sön 2007-06-24 klockan 10:27 -0700 skrev G.V.S.M Siva Kumar:
> I have disabled caching as our cache
> utilization seems to be less than 5%. Our clients are
> experiencing unbearable delays while browsing. I made
> a
> few tests and found out the following page loading
> times.
> PC directly on Internet - 20 secs to load
> www.bull.com page
> Same PC using squid (plus IWSS) through port
> 3128 - 60 secs (same page)
> Same PC going directly through IWSS on port
> 8080 - 40 secs (same page)
And what do you see if you skip the IWSS?
> I made a tcpdump capturing packets on all
> interfaces under the condition that Iam the only one
> connected to the proxy, with a direct cable. On
> analysis of the tcpdump it is found that the proxy
> server made a total of 160+ DNS queries while loading
> the page of www.veritas.com.
Thats quite a lot indeed. I would expect about one or two on the first
page load, none on the second..
> Nameservers:
> IP ADDRESS # QUERIES # REPLIES
> --------------- --------- ---------
> 218.248.240.x 0 0
> 218.248.240.y 0 0
And it's not Squid making those DNS queries..
> I assume that when my browser is configured to
> use a proxy, it will not do any name resolution.
Correct.
> Instead, it provides the entire URI to the squid.
Correct.
> Now, when squid has a 'cache_peer parent, never direct
> allow all' specified, will it perform any name
> resolution or will it pass on the URL to the parent
> (in this case IWSS).
It will not do any DNS lookups unless required for ACL checks.. As it's
using a parent it do not need a DNS lookup to determine where to
connect.
> Which layer exactly does the name
> resolution?
I would guess it's your IWSS..
> I have a hunch this delay is because of
> name resolution.
Quite likely.. 160 DNS lookups over a WAN link takes quite some time.
What do you see if you skip the IWSS, allowing Squid to go direct?
Regards
Henrik
Attachment:
signature.asc
Description: Detta =?ISO-8859-1?Q?=E4r?= en digitalt signerad meddelandedel
