We've had a transparent wccp2-based squid cache implementation in place
for about a month now (we're an ISP), normally serving about 2000 active
clients among 2 servers, and our performance is very good (I've done
large amounts of tweaking), but recently we've been getting complaints
about sites not loading completely (which I also experienced at home
since I use squid there) where about half of the page loads and the
browser hangs (happens on multiple browsers; sites like gmail, etc),
script-related file uploads to certain sites fail (for example, pic
uploads to myspace), etc. I was thinking that the page hanging issue
was probably related to the cache not being able to fetch an embedded
object on the page, and causing the page load to hang halfway through
until the object times out (normally a browser would render as much as
it could, even if objects time out).
So any ideas on this would be greatly appreciated. We were thinking
that if the full-scale transparent wccp2 redirection doesn't work out,
that we could just redirect the most heavily used IP netblocks (such as
google, youtube, microsoft, yahoo, myspace, etc), but we'd possibly
still have the same issues.
Here's our config info:
We're running 2 FreeBSD 6.2 machines with Squid 2.6-STABLE17. Both
machines are 2.8ghz P4's with hyperthreading enabled, 4GB RAM, and 2
dedicated 500GB SATA drives in a software raid0 config for the cache
(system drive is separate). We've had to shrink the max cache size on
each to 256gb due to memory.
The first machine is handling wccp2 redirects from 4 cisco routers, and
the second is handling redirects from multiple cisco switches.
Here's the relevant squid config info:
build params:
---------
CFLAGS="-I/usr/local/include -L/usr/local/lib -march=pentium4 -O3 -pipe
-fomit-frame-pointer -funroll-loops -ffast-math -fno-exceptions"
export CFLAGS
./configure --enable-async-io --enable-icmp --enable-useragent-log
--enable-snmp --enable-cache-digests --enable-follow-x-forwarded-for
--enable-storeio=aufs,ufs,coss,null --enable-removal-policies="heap,lru"
--with-maxfd=16384 --enable-poll --disable-ident-lookups
--enable-large-cache-files --with-aufs-threads=64 --with-large-files
--enable-delay-pools --enable-htcp --enable-kqueue
---------
non-default squid.conf stuff:
---------
http_port 3128 transparent
cache_mem 128 MB
maximum_object_size_in_memory 1 MB
cache_replacement_policy heap LFUDA
cache_dir aufs /var/cache/aufs 256000 32 512
maximum_object_size 100 MB
cache_swap_low 94
cache_swap_high 95
buffered_logs on
quick_abort_min 0 KB
quick_abort_max 0 KB
extension_methods SEARCH PROPFIND PROPPATCH MKCOL MOVE BMOVE DELETE
BDELETE REPORT MERGE MKACTIVITY CHECKOUT
half_closed_clients off
ipcache_size 8192
ipcache_low 90
ipcache_high 95
fqdncache_size 8192
memory_pools_limit 50 MB
uri_whitespace allow
---------
We're using IPFW port redirection from 80 to 3128, and with the FreeBSD
kernel, we're mostly using the SMP kernel generic options, with these added:
options PERFMON
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPSTEALTH
options HZ=1000
options NET_WITH_GIANT
Ryan Thoryk
System Administrator
onShore Networks, LLC
