FD are used up Squid waits until some are free'd before accepting more client connections. With "from 4651 to 9404" I would set your max_filedescriptors to at least 18000. It can be anything up to the ulimit max. I set max_filedescriptors to 655360, and confirm that ulimit -n is also 655360. After restart Squid, I observe that rate of connection timeout in client is still about 10%, and no additional error such as filedescriptors error found in cache.log or dmesg. any ideas? thanks ulimit -n must be run as the same user that the proxy is running. In debian/ubuntu that user is proxy, and if you type ulimit as root you will get a different answer that if you type ulimit logged in as proxy user. Be sure to check the ulimit for the right user.
Re: [squid-users] Squid does not respond to TCP SYN when there are thousands of connection
2013/2/15 Amos Jeffries : > On 15/02/2013 11:53 p.m., dahanhsi wrote: >> >> Hi Amos, >> >> >> 2013/2/15 Amos Jeffries : >>> >>> On 15/02/2013 10:43 p.m., dahanhsi wrote: Thanks for your reply, provide more information below: 2013/2/15 Amos Jeffries : > > On 15/02/2013 10:12 p.m., dahanhsi wrote: >> >> Hi all, >> >> I use squid as a reverse proxy, and make thousands of connection to >> the >> it. > > Which version of Squid? I use Squid 2.7 >>> >>> >>> >>> Output of "squid -v" please. >> >> # squid -v >> Squid Cache: Version 2.7.STABLE9 >> configure options: '--prefix=/usr' '--exec_prefix=/usr' >> '--bindir=/usr/sbin' '--sbindir=/usr/sbin' >> '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' >> '--localstatedir=/var/spool/squid' '--datadir=/usr/share/squid' >> '--enable-async-io' '--with-pthreads' >> '--enable-storeio=ufs,aufs,coss,diskd,null' '--enable-linux-netfilter' >> '--enable-arp-acl' '--enable-epoll' >> '--enable-removal-policies=lru,heap' '--enable-snmp' >> '--enable-delay-pools' '--enable-htcp' '--enable-cache-digests' >> '--enable-underscores' '--enable-referer-log' '--enable-useragent-log' >> '--enable-auth=basic,digest,ntlm,negotiate' >> '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-carp' >> '--enable-follow-x-forwarded-for' '--with-large-files' >> '--with-maxfd=65536' 'amd64-debian-linux' >> 'build_alias=amd64-debian-linux' 'host_alias=amd64-debian-linux' >> 'target_alias=amd64-debian-linux' 'CFLAGS=-Wall -g -O2' >> 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS=' >> >>> >>> > What do you mean by "thousands of connections". 1's of tousands? 10's > of > thousands? 100's of thousands? # netstat -nat|grep -i "80"|wc -l the result vary from 4651 to 9404 >> There are one ten of all connections can not establish in TCP layer, >> because squid does not respond SYN-ACK to client's SYN packet. How can >> I solve it? >> Thanks > > > Check ulimit settings for Squid? > # ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 20 file size (blocks, -f) unlimited pending signals (-i) 16382 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 655360 pipe size(512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) unlimited virtual memory (kbytes, -v) unlimited file locks (-x) unlimited > Check your cache.log for messages about running out of filedescriptors? I set my limit.conf to: rootsoftnofile 655360 roothardnofile 655360 >>> >>> >>> That does not answer the question. Squid may have been built or >>> configured >>> with a limit of less than 655360 filedescriptors. >>> cache.log should tell you if Squid is reaching some limit like this. >> >> my cache.log: >> 2013/02/15 8:30:10| Starting Squid Cache version 2.7.STABLE9 for >> x86_64-debian-linux-gnu... >> 2013/02/15 8:30:10| Process ID 8136 >> 2013/02/15 8:30:10| With 2048 file descriptors available >> 2013/02/15 8:30:10| Using epoll for the IO loop >> 2013/02/15 8:30:10| DNS Socket created at 0.0.0.0, port 6450, FD 6 >> 2013/02/15 8:30:10| Adding nameserver 8.8.8.8 from /etc/resolv.conf >> 2013/02/15 8:30:10| User-Agent logging is disabled. >> 2013/02/15 8:30:10| Referer logging is disabled. >> 2013/02/15 8:30:10| logfileOpen: opening log /var/log/squid/access.log >> 2013/02/15 8:30:10| Unlinkd pipe opened on FD 12 >> 2013/02/15 8:30:10| Swap maxSize 8192 + 8388608 KB, estimated 645907 >> objects >> 2013/02/15 8:30:10| Target number of buckets: 32295 >> 2013/02/15 8:30:10| Using 32768 Store buckets >> 2013/02/15 8:30:10| Max Mem size: 8388608 KB >> 2013/02/15 8:30:10| Max Swap size: 8192 KB >> 2013/02/15 8:30:10| Local cache digest enabled; rebuild/rewrite every >> 3600/3600 sec >> 2013/02/15 8:30:10| logfileOpen: opening log /var/log/squid/store.log >> 2013/02/15 8:30:10| Rebuilding storage in /var/spool/squid (CLEAN) >> 2013/02/15 8:30:10| Using Least Load store dir selection >> 2013/02/15 8:30:10| Set Current Directory to /var/spool/squid >> 2013/02/15 8:30:10| Loaded Icons. >> 2013/02/15 8:30:10| Accepting accelerated HTTP connections at 0.0.0.0, >> port 80, FD 14. >> 2013/02/15 8:30:10| Accepting ICP messages at 0.0.0.0, port 3130, FD 15. >> 2013/02/15 8:30:10| HTCP Disabled. >> 2013/02/15 8:30:10| WCCP Disabled. >> 2013/02/15 8:30:10| Configuring localhost Parent localhost/12080/0 >> 2013/02/15 8:30:10| Ready to serve requests. >> 2013/02/15 8:30:10| Done reading /var/spool/squid
Re: [squid-users] Squid does not respond to TCP SYN when there are thousands of connection
On 15/02/2013 11:53 p.m., dahanhsi wrote: Hi Amos, 2013/2/15 Amos Jeffries : On 15/02/2013 10:43 p.m., dahanhsi wrote: Thanks for your reply, provide more information below: 2013/2/15 Amos Jeffries : On 15/02/2013 10:12 p.m., dahanhsi wrote: Hi all, I use squid as a reverse proxy, and make thousands of connection to the it. Which version of Squid? I use Squid 2.7 Output of "squid -v" please. # squid -v Squid Cache: Version 2.7.STABLE9 configure options: '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '--datadir=/usr/share/squid' '--enable-async-io' '--with-pthreads' '--enable-storeio=ufs,aufs,coss,diskd,null' '--enable-linux-netfilter' '--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=lru,heap' '--enable-snmp' '--enable-delay-pools' '--enable-htcp' '--enable-cache-digests' '--enable-underscores' '--enable-referer-log' '--enable-useragent-log' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-carp' '--enable-follow-x-forwarded-for' '--with-large-files' '--with-maxfd=65536' 'amd64-debian-linux' 'build_alias=amd64-debian-linux' 'host_alias=amd64-debian-linux' 'target_alias=amd64-debian-linux' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS=' What do you mean by "thousands of connections". 1's of tousands? 10's of thousands? 100's of thousands? # netstat -nat|grep -i "80"|wc -l the result vary from 4651 to 9404 There are one ten of all connections can not establish in TCP layer, because squid does not respond SYN-ACK to client's SYN packet. How can I solve it? Thanks Check ulimit settings for Squid? # ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 20 file size (blocks, -f) unlimited pending signals (-i) 16382 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 655360 pipe size(512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) unlimited virtual memory (kbytes, -v) unlimited file locks (-x) unlimited Check your cache.log for messages about running out of filedescriptors? I set my limit.conf to: rootsoftnofile 655360 roothardnofile 655360 That does not answer the question. Squid may have been built or configured with a limit of less than 655360 filedescriptors. cache.log should tell you if Squid is reaching some limit like this. my cache.log: 2013/02/15 8:30:10| Starting Squid Cache version 2.7.STABLE9 for x86_64-debian-linux-gnu... 2013/02/15 8:30:10| Process ID 8136 2013/02/15 8:30:10| With 2048 file descriptors available 2013/02/15 8:30:10| Using epoll for the IO loop 2013/02/15 8:30:10| DNS Socket created at 0.0.0.0, port 6450, FD 6 2013/02/15 8:30:10| Adding nameserver 8.8.8.8 from /etc/resolv.conf 2013/02/15 8:30:10| User-Agent logging is disabled. 2013/02/15 8:30:10| Referer logging is disabled. 2013/02/15 8:30:10| logfileOpen: opening log /var/log/squid/access.log 2013/02/15 8:30:10| Unlinkd pipe opened on FD 12 2013/02/15 8:30:10| Swap maxSize 8192 + 8388608 KB, estimated 645907 objects 2013/02/15 8:30:10| Target number of buckets: 32295 2013/02/15 8:30:10| Using 32768 Store buckets 2013/02/15 8:30:10| Max Mem size: 8388608 KB 2013/02/15 8:30:10| Max Swap size: 8192 KB 2013/02/15 8:30:10| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2013/02/15 8:30:10| logfileOpen: opening log /var/log/squid/store.log 2013/02/15 8:30:10| Rebuilding storage in /var/spool/squid (CLEAN) 2013/02/15 8:30:10| Using Least Load store dir selection 2013/02/15 8:30:10| Set Current Directory to /var/spool/squid 2013/02/15 8:30:10| Loaded Icons. 2013/02/15 8:30:10| Accepting accelerated HTTP connections at 0.0.0.0, port 80, FD 14. 2013/02/15 8:30:10| Accepting ICP messages at 0.0.0.0, port 3130, FD 15. 2013/02/15 8:30:10| HTCP Disabled. 2013/02/15 8:30:10| WCCP Disabled. 2013/02/15 8:30:10| Configuring localhost Parent localhost/12080/0 2013/02/15 8:30:10| Ready to serve requests. 2013/02/15 8:30:10| Done reading /var/spool/squid swaplog (11 entries) 2013/02/15 8:30:10| Finished rebuilding storage from disk. 2013/02/15 8:30:10|11 Entries scanned 2013/02/15 8:30:10| 0 Invalid entries. 2013/02/15 8:30:10| 0 With invalid flags. 2013/02/15 8:30:10|11 Objects loaded. 2013/02/15 8:30:10| 0 Objects expired. 2013/02/15 8:30:10| 0 Objects cancelled. 2013/02/15 8:30:10| 0 Duplicate URLs purged. 2013/02/15 8:30:10| 0 Swapfile clashes avoided. 2013/02/15 8:30:10| Took 0.3 seconds ( 41.8 objects/sec). 20
Re: [squid-users] Squid does not respond to TCP SYN when there are thousands of connection
Hi Amos, 2013/2/15 Amos Jeffries : > On 15/02/2013 10:43 p.m., dahanhsi wrote: >> >> Thanks for your reply, >> provide more information below: >> >> 2013/2/15 Amos Jeffries : >>> >>> On 15/02/2013 10:12 p.m., dahanhsi wrote: Hi all, I use squid as a reverse proxy, and make thousands of connection to the it. >>> >>> Which version of Squid? >> >> I use Squid 2.7 > > > > Output of "squid -v" please. # squid -v Squid Cache: Version 2.7.STABLE9 configure options: '--prefix=/usr' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--sbindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--sysconfdir=/etc/squid' '--localstatedir=/var/spool/squid' '--datadir=/usr/share/squid' '--enable-async-io' '--with-pthreads' '--enable-storeio=ufs,aufs,coss,diskd,null' '--enable-linux-netfilter' '--enable-arp-acl' '--enable-epoll' '--enable-removal-policies=lru,heap' '--enable-snmp' '--enable-delay-pools' '--enable-htcp' '--enable-cache-digests' '--enable-underscores' '--enable-referer-log' '--enable-useragent-log' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-carp' '--enable-follow-x-forwarded-for' '--with-large-files' '--with-maxfd=65536' 'amd64-debian-linux' 'build_alias=amd64-debian-linux' 'host_alias=amd64-debian-linux' 'target_alias=amd64-debian-linux' 'CFLAGS=-Wall -g -O2' 'LDFLAGS=-Wl,-Bsymbolic-functions' 'CPPFLAGS=' > > > >> >>> What do you mean by "thousands of connections". 