Hi List, I am facing a problem with squid. I have around 30-40 req/s with around 350 users. A lot of TCP connection to 10.1.1.1 (10.1.1.1:8080) failed in my cache.log appear and it affects users while they are accessing mainly https sites. The error given in the client is the same as the one in the cache.log: Tcp connection to 10.1.1.1 failed I tried to google around, but couldn't really find a solution... Any help/suggestions would be appreciated. Thanks a lot, Josh Below the configuration i have: OS: OpenBSD 4.3 # squid -v Squid Cache: Version 2.7.STABLE3 configure options: '--datadir=/usr/local/share/squid' '--localstatedir=/var/squid' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-epoll' '--enable-arp-acl' '--enable-async-io' '--enable-auth=basic digest ntlm' '--enable-basic-auth-helpers=NCSA YP' '--enable-digest-auth-helpers=password' '--enable-cache-digests' '--enable-large-cache-files' '--enable-carp' '--enable-delay-pools' '--enable-external-acl-helpers=ip_user session unix_group wbinfo_group' '--enable-htcp' '--enable-ntlm-auth-helpers=SMB' '--enable-referer-log' '--enable-removal-policies=lru heap' '--enable-snmp' '--enable-ssl' '--enable-storeio=ufs aufs coss diskd null' '--enable-underscores' '--enable-useragent-log' '--enable-wccpv2' '--with-aio' '--with-large-files' '--with-pthreads' '--with-maxfd=32768' 'CPPFLAGS=-I/usr/local/include' 'LDFLAGS=-L/usr/local/lib' 'CFLAGS=-DNUMTHREADS=128' '--prefix=/usr/local' '--sysconfdir=/etc' '--mandir=/usr/local/man' '--infodir=/usr/local/info' 'CC=cc' squid.conf ========== http_port 8080 icp_port 0 cache_peer 10.1.1.1 parent 8080 0 default no-query no-digest no-netdb-exchange hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache broken_vary_encoding allow apache cache_mem 512 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size 64 MB maximum_object_size_in_memory 512 KB ipcache_size 8192 ipcache_low 90 ipcache_high 95 fqdncache_size 8192 cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF cache_dir aufs /var/squid/cache 60000 16 256 access_log /var/squid/logs/access.log squid hosts_file /etc/hosts refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 quick_abort_min 0 KB quick_abort_max 0 KB positive_dns_ttl 24 hours half_closed_clients off connect_timeout 1 minute peer_connect_timeout 1 minute pconn_timeout 1 minute shutdown_lifetime 5 seconds acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 # https acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl purge method PURGE acl CONNECT method CONNECT acl snmppublic snmp_community public acl corpnet dstdomain .corp.local http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access allow CONNECT SSL_ports http_access allow Safe_ports http_access deny all httpd_suppress_version_string on visible_hostname proxy memory_pools off log_icp_queries off client_db off buffered_logs on never_direct deny corpnet never_direct allow all coredump_dir /var/squid/logs pipeline_prefetch on cache.log ========= # tail -f /var/squid/logs/cache.log 2008/09/19 12:35:20| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:22| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:23| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:27| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:27| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:29| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:31| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:32| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:33| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:34| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:36| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:37| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:37| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:38| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:38| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:40| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:41| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:41| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:41| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:41| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:43| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:43| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:44| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:44| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:45| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed 