[EMAIL PROTECTED] wrote: > Wait a minute. > ... > Something is going horribly wrong. First of all, where ever possible, use > the domain > filters to block sites. > ... > Your lag time in the squid -k reconfigure process can be blamed a ton of > different things. > > How much memory do you have? How many TOTAL url/domain blocks are there? > How many redirect children are you using?
We have 596030 total domain rules and 46319 url rules (we use the standard K12LTSP squidGuard package, with automatic blacklist updates from rsync://squidguard.mesd.k12.or.us/filtering). We service up to 400 concurrent clients on a P4 2.4 with 512 Mb RAM. I've settled on 32 redirect children, since any less seems to result in significant lag times waiting for a redirector to become available (using stats from squid's cachemgr.cgi). With this configuration, restarts of squid are impractical during peak hours. We have an automatic restart at 0500 every day, and we've found that to be sufficient. Most of our clients are student machines, and they are redirected through Dan's Guardian before going through squidGuard. DG is configured to use the same blacklists as SG. We restart DG far more often than SG, because a restart of DG usually takes around 5-25 seconds, while a restart of SG can take 2-5 minutes. I'm sure this system would do a lot better with a dual Xeon with 2 Gb of RAM, but it seems to me that DG has a better architecture than SG for this sort of thing. -- Paul Gear, Manager IT Operations, Redlands College 38 Anson Road, Wellington Point 4160, Australia (Please send attachments in portable formats such as PDF, HTML, or OpenOffice.) -- If you have skills or information that could be helpful to others, please consider contributing to the schools IT support wiki at http://schools.wikispaces.org -- The information contained in this message is copyright by Redlands College. Any use for direct sales or marketing purposes is expressly forbidden. This message does not represent the views of Redlands College.
signature.asc
Description: OpenPGP digital signature
