I'm not sure if this is helpful, but these are our stats during a typical day: ~500 active clients, all connected via 100Mb/s campus LAN. ~30 req/sec avg, 75 req/sec max during peaks ~steady CPU utilization of 15-20% ~27Gb cache on 3 9Gb 10k rpm scsi drives ~dual P3/733 running Linux 2.6, 768Mb RAM ~most users restricted with delay pools ~approx 300,000 dstdomain ACL entries ~NTauth required for all clients On 9 May 2006 at 0:04, Francois Verbeek wrote: > Mmm I should have put the list in copy. > > Anyways, as requested, a bit more details. > > 'Typical day' is around 8 hours (only one timezone) of worktime so > that'd be around 55 queries a sec on each machine. But obviously the > load is not equally spread over the day, so we get over 100 req/s at > peak hours on the local machines. > > I'm gathering stats with a (very) basic parser of manager output and > injecting this in Cacti (http://www.cacti.net/) for (basic) performance > graphing. > > Hardware details here : http://www.sun.com/servers/entry/v210/ > > Caches are at 40GB on each machine (2x20GB on different disks) > All systems running Solaris 8. > cache_swap_low and cache_swap_high are kept at the same value : 95% > otherwise the cleaning of the cache is too disruptive. > Got to use the sleep_after_fork parameter (set at 500 microseconds) for > starting the 30 ntlm_auth processes (queue gets as high as 17 sometimes, > AD's not performing so well..) and half as many squid_ldap_group. > Note that squid_ldap_group is only used in some acls, so it's not so > often started. > Otherwise, as we're running an independant namespace from internet, got > to avoid DNS resolving on the internal proxy for Internet addresses. > Basically, I'm not doing anything with destination ip based access lists. > ACLs are pretty long (several hundred lines) but mainly based on > dstdomain, so parsing is fast enough. > > > Hope this helps > > François > > > Hello, > > > > My company is now running a Squid internet access > > environment with NTLM authentication and > > squid_ldap_group for authorizations. > > We have around 15000 users on this infra. > > It's a two-layered infrastructure, with proxies in a > > firewall environment doing cache & anonymisation and > > proxies on the internal network doing client > > authentication and rules enforcement. > > We're running Squid 2.5-Stable12 and preparing the > > upgrade to Stable13. > > > > The users are spread on eight internal servers which > > use two DMZ proxies. > > All that runs on SUN V210 with 2GB of memory. > > CPU usage is around 30% on internal machines, 40% on > > DMZ machines. > > > > From calamaris (sum of all internal machines), in a > > typical day : > > > > Proxy statistics > > Total amount: requests 12804840 > > Total amount cached: requests 7897308 > > Request hit rate: % 61.67 > > Total Bandwidth: Byte 47067M > > Bandwidth savings: Byte 8543M > > > > After a bit of tweaking (all of it documented either > > in MLs or FAQ) I haven't seen any major problem. > > I just have two machines whereon the process crashes > > occasionally, with a 'Bus error' message but it > > restarts spontaneously instantly. I'll try Squid-2.5 > > Stable13 and a different compiler (using Sun studio > > now) before calling for help.. > > > > > > Francois > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Shawn Wright, I.T. Manager Shawnigan Lake School http://www.sls.bc.ca swright@xxxxxxxxx