1's of tousands? 10's of >>> thousands? 100's of thousands? >> >> # netstat -nat|grep -i "80"|wc -l >> the result vary from 4651 to 9404 >> >>> There are one ten of all connections can not establish in TCP layer, because squid does not respond SYN-ACK to client's SYN packet. How can I solve it? Thanks >>> >>> >>> Check ulimit settings for Squid? >>> >> # ulimit -a >> core file size (blocks, -c) 0 >> data seg size (kbytes, -d) unlimited >> scheduling priority (-e) 20 >> file size (blocks, -f) unlimited >> pending signals (-i) 16382 >> max locked memory (kbytes, -l) 64 >> max memory size (kbytes, -m) unlimited >> open files (-n) 655360 >> pipe size(512 bytes, -p) 8 >> POSIX message queues (bytes, -q) 819200 >> real-time priority (-r) 0 >> stack size (kbytes, -s) 8192 >> cpu time (seconds, -t) unlimited >> max user processes (-u) unlimited >> virtual memory (kbytes, -v) unlimited >> file locks (-x) unlimited >> >>> Check your cache.log for messages about running out of filedescriptors? >> >> I set my limit.conf to: >> rootsoftnofile 655360 >> roothardnofile 655360 > > > That does not answer the question. Squid may have been built or configured > with a limit of less than 655360 filedescriptors. > cache.log should tell you if Squid is reaching some limit like this. my cache.log: 2013/02/15 8:30:10| Starting Squid Cache version 2.7.STABLE9 for x86_64-debian-linux-gnu... 2013/02/15 8:30:10| Process ID 8136 2013/02/15 8:30:10| With 2048 file descriptors available 2013/02/15 8:30:10| Using epoll for the IO loop 2013/02/15 8:30:10| DNS Socket created at 0.0.0.0, port 6450, FD 6 2013/02/15 8:30:10| Adding nameserver 8.8.8.8 from /etc/resolv.conf 2013/02/15 8:30:10| User-Agent logging is disabled. 2013/02/15 8:30:10| Referer logging is disabled. 2013/02/15 8:30:10| logfileOpen: opening log /var/log/squid/access.log 2013/02/15 8:30:10| Unlinkd pipe opened on FD 12 2013/02/15 8:30:10| Swap maxSize 8192 + 8388608 KB, estimated 645907 objects 2013/02/15 8:30:10| Target number of buckets: 32295 2013/02/15 8:30:10| Using 32768 Store buckets 2013/02/15 8:30:10| Max Mem size: 8388608 KB 2013/02/15 8:30:10| Max Swap size: 8192 KB 2013/02/15 8:30:10| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec 2013/02/15 8:30:10| logfileOpen: opening log /var/log/squid/store.log 2013/02/15 8:30:10| Rebuilding storage in /var/spool/squid (CLEAN) 2013/02/15 8:30:10| Using Least Load store dir selection 2013/02/15 8:30:10| Set Current Directory to /var/spool/squid 2013/02/15 8:30:10| Loaded Icons. 2013/02/15 8:30:10| Accepting accelerated HTTP connections at 0.0.0.0, port 80, FD 14. 2013/02/15 8:30:10| Accepting ICP messages at 0.0.0.0, port 3130, FD 15. 2013/02/15 8:30:10| HTCP Disabled. 2013/02/15 8:30:10| WCCP Disabled. 2013/02/15 8:30:10| Configuring localhost Parent localhost/12080/0 2013/02/15 8:30:10| Ready to serve requests. 2013/02/15 8:30:10| Done reading /var/spool/squid swaplog (11 entries) 2013/02/15 8:30:10| Finished rebuilding storage from disk. 2013/02/15 8:30:10|11 Entries scanned 2013/02/15 8:30:10| 0 Invalid entries. 2013/02/15 8:30:10| 0 With invalid flags. 2013/02/15 8:30:10|11 Objects loaded. 2013/02/15 8:30:10| 0 Objects expired. 2013/02/15 8:30:10| 0 Objects cancelled. 2013/02/15 8:30:10|
