We have a Mikrotik gateway router. Its a linux based router. I set
it up to DST-NAT all port 80 traffic at my new Squid box. On the
Squid box I have added a static route back to the router to force all
traffic back through it first even if its in the same subnet. I
compiled Squid with netfilter and aufs support on CentOS 4.4. The
Squid box is an AMD64 dual core with 2Gbyte of RAM but currently only
a single SATA drive used for system and cache. Usually runs 1 percent
CPU load. The only other application running is named which I am
using as a caching DNS server. In resolv.conf I setup the name server
as 127.0.0.1. I also have the gateway routers caching DNS server use
it as a parent so hopefully all my clients DNS requests are going to
it and not replicated since they all use the gateway router as a DNS
server.
It all works great, mostly. Once in a while a user will just not be
able to load a webpage. Email, etc will still work fine. SSH into
the Squid server and tail -f access.log and it looks like its all
other users are working. VNC into a different PC on a different IP
and it works. Wait a few minutes and all works again. When this
happens I have looked at file descriptors and they do not appear to be
used up. All the stats look good.
We are a wireless ISP and have added this setup pretty much identical
at both our headends and they both exibit this behavior but it is rare
but noticeable. Below is my config file and my stats from the
heaviest used cache. I realize it could actually be the router and an
issue with all the DST-NAT rules and not the cache at all. But the
router has a built in cache which we used to use with a DST-NAT rule
also but due to issues with some websites not working right and CPU
load we moved to an external cache. Under heavy load the routers
integrated would would hit 100% CPU and 1Gig of RAM used and surfing
would be sluggish but not drop out. Just doing DST-NAT and using
external Squid CPU and memory use dropped to a little of nothing on
the router.
Any ideas? Likely sent to much info here.
Thanks.
Matt
-------------------------------------------------------------------------------------------------------------
#Squid Conf
#Anyway to trim this down, I only want http allowed and only to my subnets?
http_port 7080 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
maximum_object_size 16384 KB
cache_dir aufs /usr/local/squid/var/cache 48000 16 256
access_log /usr/local/squid/var/logs/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 127.0.0.1 mysubnets_here/24
http_access allow our_networks
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr info@mydomain.net
cache_effective_user squid
cache_effective_group squid
visible_hostname proxy.mydomain.net
coredump_dir /usr/local/squid/var/cache
------------------------------------------------------------------------------------------------
Squid Object Cache: Version 2.6.STABLE9
Start Time: Wed, 31 Jan 2007 06:59:57 GMT
Current Time: Thu, 01 Feb 2007 19:30:52 GMT
Connection information for squid:
Number of clients accessing cache: 473
Number of HTTP requests received: 2169287
Number of ICP messages received: 0
Number of ICP messages sent: 0
Number of queued ICP replies: 0
Request failure ratio: 0.00
Average HTTP requests per minute since start: 990.1
Average ICP messages per minute since start: 0.0
Select loop called: 157233294 times, 0.836 ms avg
Cache information for squid:
Request Hit Ratios: 5min: 42.0%, 60min: 33.1%
Byte Hit Ratios: 5min: 7.5%, 60min: 9.2%
Request Memory Hit Ratios: 5min: 0.9%, 60min: 1.3%
Request Disk Hit Ratios: 5min: 39.3%, 60min: 36.2%
Storage Swap size: 7627724 KB
Storage Mem size: 8160 KB
Mean Object Size: 17.92 KB
Requests given to unlinkd: 0
Median Service Times (seconds) 5 min 60 min:
HTTP Requests (All): 0.10281 0.11465
Cache Misses: 0.17711 0.15888
Cache Hits: 0.00379 0.00562
Near Hits: 0.10281 0.13498
Not-Modified Replies: 0.00286 0.00286
DNS Lookups: 0.00573 0.01046
ICP Queries: 0.00000 0.00000
Resource usage for squid:
UP Time: 131455.527 seconds
