Hi Mr. Dumazet 2010/5/27 Eric Dumazet <eric.dumazet@xxxxxxxxx>: > Somebody setting up 48 squid instances must care about performance, or > something is wrong... True, I do care, very much! :) We're actually using the cache machine on a 300Mbps as kind of proof-of-concept: If it works well, we'll put on a 800Mbps network in june. > I would expect maybe 10.000 new connections per second for such a > setup ? Yep, something like this. > I personnally would use RPS (Remote Packet Steering) to distribute the > load on all available cpus, and one squid per available cpu too. > > TPROXY selection would then use a match on selected CPU > > echo ff >/sys/class/net/eth0/queues/rx-0/rps_cpus > > -A extrachain -m cpu 0 -j TPROXY --tproxy-mark 0x01/0xff --on-port 3127 > -A extrachain -m cpu 1 -j TPROXY --tproxy-mark 0x01/0xff --on-port 3128 > -A extrachain -m cpu 2 -j TPROXY --tproxy-mark 0x01/0xff --on-port 3129 > -A extrachain -m cpu 3 -j TPROXY --tproxy-mark 0x01/0xff --on-port 3130 > -A extrachain -m cpu 4 -j TPROXY --tproxy-mark 0x01/0xff --on-port 3131 > -A extrachain -m cpu 5 -j TPROXY --tproxy-mark 0x01/0xff --on-port 3132 > -A extrachain -m cpu 6 -j TPROXY --tproxy-mark 0x01/0xff --on-port 3133 > -A extrachain -m cpu 7 -j TPROXY --tproxy-mark 0x01/0xff --on-port 3134 That's a very good tip. Although the squid people told me that kernels > 2.6.32 don't play nice with TPROXY. I personally haven't tested them yet, I plan to do so this weekend. I'm currently using 2.6.29.6 on the production machine. But if some of the newer kernel work, I'll definitely use this, thanks. Cheers, Felipe Damasio -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
