On 2/22/06, Kevin <[EMAIL PROTECTED]> wrote: > On 2/21/06, Raj <[EMAIL PROTECTED]> wrote: > > I need your suggestions to improve the performance of our proxy > > servers setup. we have 4 squid proxy servers running on Open BSD (HP > > Vectra 600, PIII 700). Below is squid -v output > > What version of OpenBSD?
We are running OpenBSD version 3.6 > That's some pretty darn old hardware, with a slow CPU, slow IDE hard > drive, slow RAM, and only expandable to 384MB. > > > > /opt/squid/sbin/squid -v > > Squid Cache: Version 2.5.STABLE10 > > configure options: --prefix=/opt/squid --enable-auth=ntlm,basic > > --enable-external-acl-helpers=wbinfo_group --localstatedir=/var/squid > > --enable-snmp > > > > We have two 1st tier proxies located on LAN and two 2nd tier proxies > > located in the DMZ. 1st Tier uses NTLM via the the Samba WINBIND > > process and 2nd tier with no authentication required. > > > > Server A & Server C - 1st tier proxies > > Server B & Server D - 2nd tier proxies > > > > We have been having performance issues for a long time. I have > > Can you define "performance issues"? If I access a website it takes 6 to 8 seconds to download the page. We have a 10MB internet link and the link utilisation is only 50% on average. > > One thing I found helped significantly in resolving performance > complaints was to implement a monitoring system to track network and > Internet utilization, Squid's own internal SNMP statistics, OS > statistics, and also single URL request processing time through each > proxy and also directly from a DMZ host that doesn't go through any > proxy. > > I've fixed a lot of "the proxy is slow" problems by reconfiguring DNS > servers, upgrading the firmware on switches and routers, converting > from a DS3 to an OC3, fixing speed and duplex mismatches -- almost > never has the fix for a "the proxy is slow" complaint involved > actually touching OpenBSD or Squid or the proxy server hardware. > > IOW, use instrumentation to isolate each "performance issue" and > address each issue individually. > > > > recommended them to buy Sun Fire V240 servers to replace these BSD > > boxes. > > Actually, I'm not all that impressed with the price/performance of the > V240 series, IMHO the v20z gives more bang for the buck (and can run > OpenBSD with dual procs). > > > > But they want to increase memory (from 256 MB to 2GB) on the > > existing servers and see if that improves the performance. > > Not a bad idea. > > > Below is the current cache size on all 4 servers: > > > > cache_dir ufs /var/squid/cache 400 16 256 > > > > On Server A & Server C we have the following config option on the > > cache_peer line: > > > > cache_peer ServerB parent 3128 3130 weight=15 no-query no-digest > > cache_peer ServerD parent 3128 3130 weight=10 no-query no-digest > > What sort of firewall is between AC (inside) and BD (outside)? what > is the link throughput and latency? We have a Cisco Firewall between the 1st tier and 2nd tier proxies. I am not sure about the model. But according to the network guys the Internet link is 10mb and the utilisation is only 50%. > > > > After I upgrade the memory I want to increase the cache_dir size to > > 2GB. > > Squid will complain if you don't at least add sufficient cache_dir space > to match the new cache_mem size. If I increase the cache_mem size to 256MB what should be the cache_dir size? > > I'd suggest adding a new fast disk to each cache server, dedicated to > cache_dir. > > > > Could someone suggest me if I need to change the cache_peer > > options to improve the performance. > > It depends on the nature of the performance issues. > Enabling digests will give a better hit ratio on content which can be > served out of cache, without adding any real delay and only minimal > memory overhead. Enabling digest means "removing no-digest" option on the cache_peer line right? > > Enabling ICP would give even higher cache hit ratios, but the extra > delay in processing requests (waiting for ICP responses) may be > unacceptable. Again enabling ICP is "removing no-query" option right? > > > > I also have cache_mem value set to > > 64mb at the moment. Do I need to increase that after I upgrade the > > memory. > > If you bring each server up to 2GB of RAM, you'll want to increase > cache_mem significantly, and remember to adjust /etc/login.conf to > permit the squid user to allocate enough memory and file descriptors. > > OpenBSD isn't as aggressive as other OSes about using free memory to > cache frequently accessed disk pages, so I set cache_mem very high on > OpenBSD. > > > > Any other help to improve the performance would be really > > appreciated. > > Faster/more memory/CPU/disk or even more servers in parallel could help. > Check that the first tier is configured for never_direct, neither > clients nor the internal proxy firewalls should be doing DNS lookups > or trying direct connections to Internet destinations. > You may be able to turn off request logging on the 2nd tier? > > Kevin >