Re: [squid-users] Squid does not respond to TCP SYN when there are thousands of connection
On 15/02/2013 10:43 p.m., dahanhsi wrote: Thanks for your reply, provide more information below: 2013/2/15 Amos Jeffries : On 15/02/2013 10:12 p.m., dahanhsi wrote: Hi all, I use squid as a reverse proxy, and make thousands of connection to the it. Which version of Squid? I use Squid 2.7 Output of "squid -v" please. What do you mean by "thousands of connections". 1's of tousands? 10's of thousands? 100's of thousands? # netstat -nat|grep -i "80"|wc -l the result vary from 4651 to 9404 There are one ten of all connections can not establish in TCP layer, because squid does not respond SYN-ACK to client's SYN packet. How can I solve it? Thanks Check ulimit settings for Squid? # ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 20 file size (blocks, -f) unlimited pending signals (-i) 16382 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 655360 pipe size(512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) unlimited virtual memory (kbytes, -v) unlimited file locks (-x) unlimited Check your cache.log for messages about running out of filedescriptors? I set my limit.conf to: rootsoftnofile 655360 roothardnofile 655360 That does not answer the question. Squid may have been built or configured with a limit of less than 655360 filedescriptors. cache.log should tell you if Squid is reaching some limit like this. Amos
Re: [squid-users] Squid does not respond to TCP SYN when there are thousands of connection
Thanks for your reply, provide more information below: 2013/2/15 Amos Jeffries : > On 15/02/2013 10:12 p.m., dahanhsi wrote: >> >> Hi all, >> >> I use squid as a reverse proxy, and make thousands of connection to the >> it. > > Which version of Squid? I use Squid 2.7 > > What do you mean by "thousands of connections". 1's of tousands? 10's of > thousands? 100's of thousands? # netstat -nat|grep -i "80"|wc -l the result vary from 4651 to 9404 > > >> There are one ten of all connections can not establish in TCP layer, >> because squid does not respond SYN-ACK to client's SYN packet. How can >> I solve it? >> Thanks > > > Check ulimit settings for Squid? > # ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 20 file size (blocks, -f) unlimited pending signals (-i) 16382 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 655360 pipe size(512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) unlimited virtual memory (kbytes, -v) unlimited file locks (-x) unlimited > Check your cache.log for messages about running out of filedescriptors? I set my limit.conf to: rootsoftnofile 655360 roothardnofile 655360 > > Once you find out what the cause is you an find out what to do about it. > > > Amos
Re: [squid-users] Squid does not respond to TCP SYN when there are thousands of connection
On 15/02/2013 10:12 p.m., dahanhsi wrote: Hi all, I use squid as a reverse proxy, and make thousands of connection to the it. Which version of Squid? What do you mean by "thousands of connections". 1's of tousands? 10's of thousands? 100's of thousands? There are one ten of all connections can not establish in TCP layer, because squid does not respond SYN-ACK to client's SYN packet. How can I solve it? Thanks Check ulimit settings for Squid? Check your cache.log for messages about running out of filedescriptors? Once you find out what the cause is you an find out what to do about it. Amos
