I know it's bad form to reply to your own post, but I found a partial explanation.
from http://linuxdevcenter.com/pub/a/linux/2001/09/17/squidpeering.html?page=2 FALSE HITS: (ICP only) Because ICP does not communicate request headers (only the URI is presented in an ICP query), it is possible for a peer to return an affirmative for a given URI but not be able to satisfy the request from cache. * cache1 sends an ICP query to cache2 for http://www.example.org/index.html. * cache2 has a cached copy of the object (87,376 seconds old), and answers in the affirmative. * cache1 then issues the request to cache2, but the request headers contain "Max-Age: 86400"). cache2's copy is too old to satisfy this request. * If cache1 has miss_access on cache2, then cache2 will go forward to the origin server (or a parent) and fetch a new copy, If not, cache2 will return a 504 HTTP response and cache1 will have to select a new source for the object. But why is it then recommended that miss_access be disabled for siblings? Would it be a bad thing for cache2 to fetch a new copy ? As far as I can see cache1 doesn't cache the object retrieved from the new source after the 504. On Wed, 2010-03-24 at 13:40 +0100, Taylan Develioglu wrote: > Hi, > > I'm trying to set up two squid siblings in front of lighttpd as reverse > proxies and have a question about some behavior I'm seeing. > > Squid versions are 2.7.STABLE7-1~bpo50+1 from the debian backports > repository. > > My goal is to create a setup with two cache siblings and one origin > server (lighttpd) where no duplicate cached entries between siblings > exist. > > I am getting these TCP_HIT/504's and I can't understand why they are > happening. > > When I do a refresh in firefox and request a picture from sibling1, > requested before on sibling2, I see the following: > > sibling1 is 5.5.5.5 > > - The original request on sibling 1: > > 1269431848.626 4 1.1.1.1 TCP_MISS/304 378 GET > http://pictures.something.com/pics/d/3/c/picture.jpg - > DEFAULT_PARENT/pict-dev image/jpeg > > - A UDP_HIT occurs on sibling2, sibling1 tries to fetch the file but it > received a 504 instead (excerpt below). > > 269431848.881 0 5.5.5.5 UDP_HIT/000 76 ICP_QUERY > http://pictures.something.com/pics/d/3/c/picture.jpg - NONE/- - > 1269431848.883 1 5.5.5.5 TCP_HIT/504 1752 GET > http://pictures.something.com/pics/d/3/c/picture.jpg - NONE/- text/html > > ----start---- > > HTTP/1.0 504 Gateway Time-out > Expires: Wed, 24 Mar 2010 09:55:19 GMT > X-Squid-Error: ERR_ONLY_IF_CACHED_MISS 0 > Age: 1269424520 > Warning: 113 localhost (squid/3.0.STABLE8) This cache hit is still fresh > and more than 1 day old > X-Cache: HIT from localhost > X-Cache-Lookup: HIT from localhost:80 > > The requested URL could not be retrieved > Valid document was not found in the cache and 'only-if-cached' > directive was specified. > > You have issued a request with a 'only-if-cached' cache control > directive. The document was not found in the cache, or it required > revalidation prohibited by 'only-if-cached' directive. > > ----end---- > > Why does sibling2 respond with a UDP_HIT but then sends a 504 error page > to sibling1 when sibling1 tries to fetch the picture? > > Is this normal behavior or am I doing something wrong here? Please see > my squid.conf below, suggestions are very much appreciated and thanks in > advance. > > acl all src all > acl manager proto cache_object > acl localhost src 127.0.0.1/32 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 > acl Safe_ports port 80 #http > acl Safe_ports port 21 #ftp > acl Safe_ports port 443 #https > acl Safe_ports port 70 #gopher > acl Safe_ports port 210 #wais > acl Safe_ports port 1025-65535 #unregistered ports > acl Safe_ports port 280 #http-mgmt > acl Safe_ports port 488 #gss-http > acl Safe_ports port 591 #filemaker > acl Safe_ports port 777 #multiling http > acl CONNECT method CONNECT > > acl sites dstdomain pictures.something.com > acl siblings src 6.6.6.6 > > cache_peer 4.4.4.4 parent 80 0 default no-query no-digest originserver > name=lighttpd-server login=PASS > cache_peer 6.6.6.6 sibling 80 9832 proxy-only > name=sibling2 > > cache_peer_access lighttpd-server allow sites > cache_peer_access sibling2 allow sites > > http_access allow sites > http_access allow siblings > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost > http_access deny all > > icp_access allow siblings > icp_access deny all > > htcp_access deny all > > miss_access deny siblings > > http_port 80 act-as-origin accel vhost > icp_port 9832 > > access_log /var/log/squid/access.log > debug_options ALL,3 > cache_mgr cach...@domain.com > > cache_dir aufs /var/spool/squid 4000 32 128 > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > >
