We have a Mikrotik gateway router. Its a linux based router. I set it up to DST-NAT all port 80 traffic at my new Squid box. On the Squid box I have added a static route back to the router to force all traffic back through it first even if its in the same subnet. I compiled Squid with netfilter and aufs support on CentOS 4.4. The Squid box is an AMD64 dual core with 2Gbyte of RAM but currently only a single SATA drive used for system and cache. Usually runs 1 percent CPU load. The only other application running is named which I am using as a caching DNS server. In resolv.conf I setup the name server as 127.0.0.1. I also have the gateway routers caching DNS server use it as a parent so hopefully all my clients DNS requests are going to it and not replicated since they all use the gateway router as a DNS server. It all works great, mostly. Once in a while a user will just not be able to load a webpage. Email, etc will still work fine. SSH into the Squid server and tail -f access.log and it looks like its all other users are working. VNC into a different PC on a different IP and it works. Wait a few minutes and all works again. When this happens I have looked at file descriptors and they do not appear to be used up. All the stats look good. We are a wireless ISP and have added this setup pretty much identical at both our headends and they both exibit this behavior but it is rare but noticeable. Below is my config file and my stats from the heaviest used cache. I realize it could actually be the router and an issue with all the DST-NAT rules and not the cache at all. But the router has a built in cache which we used to use with a DST-NAT rule also but due to issues with some websites not working right and CPU load we moved to an external cache. Under heavy load the routers integrated would would hit 100% CPU and 1Gig of RAM used and surfing would be sluggish but not drop out. Just doing DST-NAT and using external Squid CPU and memory use dropped to a little of nothing on the router. Any ideas? Likely sent to much info here. Thanks. Matt ------------------------------------------------------------------------------------------------------------- #Squid Conf #Anyway to trim this down, I only want http allowed and only to my subnets? http_port 7080 transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache maximum_object_size 16384 KB cache_dir aufs /usr/local/squid/var/cache 48000 16 256 access_log /usr/local/squid/var/logs/access.log squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports acl our_networks src 127.0.0.1 mysubnets_here/24 http_access allow our_networks http_access deny all http_reply_access allow all icp_access allow all cache_mgr info@xxxxxxxxxxxx cache_effective_user squid cache_effective_group squid visible_hostname proxy.mydomain.net coredump_dir /usr/local/squid/var/cache ------------------------------------------------------------------------------------------------ Squid Object Cache: Version 2.6.STABLE9 Start Time: Wed, 31 Jan 2007 06:59:57 GMT Current Time: Thu, 01 Feb 2007 19:30:52 GMT Connection information for squid: Number of clients accessing cache: 473 Number of HTTP requests received: 2169287 Number of ICP messages received: 0 Number of ICP messages sent: 0 Number of queued ICP replies: 0 Request failure ratio: 0.00 Average HTTP requests per minute since start: 990.1 Average ICP messages per minute since start: 0.0 Select loop called: 157233294 times, 0.836 ms avg Cache information for squid: Request Hit Ratios: 5min: 42.0%, 60min: 33.1% Byte Hit Ratios: 5min: 7.5%, 60min: 9.2% Request Memory Hit Ratios: 5min: 0.9%, 60min: 1.3% Request Disk Hit Ratios: 5min: 39.3%, 60min: 36.2% Storage Swap size: 7627724 KB Storage Mem size: 8160 KB Mean Object Size: 17.92 KB Requests given to unlinkd: 0 Median Service Times (seconds) 5 min 60 min: HTTP Requests (All): 0.10281 0.11465 Cache Misses: 0.17711 0.15888 Cache Hits: 0.00379 0.00562 Near Hits: 0.10281 0.13498 Not-Modified Replies: 0.00286 0.00286 