[squid-users] flapping wccp serive !!! , squid sometimes dont reply to stop !! from Ahmad on 2013-02-28 (squid-users)

From: Ahmad <ahmed.zaeem_at_netstream.ps>
Date: Thu, 28 Feb 2013 03:13:24 -0800 (PST)

hi ,
ive configure squid 3.1.0 with router cisco 7200
i configured "tproxy "
i noted that squid with suqidguard gave a good performance
i pumped 2000 users with about 190 M

the problem is the wccp serive between squid & cisco router is lost and
returned agian , lost and retured agian , and so on.

this make a drop for a few time and it seems annoying issue .
here is the logging from the cisco router about flapping service
===========================================================
*Oct 21 09:12:27.706: %WCCP-5-SERVICEFOUND: Service 90 acquired on WCCP
client x.x.x.x
*Oct 21 09:12:27.706: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP
client x.x.x.x
*Oct 21 09:29:47.830: %WCCP-1-SERVICELOST: Service 90 lost on WCCP client
1x.x.x.
*Oct 21 09:29:57.722: %WCCP-5-SERVICEFOUND: Service 90 acquired on WCCP
client x.x.x.x
*Oct 21 09:34:17.842: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client
x.x.x.x
*Oct 21 09:34:37.710: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP
client 1x.x.x.
*Oct 21 09:36:27.826: %WCCP-1-SERVICELOST: Service 90 lost on WCCP client
x.x.x
*Oct 21 09:36:27.826: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client
xxxx
*Oct 21 09:36:48.342: %WCCP-5-SERVICEFOUND: Service 90 acquired on WCCP
client 1xxx
*Oct 21 09:36:48.342: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP
client 1xxx
*Oct 21 10:19:38.730: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client
1xxxx
*Oct 21 10:19:58.718: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP
client 1xxxx
*Oct 21 10:29:18.606: %WCCP-1-SERVICELOST: Service 90 lost on WCCP client
1xxxxxx
*Oct 21 10:29:18.606: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client
1xxx
*Oct 21 11:20:02.901: %WCCP-5-SERVICEFOUND: Service 90 acquired on WCCP
client 1xxx
*Oct 21 11:20:02.901: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP
client xxxx
*Oct 21 11:21:23.025: %WCCP-1-SERVICELOST: Service 90 lost on WCCP client
1xx
*Oct 21 11:21:23.025: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client
1xxx
*Oct 21 11:23:54.141: %WCCP-5-SERVICEFOUND: Service 90 acquired on WCCP
client xxx
*Oct 21 11:23:54.141: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP
client xxx
*Oct 21 11:35:25.037: %WCCP-1-SERVICELOST: Service 90 lost on WCCP client
1xxx
*Oct 21 11:35:25.037: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client
1xxx
*Oct 21 11:35:34.941: %WCCP-5-SERVICEFOUND: Service 90 acquired on WCCP
client 1xxx
*Oct 21 11:35:34.941: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP
client xxx
*Oct 21 11:38:05.033: %WCCP-1-SERVICELOST: Service 90 lost on WCCP client
1xxx
*Oct 21 11:38:05.033: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client
1xxx
*Oct 21 12:58:34.357: %WCCP-5-SERVICEFOUND: Service 90 acquired on WCCP
client xxx
*Oct 21 12:58:34.357: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP
client 1xxx
*Oct 21 13:06:44.465: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client
1xxx
*Oct 21 13:07:04.449: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP
client xxxx
*Oct 21 13:09:34.461: %WCCP-1-SERVICELOST: Service 90 lost on WCCP client
xxx
*Oct 21 13:09:34.461: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client
xxx

===============================================================
here is my squid.conf file config !:
[root_at_squid ~]# cat /etc/squid/squid.conf
#
# squid Config By "" ""
#
###################
acl all src all
acl manager proto cache_object
acl localnet src 192.168.1.0/24 x.x.x.x/16 x.x.x.x/16
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
acl localnet src 10.0.0.0/8 #include the 10 subnet & freezed users :)
#acl localhost src 127.0.0.1/255.255.255.255
#acl to_localhost dst 127.0.0.0/8
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 590 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#####################
#cache deny all
################################
visible_hostname squid
coredump_dir /var/spool/squid
################################
###Block specific sites###
acl min1 dstdomain "/min/min1.conf"
http_access deny min1
####squidguard###################
redirect_program /usr/local/squidguard5/bin/squidGuard -c
/etc/squidguard.conf
redirector_bypass on
url_rewrite_children 200
cache_effective_user squid
cache_effective_group squid
##############################
#Recommended minimum configuration:
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access allow localnet
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# And finally deny all other access to this proxy
http_access deny all
#Allow ICP queries from everyone
icp_access allow all
#######################################
access_log /var/log/squid/access.log
cache_dir aufs /cache1 500000 32 256
cache_dir aufs /cache2 500000 32 256
cache_dir aufs /cache3 500000 32 256
cache_mem 10000 MB
##########################
http_port 127.0.0.1:3127
http_port x.x.x.x:65000
http_port 3128
http_port 3129 tproxy
########### Performance Related Config:
relaxed_header_parser on
vary_ignore_expire on
##########################################
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
###########################################
ipcache_size 2048
ipcache_low 98
ipcache_high 99
memory_pools off
pipeline_prefetch on
############################################
httpd_suppress_version_string on
server_persistent_connections on
client_persistent_connections on
pconn_timeout 2 minutes
persistent_request_timeout 1 minute
###########################################
########### WCCP2 Config#############
wccp2_router x.x.x.x
wccp_version 2
wccp2_forwarding_method 2
wccp2_return_method 2
wccp2_service dynamic 80
wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80
wccp2_service dynamic 90
wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source
priority=240 ports=80
##########################################
###########################################
#default option
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#################################################
forwarded_for on
max_filedescriptors 65536
max_open_disk_fds 65536
relaxed_header_parser on
reload_into_ims on
client_lifetime 15 minutes
read_timeout 5 minutes
request_timeout 1 minutes
ie_refresh on
ignore_expect_100 on
vary_ignore_expire on
###############################
################################
httpd_suppress_version_string on
server_persistent_connections on
client_persistent_connections on
pconn_timeout 2 minutes
persistent_request_timeout 1 minute
shutdown_lifetime 20 seconds
#############################
cache_swap_low 98
cache_swap_high 99
cache_replacement_policy heap LFUDA
minimum_object_size 0
maximum_object_size 130 MB
###############################

