On 12/05/17 22:31, chiasa.men wrote:
Am Sonntag, 23. April 2017, 17:57:52 CEST schrieb Amos Jeffries:
On 23/04/17 23:25, chiasa....@web.de wrote:
Hello

my squid.conf looks like that:

https_port 3128 accel cert=/cert.pem key=/cert.key

defaultsite=ww1.example.com vhost

acl server20_domains dstdomain ww1.example.com ww2.example.com

http_access allow server20_domains

cache_peer server20 parent 443 0 no-query originserver name=server20

login=PASSTHRU ssl sslversion=6

cache_peer_access server20 allow server20_domains

cache_peer_access server20 deny all

The idea was to send ww1 and ww2 to server20 which is hosting an apache

webservice for both sites.
That looks fine.

You can see that approximately after 5s the timeout happens. Is it a
message

to worry about? (it is just "info" labled) Why does it occur?
Unknown. This is an Apache problem. The Squid portion of things appears
to be working if I'm reading that weird  access.log correctly.

Amos
Acutally it's not. The problem seemed to be the
server_persistent_connections setting in squid.conf.
By default set to on it tries to keep the cache_peer connection. Apache on the
other site hit the KeepAliveTimeout which was set to 5 seconds by default.
server_persistent_connections off in squid.conf

So Squid is told (by Apache) that the connection is to be kept open / persistent and then Apache closes it very quickly afterward. That is an explicit configured problem, but still Apache endpoint is the cause of the issues you are having here.

It is not a bug or error for either software, since that is one of the behaviours explicitly allowed by HTTP. But for you its being a problem.


It set server_persistent_connections to off and the problem disappeared.
Is there any downside of this setting?

1) Every single HTTP request sent to any upstream server has to go through a full TCP connection handshake process, then a TCP shutdown process afterwards.

2) TCP socket cannot be used for a second connection until the kernel has confirmed both endpoints are not going to send anything on it. Which may be up to 15min.

Between them these can cause a 50ms extra latency on every request, with a limit of just over 70 requests per second through the proxy to any given server - compared to the several tens of thousands Squid can normally handle and under 1ms latency that is quite bad.


The efficient solution is to have long persistence on the connections between your CDN frontend (Squid) and the backend origins (Apache). You can make the timeout much shorter on the Squid client connections.

Amos

_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to