Have WCCPv2 running between Cisco 4948 gigE switch and Squid on Linux
server (WCCPv2 is working fine, see redirects on TCPDUMP).
Routing incoming WCCP redirects to ETH0 and outgoing to ETH1 on server.
Squid starts without error and performs well for about 20 minutes; then
some web pages time out indiscriminately and customers must refresh
several times ("address not valid" error appears in browser).
Don't see any errors in the access.log
Approximately 7500 customers can be hitting the Squid server during
heavy use, but the box has more than adequate memory and disk space to
accomodate those numbers from what I've read. Could the page time-out
errors be due to DNS settings?
Any help/recommendations are appreciated.
thanks
-Ryan
Setup Details below:
Squid Server:
GNU/Linux kernel 2.6.19.7
4-AMD dual-core 2.6 gig Opteron processors
32 gig DDR2 RAM
4-28 gig cache drives
Cisco 4948 switch running 12.2(40)SG
Squid server ETH0 > Cisco 4948 switch WCCPv2 vlan port
Squid server ETH1 > Cisco 4948 switch INTERNET vlan port
IPTABLES PREROUTING 0.0.0.0/0 port 80 to 0.0.0.0/0 port 3124
http_port xxx.xxx.xxx.xxx:3124 transparent
http_port localhost:8888
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl our_networks src xxx.xxx.xxx.xxx/19 xxx.xxx.xxx.xxx/19
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 16 GB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
memory_replacement_policy lru
#memory_replacement_policy LFUDA
cache_dir aufs /squid0 285520 16 256
cache_dir aufs /squid1 285520 16 256
cache_dir aufs /squid2 285520 16 256
cache_dir aufs /squid3 285520 16 256
dns_nameservers xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
positive_dns_ttl 1 minute
negative_dns_ttl 1 second
logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
access_log /usr/local/squid/var/logs/access.log squid
#access_log none
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
#cache_log none
#cache_store_log none
emulate_httpd_log off
log_ip_on_direct on
pid_filename /usr/local/squid/var/logs/squid.pid
debug_options ALL,1 80,9
refresh_pattern -i .*akamai\.net.* 10080 100% 20160 override-expire
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl example src xxx.xxx.xxx.xxx/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl NO_CACHE dstdomain "/usr/local/squid/etc/no_cache.conf"
http_access allow manager localhost
http_access allow manager example
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow our_networks
http_access deny all
http_reply_access allow all
tcp_outgoing_address 0.0.0.0
cache_effective_user squid
visible_hostname proxy.xxxxxxxx.com
wccp2_router xxx.xxx.xxx.xxx
wccp2_rebuild_wait on
wccp2_forwarding_method 2
wccp2_return_method 2
wccp2_assignment_method 2
wccp2_service standard 0
wccp2_weight 10000
coredump_dir /usr/local/squid/var/cache
client_persistent_connections on
server_persistent_connections off
persistent_connection_after_error off
cache_effective_group squid
#no_cache deny our_networks
no_cache deny NO_CACHE
dns_testnames xxx.xxx.xxx.xxx
pipeline_prefetch on
shutdown_lifetime 1 second
half_closed_clients off
maximum_object_size 1024 KB