note that this flapping may occur after 30 minutes or may be after 15
minutes or may be longer than that .
=========================================================================
=========================================================================
the 2nd problem is , sometimes i need to stop squid , but when i type stop,
it seems to be restarted not stopped .
i mean that if i want to stop suqid , i have to type the command
/etc/init.d/squid stop many times so that it take effect .
here is an example ,
ive tried twice to stop it so that it have been stopped
====================================================================
[root_at_squid ~]# /etc/init.d/squid stop
Stopping squid: 2013/02/28 05:18:24| WARNING: (B) '::/0' is a subnetwork of
(A) '::/0'
2013/02/28 05:18:24| WARNING: because of this '::/0' is ignored to keep
splay tree searching predictable
2013/02/28 05:18:24| WARNING: You should probably remove '::/0' from the ACL
named 'all'
.................[ OK ]
[root_at_squid ~]# /etc/init.d/squid status
squid (pid 7110) is running...
2013/02/28 05:20:28| WARNING: (B) '::/0' is a subnetwork of (A) '::/0'
2013/02/28 05:20:28| WARNING: because of this '::/0' is ignored to keep
splay tree searching predictable
2013/02/28 05:20:28| WARNING: You should probably remove '::/0' from the ACL
named 'all'
[root_at_squid ~]# /etc/init.d/squid stop
Stopping squid: 2013/02/28 05:20:33| WARNING: (B) '::/0' is a subnetwork of
(A) '::/0'
2013/02/28 05:20:33| WARNING: because of this '::/0' is ignored to keep
splay tree searching predictable
2013/02/28 05:20:33| WARNING: You should probably remove '::/0' from the ACL
named 'all'
............................[ OK ]
[root_at_squid ~]# /etc/init.d/squid status
squid is stopped
[root_at_squid ~]#

=============================
[root_at_squid ~]# squid -v
Squid Cache: Version 3.1.10
configure options: '--build=x86_64-redhat-linux-gnu'
'--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share'
'--includedir=/usr/include' '--libdir=/usr/lib64'
'--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib'
'--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr'
'--libexecdir=/usr/lib64/squid' '--localstatedir=/var'
'--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
'--with-logdir=$(localstatedir)/log/squid'
'--with-pidfile=$(localstatedir)/run/squid.pid'
'--disable-dependency-tracking' '--enable-arp-acl'
'--enable-follow-x-forwarded-for'
'--enable-auth=basic,digest,ntlm,negotiate'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth'
'--enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth'
'--enable-digest-auth-helpers=password,ldap,eDirectory'
'--enable-negotiate-auth-helpers=squid_kerb_auth'
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
'--enable-cache-digests' '--enable-cachemgr-hostname=localhost'
'--enable-delay-pools' '--enable-epoll' '--enable-icap-client'
'--enable-ident-lookups' '--enable-linux-netfilter' '--enable-referer-log'
'--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl'
'--enable-storeio=aufs,diskd,ufs' '--enable-useragent-log' '--enable-wccpv2'
'--enable-esi' '--with-aio' '--with-default-user=squid'
'--with-filedescriptors=16384' '--with-dl' '--with-openssl'
'--with-pthreads' 'build_alias=x86_64-redhat-linux-gnu'
'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu'
'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions
-fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie'
'LDFLAGS=-pie' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2
-fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic
-fpie' --with-squid=/builddir/build/BUILD/squid-3.1.10
====================================================
with my best regards

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/flapping-wccp-serive-squid-sometimes-dont-reply-to-stop-tp4658768.html
Sent from the Squid - Users mailing list archive at Nabble.com.

Received on Thu Feb 28 2013 - 11:13:34 MST

This archive was generated by hypermail 2.2.0 : Fri Mar 01 2013 - 12:00:04 MST