> -----Original Message----- > From: Jorgen Rosink [mailto:jrosink@xxxxxxxxx] > Sent: Thursday, March 17, 2005 7:31 AM > To: squid-users@xxxxxxxxxxxxxxx > Subject: [squid-users] High Utilization > > > Hi, > > I'm using 2.5.STABLE8 from Debian Sarge and experiencing very high > utilization and random stalls client side at peek time. Did upgrade to > 2.5.STABLE9 from Debian Unstable, but no difference so far. I'm almost > sure I misconfigured some (or all ;-)) things, but totally out of > options. > > To see some performance: > > http://rosink.op.het.net/squid/day_stats.png > You are seeing peaks of over 20 Mb/sec traffic, from 2500 clients. That's quite a bit for one box to be handling. What kind of requests per second does that translate out to? (Cache Utilization in the cache manager will divulge this information). You might just be hitting the limits of one squid server. > http://rosink.op.het.net/squid/week_stats.png > > http://rosink.op.het.net/squid/info.txt > Requests seem to be serviced in a timely manner. Even misses are taking just 1/10th of a second to complete. > Box is a Xeon 2.4Ghz with 1GB ram and three dedicated 9GB SCSI cache Info.txt shows pretty low hit ratios, so perhaps you could use more disk space, and Squid can easily use more than a GB of RAM (especially if you have lots of disk cache). > volumes. Connections are coming from several (50 max) child proxies, > mostly BorderManager and ISA, used by about 2500 workstations. I'm > using the following configuration: > > http://rosink.op.het.net/squid/squid.conf > >From what I've read, you probably don't want to set the cache_dir to take up all of the formatted space on the drive. Aside from that, you might want to change your DO_NOT_CACHE acls to include a period in from of the domain (i.e. acl DO_NOT_CACHE dstdomain .zadkinezorg.nl) so it matches subdomains. For clarity you might put all of the child proxy ips in a commented text file, and just reference that file with a single acl, and a single http_access allow statement. You might want to turn buffered_logs on (though the Squid Conf Manual says that it's not likely going to be much of a problem). You are creating cache digests, but are any of the child proxies using it? Are any of the child proxies capable of bypassing this Squid server (if not, I'm not sure of the utility of advertising what this cache holds). > I'm aware of the extreme number of squidguard redirectors (32), but > that's the only way to make the log messages about blocking > redirectors disappear. > > Could anyone see what's happening ? > > Thanks, > > Jorgen Rosink
