Re: Res: [squid-users] squid 3.2.0.5 smp scaling issues

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 05 May 2011 13:35:29 +1200

 On Wed, 4 May 2011 16:36:08 -0700 (PDT), david_at_lang.hm wrote:
> On Wed, 4 May 2011, Alex Rousskov wrote:
>
>> On 05/04/2011 12:49 PM, david_at_lang.hm wrote:
>>
 <snip>
>> IMHO, you can maximize your chances of getting free help by
>> isolating
>> the problem better. For example, perhaps you can try to reproduce it
>> with different kinds of fast ACLs (the simpler the better!). This
>> will
>> help clarify whether the problem is specific to IPv6, IP, or ACLs in
>> general. Test different number of ACLs: Does the problem happen only
>> when there number of simple ACLs is huge? Make the problem easier to
>> reproduce by posting configuration files (including Polygraph
>> workloads
>> or options for some other benchmarking tool you use).
>>-
>> This is not a guarantee that somebody will jump and help you, but
>> fixing
>> a well-triaged issue is often much easier.
>
> that's why I'm speaking up. I just have not known what to test.
>
> are there other types of ACLs that I should be testing?

 We can't answer that without having seen your config file and which are
 in use now.

 The list of all available ACL are at
 http://wiki.squid-cache.org/SquidFaq/SquidAcl and
 http://www.squid-cache.org/Doc/config/acl/

>
> I'll setup some tests with differnet numbers of ACLs. since I've
> already verified that the number of ACLs defined isn't the
> significant
> factor, only the number tested before one succeds (by moving the ACL
> that allows my access from the end of the file to the beginning of
> the
> file, keeping everything else the same), I'll see if the slowdown
> seems proportional to the number of rules, or if there is something
> else going on.
>
> any other types of testing I should do?

 The above looks like a good benchmark *provided* all the ACLs have the
 same type with consistent content counts. Mixing types makes the result
 non-comparable with other tests.

 If you have time (and want to), we kind of need that type of
 benchmarking done for each ACL type. Prioritising by popularity: src/dst
 by IP, port, domain and regex variants. Then proxy_auth, external (the
 "fake" helpers can help here). Then the others; ie browser, proto,
 method, header matching.

 We know general fuzzy details like, for example, a port test is faster
 than a domain test. One with details presented up front by the client is
 also faster than one where a lookup is needed. But have no deeper info
 to say if a dstdomain test is faster or slower than a src (IP) test.

 Way down my TODO list is the dream of micro-benchmarking the ACLs in
 their unit-tests.

 Amos
Received on Thu May 05 2011 - 01:35:33 MDT

This archive was generated by hypermail 2.2.0 : Thu May 05 2011 - 12:00:02 MDT