On Tue, Jul 22, 2008 at 03:44:13PM +0800, Thompson, Scott (WA) wrote: > I have MRTG installed and for HTTP In and Out we are seeing it max > out at 14.4MB/s as well as Server In/Out traffic Is this HTTP In and Out actually measuring HTTP traffic, or simply traffic coming to/from the squid server? Is this max occurring constantly, or at particular times of day, or seemingly randomly, or...? > I assume this means that the LAN card in the squid server is > saturated with traffic and I suspect this is why the server is not > responding to requests from the users. 14.4MB/s = 100Mb which is > what the LAN card is > Usually hitting refresh a few times will load the page in question > The squid server is located in a DMZ behind a Cisco PIX, the MRTG > traffic reported on the DMZ interface on the PIX shows a max in > and out of about 512KB/s (5 minute averages) What is the traffic path between your clients and the server running squid? Does it all pass through the PIX's DMZ interface? If so, then my priority would be to determine what's causing all the traffic on the squid server. Are there other servers in the DMZ that could be communicating with squid through the local network segment (i.e. without having to go through the PIX)? That might explain how it's possible squid could be maxing out its link. > We are running Squid 2.5 Stable6, I know this is a fairly old > version. This has only started happening since we have > implemented a hosted solution for our reporting systems for our > retail stores as well as for the users who need to get these > reports and information. > If anyone can offer any insights to this it would be greatly > appreciated. If you require more information don't hesitate to let > me know. I would guess you've got some kind of loop happening that for whatever reason is not / cannot be detected by the servers involved and terminated. What's the load of your squid box like? It might be very helpful to use something like jnettop, if you can run it on your squid server, to see exactly what traffic is being sent/received that could be maxing out the link. Possibly a tcpdump for a short duration could work as well. Failing that, are you logging all requests through your squid? If so, is the number and size of the requests enough to saturate a 100mbit link?