> -----Original Message----- > From: Tomasz Kolaj [mailto:admin@xxxxxx] > Sent: Wednesday, February 22, 2006 2:24 PM > To: squid-users@xxxxxxxxxxxxxxx > Subject: Re: low squid performance? > > > Dnia środa, 22 lutego 2006 23:57, Chris Robertson napisał: > [cut] > > > > The answer to that question is dependant on a whole host of > > variables, such > > as ACLs used, whether it's a proxy or an accelerator, the > > types of clients > > accessing it (client latency has a dramatic effect on CPU > > usage), types of > > content retrieved, how your cache_dirs are defined, etc. > > > > Various things that can reduce Squid performance: > > > #^ remove wmf after security leaks on ms wmf file format > acl mGG url_regex ^http://adserver.gadu[\-]?gadu.pl/.*$ If I'm reading the regex right, you could change this to... acl mGG dstdomain .adserver.gadugadu.pl .adserver.gadu-gadu.pl ...and you might see a reduction in CPU usage. I'm not sure how much of one though... > redirector_access deny !mGG > redirector_bypass on > redirect_program /home/gg_rewrite > #^redirector ro replece banner in popular polish comunicator [cut] > > * High latency clients > > What do you mean "high latecy clients"? > The majority of my customers have a network path like: client->squid->satellite->squid->internet 100 requests/second put my CPU usage in the high 80s (on a 32 bit Intel Xeon 3.00GHz). [cut] > aragorn squid # squid -v > Squid Cache: Version 2.5.STABLE12 > configure options: --prefix=/usr --bindir=/usr/bin > --exec-prefix=/usr > --sbindir=/usr/sbin --localstatedir=/var --mandir=/usr/share/man > --sysconfdir=/etc/squid --libexecdir=/usr/lib/squid > --enable-auth=basic,digest,ntlm --enable-removal-policies=lru,heap > --enable-linux-netfilter --enable-truncate --with-pthreads > --enable-epool Hopefully that's just a misspelling. ;o) > --disable-follow-x-forwarded-for --host=x86_64-pc-linux-gnu > --disable-snmp > --disable-ssl --enable-underscores > --enable-storeio='diskd,coss,aufs,null' > --enable-async-io > > > fragmenst of squid.conf: > -- cut -- > http_port [ip:port] > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > no_cache deny QUERY > cache_mem 512 MB > maximum_object_size 16384 KB > maximum_object_size_in_memory 16 KB > cache_replacement_policy heap GDSF > memory_replacement_policy heap GDSF > cache_dir aufs /var/cache/squid/dysk1 30000 32 256 > cache_dir aufs /var/cache/squid/dysk2 30000 32 256 > cache_access_log /var/log/squid/access.log > cache_store_log none > mime_table /etc/squid/mime.conf > redirect_children 15 > auth_param basic children 5 > auth_param basic realm Squid proxy-caching web server > auth_param basic credentialsttl 2 hours > auth_param basic casesensitive off > request_header_max_size 20 KB > refresh_pattern -i (.*jpg$|.*gif$|.*png$) 0 50% 28800 > refresh_pattern -i (.*html$|.*htm|.*shtml|.*php) 0 20% 1440 > refresh_pattern . 0 20% 4320 > half_closed_clients off > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl administracja src 82.160.43.0/24 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl Safe_ports port 901 # SWAT > acl purge method PURGE > acl CONNECT method CONNECT > cache_mgr admin > http_access allow manager localhost > http_access allow manager administracja > http_access deny manager > http_access allow purge localhost > http_access deny purge > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > acl badURL url_regex -i .wmf$ > acl mGG url_regex ^http://adserver.gadu[\-]?gadu.pl/.*$ > redirector_access deny !mGG > redirector_bypass on > redirect_program /home/gg_rewrite > acl spywaredomains dstdomain src "/etc/squid/spywaredomains.txt" > acl our_networks src 82.160.43.0/24 82.160.129.0/24 > http_access deny badURL > http_access deny spywaredomains > http_access allow our_networks > http_access allow localhost > http_access deny all > http_reply_access allow all > icp_access allow all > cache_mgr admin@xxxxxx > visible_hostname w3cache.abp.pl > httpd_accel_host virtual > httpd_accel_port 80 > httpd_accel_with_proxy on > httpd_accel_uses_host_header on > dns_testnames onet.pl wp.pl microsoft.com abp.pl > logfile_rotate 10 > append_domain .abp.pl > forwarded_for off > log_icp_queries off > cachemgr_passwd [cut] all > buffered_logs on > coredump_dir /var/cache/squid > store_dir_select_algorithm least-load > -- cut -- > > > Thanks for advice. > -- > Tomasz Kolaj > I don't see any other likely problems (not saying there aren't any). Chris