DNS Lookups: 0.00573 0.01046 ICP Queries: 0.00000 0.00000 Resource usage for squid: UP Time: 131455.527 seconds CPU Time: 938.133 seconds CPU Usage: 0.71% CPU Usage, 5 minute avg: 1.26% CPU Usage, 60 minute avg: 0.88% Process Data Segment Size via sbrk(): 60160 KB Maximum Resident Size: 0 KB Page faults with physical i/o: 1 Memory usage for squid via mallinfo(): Total space in arena: 60160 KB Ordinary blocks: 60100 KB 130 blks Small blocks: 0 KB 0 blks Holding blocks: 1260 KB 2 blks Free Small blocks: 0 KB Free Ordinary blocks: 59 KB Total in use: 61360 KB 100% Total free: 59 KB 0% Total size: 61420 KB Memory accounted for: Total accounted: 47533 KB memPoolAlloc calls: 283871918 memPoolFree calls: 282549881 File descriptor usage for squid: Maximum number of file descriptors: 1024 Largest file desc currently in use: 708 Number of file desc currently in use: 578 Files queued for open: 0 Available number of file descriptors: 446 Reserved number of file descriptors: 100 Store Disk files open: 2 IO loop method: epoll Internal Data Structures: 425713 StoreEntries 1617 StoreEntries with MemObjects 1579 Hot Object Cache Items 425599 on-disk objects ------------------------------------------------------------------------------------------------------------------ #60 minute averages sample_start_time = 1170355681.591335 (Thu, 01 Feb 2007 18:48:01 GMT) sample_end_time = 1170359282.784535 (Thu, 01 Feb 2007 19:48:02 GMT) client_http.requests = 20.017532/sec client_http.hits = 6.620861/sec client_http.errors = 0.000000/sec client_http.kbytes_in = 13.756552/sec client_http.kbytes_out = 329.699334/sec client_http.all_median_svc_time = 0.114648 seconds client_http.miss_median_svc_time = 0.167753 seconds client_http.nm_median_svc_time = 0.002856 seconds client_http.nh_median_svc_time = 0.142521 seconds client_http.hit_median_svc_time = 0.004626 seconds server.all.requests = 13.928439/sec server.all.errors = 0.000000/sec server.all.kbytes_in = 301.299303/sec server.all.kbytes_out = 11.966589/sec server.http.requests = 13.928439/sec server.http.errors = 0.000000/sec server.http.kbytes_in = 301.299303/sec server.http.kbytes_out = 11.966589/sec server.ftp.requests = 0.000000/sec server.ftp.errors = 0.000000/sec server.ftp.kbytes_in = 0.000000/sec server.ftp.kbytes_out = 0.000000/sec server.other.requests = 0.000000/sec server.other.errors = 0.000000/sec server.other.kbytes_in = 0.000000/sec server.other.kbytes_out = 0.000000/sec icp.pkts_sent = 0.000000/sec icp.pkts_recv = 0.000000/sec icp.queries_sent = 0.000000/sec icp.replies_sent = 0.000000/sec icp.queries_recv = 0.000000/sec icp.replies_recv = 0.000000/sec icp.replies_queued = 0.000000/sec icp.query_timeouts = 0.000000/sec icp.kbytes_sent = 0.000000/sec icp.kbytes_recv = 0.000000/sec icp.q_kbytes_sent = 0.000000/sec icp.r_kbytes_sent = 0.000000/sec icp.q_kbytes_recv = 0.000000/sec icp.r_kbytes_recv = 0.000000/sec icp.query_median_svc_time = 0.000000 seconds icp.reply_median_svc_time = 0.000000 seconds dns.median_svc_time = 0.010464 seconds unlink.requests = 0.000000/sec page_faults = 0.000000/sec select_loops = 1460.764449/sec select_fds = 310.735342/sec average_select_fd_period = 0.003218/fd median_select_fds = 0.000000 swap.outs = 4.137240/sec swap.ins = 9.773705/sec swap.files_cleaned = 0.000000/sec aborted_requests = 0.459570/sec syscalls.polls = 1460.764449/sec syscalls.disk.opens = 10.585380/sec syscalls.disk.closes = 21.163541/sec syscalls.disk.reads = 12.350906/sec syscalls.disk.writes = 34.692668/sec syscalls.disk.seeks = 0.000000/sec syscalls.disk.unlinks = 0.558981/sec syscalls.sock.accepts = 15.852246/sec syscalls.sock.sockets = 7.628583/sec syscalls.sock.connects = 7.626083/sec syscalls.sock.binds = 7.628583/sec syscalls.sock.closes = 15.517912/sec syscalls.sock.reads = 137.549132/sec syscalls.sock.writes = 151.487846/sec syscalls.sock.recvfroms = 2.864328/sec syscalls.sock.sendtos = 1.433136/sec cpu_time = 34.454762 seconds wall_time = 3601.193200 seconds cpu_usage = 0.956760%