CPU Time: 938.133 seconds
CPU Usage: 0.71%
CPU Usage, 5 minute avg: 1.26%
CPU Usage, 60 minute avg: 0.88%
Process Data Segment Size via sbrk(): 60160 KB
Maximum Resident Size: 0 KB
Page faults with physical i/o: 1
Memory usage for squid via mallinfo():
Total space in arena: 60160 KB
Ordinary blocks: 60100 KB 130 blks
Small blocks: 0 KB 0 blks
Holding blocks: 1260 KB 2 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 59 KB
Total in use: 61360 KB 100%
Total free: 59 KB 0%
Total size: 61420 KB
Memory accounted for:
Total accounted: 47533 KB
memPoolAlloc calls: 283871918
memPoolFree calls: 282549881
File descriptor usage for squid:
Maximum number of file descriptors: 1024
Largest file desc currently in use: 708
Number of file desc currently in use: 578
Files queued for open: 0
Available number of file descriptors: 446
Reserved number of file descriptors: 100
Store Disk files open: 2
IO loop method: epoll
Internal Data Structures:
425713 StoreEntries
1617 StoreEntries with MemObjects
1579 Hot Object Cache Items
425599 on-disk objects
------------------------------------------------------------------------------------------------------------------
#60 minute averages
sample_start_time = 1170355681.591335 (Thu, 01 Feb 2007 18:48:01 GMT)
sample_end_time = 1170359282.784535 (Thu, 01 Feb 2007 19:48:02 GMT)
client_http.requests = 20.017532/sec
client_http.hits = 6.620861/sec
client_http.errors = 0.000000/sec
client_http.kbytes_in = 13.756552/sec
client_http.kbytes_out = 329.699334/sec
client_http.all_median_svc_time = 0.114648 seconds
client_http.miss_median_svc_time = 0.167753 seconds
client_http.nm_median_svc_time = 0.002856 seconds
client_http.nh_median_svc_time = 0.142521 seconds
client_http.hit_median_svc_time = 0.004626 seconds
server.all.requests = 13.928439/sec
server.all.errors = 0.000000/sec
server.all.kbytes_in = 301.299303/sec
server.all.kbytes_out = 11.966589/sec
server.http.requests = 13.928439/sec
server.http.errors = 0.000000/sec
server.http.kbytes_in = 301.299303/sec
server.http.kbytes_out = 11.966589/sec
server.ftp.requests = 0.000000/sec
server.ftp.errors = 0.000000/sec
server.ftp.kbytes_in = 0.000000/sec
server.ftp.kbytes_out = 0.000000/sec
server.other.requests = 0.000000/sec
server.other.errors = 0.000000/sec
server.other.kbytes_in = 0.000000/sec
server.other.kbytes_out = 0.000000/sec
icp.pkts_sent = 0.000000/sec
icp.pkts_recv = 0.000000/sec
icp.queries_sent = 0.000000/sec
icp.replies_sent = 0.000000/sec
icp.queries_recv = 0.000000/sec
icp.replies_recv = 0.000000/sec
icp.replies_queued = 0.000000/sec
icp.query_timeouts = 0.000000/sec
icp.kbytes_sent = 0.000000/sec
icp.kbytes_recv = 0.000000/sec
icp.q_kbytes_sent = 0.000000/sec
icp.r_kbytes_sent = 0.000000/sec
icp.q_kbytes_recv = 0.000000/sec
icp.r_kbytes_recv = 0.000000/sec
icp.query_median_svc_time = 0.000000 seconds
icp.reply_median_svc_time = 0.000000 seconds
dns.median_svc_time = 0.010464 seconds
unlink.requests = 0.000000/sec
page_faults = 0.000000/sec
select_loops = 1460.764449/sec
select_fds = 310.735342/sec
average_select_fd_period = 0.003218/fd
median_select_fds = 0.000000
swap.outs = 4.137240/sec
swap.ins = 9.773705/sec
swap.files_cleaned = 0.000000/sec
aborted_requests = 0.459570/sec
syscalls.polls = 1460.764449/sec
syscalls.disk.opens = 10.585380/sec
syscalls.disk.closes = 21.163541/sec
syscalls.disk.reads = 12.350906/sec
syscalls.disk.writes = 34.692668/sec
syscalls.disk.seeks = 0.000000/sec
syscalls.disk.unlinks = 0.558981/sec
syscalls.sock.accepts = 15.852246/sec
syscalls.sock.sockets = 7.628583/sec
syscalls.sock.connects = 7.626083/sec
syscalls.sock.binds = 7.628583/sec
syscalls.sock.closes = 15.517912/sec
syscalls.sock.reads = 137.549132/sec
syscalls.sock.writes = 151.487846/sec
syscalls.sock.recvfroms = 2.864328/sec
syscalls.sock.sendtos = 1.433136/sec
cpu_time = 34.454762 seconds
wall_time = 3601.193200 seconds
cpu_usage = 0.956760%
Received on Thu Feb 01 2007 - 12:18:40 MST
This archive was generated by hypermail pre-2.1.9 : Thu Mar 01 2007 - 12:00:01 MST