What you want to do is try and find a tcpdump capture for the broken HTTP flows. I'd make sure window scaling is disabled, ECN is disabled and I'd change the default route TCP MSS to be < 1500 (say, 1400 or 1300.) Make sure if you use GRE then the route GRE is using is 1500. :) (I'm playing around with tproxy at home and I'm having slow loading issues; I have a feeling I'm seeing PMTU related issues. Hm.) Adrian On Wed, Jan 16, 2008, Ryan Thoryk wrote: > We've had a transparent wccp2-based squid cache implementation in place > for about a month now (we're an ISP), normally serving about 2000 active > clients among 2 servers, and our performance is very good (I've done > large amounts of tweaking), but recently we've been getting complaints > about sites not loading completely (which I also experienced at home > since I use squid there) where about half of the page loads and the > browser hangs (happens on multiple browsers; sites like gmail, etc), > script-related file uploads to certain sites fail (for example, pic > uploads to myspace), etc. I was thinking that the page hanging issue > was probably related to the cache not being able to fetch an embedded > object on the page, and causing the page load to hang halfway through > until the object times out (normally a browser would render as much as > it could, even if objects time out). > > So any ideas on this would be greatly appreciated. We were thinking > that if the full-scale transparent wccp2 redirection doesn't work out, > that we could just redirect the most heavily used IP netblocks (such as > google, youtube, microsoft, yahoo, myspace, etc), but we'd possibly > still have the same issues. > > Here's our config info: > > We're running 2 FreeBSD 6.2 machines with Squid 2.6-STABLE17. Both > machines are 2.8ghz P4's with hyperthreading enabled, 4GB RAM, and 2 > dedicated 500GB SATA drives in a software raid0 config for the cache > (system drive is separate). We've had to shrink the max cache size on > each to 256gb due to memory. > > The first machine is handling wccp2 redirects from 4 cisco routers, and > the second is handling redirects from multiple cisco switches. > > Here's the relevant squid config info: > > build params: > --------- > CFLAGS="-I/usr/local/include -L/usr/local/lib -march=pentium4 -O3 -pipe > -fomit-frame-pointer -funroll-loops -ffast-math -fno-exceptions" > export CFLAGS > ./configure --enable-async-io --enable-icmp --enable-useragent-log > --enable-snmp --enable-cache-digests --enable-follow-x-forwarded-for > --enable-storeio=aufs,ufs,coss,null --enable-removal-policies="heap,lru" > --with-maxfd=16384 --enable-poll --disable-ident-lookups > --enable-large-cache-files --with-aufs-threads=64 --with-large-files > --enable-delay-pools --enable-htcp --enable-kqueue > --------- > non-default squid.conf stuff: > > --------- > http_port 3128 transparent > cache_mem 128 MB > maximum_object_size_in_memory 1 MB > cache_replacement_policy heap LFUDA > cache_dir aufs /var/cache/aufs 256000 32 512 > maximum_object_size 100 MB > cache_swap_low 94 > cache_swap_high 95 > buffered_logs on > quick_abort_min 0 KB > quick_abort_max 0 KB > extension_methods SEARCH PROPFIND PROPPATCH MKCOL MOVE BMOVE DELETE > BDELETE REPORT MERGE MKACTIVITY CHECKOUT > half_closed_clients off > ipcache_size 8192 > ipcache_low 90 > ipcache_high 95 > fqdncache_size 8192 > memory_pools_limit 50 MB > uri_whitespace allow > --------- > > We're using IPFW port redirection from 80 to 3128, and with the FreeBSD > kernel, we're mostly using the SMP kernel generic options, with these added: > options PERFMON > options IPFIREWALL > options IPFIREWALL_FORWARD > options IPSTEALTH > options HZ=1000 > options NET_WITH_GIANT > > > Ryan Thoryk > System Administrator > onShore Networks, LLC -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level VPSes w/ capped bandwidth charges available in WA -