2008/09/19 12:35:45| TCP connection to 10.1.1.1 (10.1.1.1:8080) failed # tail -f /var/log/daemon Sep 19 12:34:13 proxy squid[6221]: clientTryParseRequest: FD 185 (10.112.75.24:1640) Invalid Request Sep 19 12:34:15 proxy squid[6221]: TCP connection to 10.1.1.1 (10.1.1.1:8080) failed Sep 19 12:34:49 proxy last message repeated 36 times Sep 19 12:34:59 proxy last message repeated 9 times Sep 19 12:34:59 proxy squid[6221]: parseHttpRequest: Unsupported method '\^E\^ACONNECT' Sep 19 12:34:59 proxy squid[6221]: clientTryParseRequest: FD 81 (10.176.113.6:2058) Invalid Request Sep 19 12:35:00 proxy squid[6221]: TCP connection to 10.1.1.1 (10.1.1.1:8080) failed Sep 19 12:35:00 proxy squid[6221]: TCP connection to 10.1.1.1 (10.1.1.1:8080) failed Sep 19 12:35:02 proxy squid[6221]: TCP connection to 10.1.1.1 (10.1.1.1:8080) failed Sep 19 12:35:06 proxy last message repeated 4 times Sep 19 12:35:07 proxy squid[6221]: parseHttpRequest: Unsupported method '\^E\^ACONNECT' Sep 19 12:35:07 proxy squid[6221]: clientTryParseRequest: FD 124 (10.51.128.52:3953) Invalid Request Sep 19 12:35:08 proxy squid[6221]: TCP connection to 10.1.1.1 (10.1.1.1:8080) failed Sep 19 12:35:40 proxy last message repeated 28 times # tail -f /var/log/messages Sep 19 12:34:59 proxy squid[6221]: parseHttpRequest: Unsupported method '\^E\^ACONNECT' Sep 19 12:34:59 proxy squid[6221]: clientTryParseRequest: FD 81 (10.176.113.6:2058) Invalid Request Sep 19 12:35:00 proxy squid[6221]: TCP connection to 10.1.1.1 (10.1.1.1:8080) failed Sep 19 12:35:00 proxy squid[6221]: TCP connection to 10.1.1.1 (10.1.1.1:8080) failed Sep 19 12:35:02 proxy squid[6221]: TCP connection to 10.1.1.1 (10.1.1.1:8080) failed Sep 19 12:35:06 proxy last message repeated 4 times Sep 19 12:35:07 proxy squid[6221]: parseHttpRequest: Unsupported method '\^E\^ACONNECT' Sep 19 12:35:07 proxy squid[6221]: clientTryParseRequest: FD 124 (10.51.128.52:3953) Invalid Request Sep 19 12:35:08 proxy squid[6221]: TCP connection to 10.1.1.1 (10.1.1.1:8080) failed Sep 19 12:35:40 proxy last message repeated 28 times Sep 19 12:36:02 proxy last message repeated 26 times Sep 19 12:36:03 proxy squid[6221]: parseHttpRequest: Unsupported method '\^E\^ACONNECT' Sep 19 12:36:03 proxy squid[6221]: clientTryParseRequest: FD 16 (10.112.75.24:1657) Invalid Request Sep 19 12:36:03 proxy squid[6221]: TCP connection to 10.1.1.1 (10.1.1.1:8080) failed Sep 19 12:36:39 proxy last message repeated 31 times Sep 19 12:36:58 proxy last message repeated 32 times Sep 19 12:36:59 proxy squid[6221]: httpAppendBody: Request not yet fully sent "POST http://blugro1relay.groove.microsoft.com/2.0/blugro1relay.groove.microsoft.com/8kf3cwcmatvdtxbqdhfq8pimqa84beeq5a8ij8s,ConnType=LongLived"; Sep 19 12:36:59 proxy squid[6221]: parseHttpRequest: Unsupported method '\^E\^ACONNECT' Sep 19 12:36:59 proxy squid[6221]: clientTryParseRequest: FD 200 (10.176.113.6:2071) Invalid Request Sep 19 12:36:59 proxy squid[6221]: httpAppendBody: Request not yet fully sent "POST http://blugro1relay.groove.microsoft.com/2.0/blugro1relay.groove.microsoft.com/8kf3cwcmatvdtxbqdhfq8pimqa84beeq5a8ij8s,ConnType=LongLived"; Sep 19 12:36:59 proxy squid[6221]: TCP connection to 10.1.1.1 (10.1.1.1:8080) failed Sep 19 12:37:00 proxy squid[6221]: httpAppendBody: Request not yet fully sent "POST http://blugro1relay.groove.microsoft.com/2.0/blugro1relay.groove.microsoft.com/8kf3cwcmatvdtxbqdhfq8pimqa84beeq5a8ij8s,ConnType=LongLived"; Sep 19 12:37:00 proxy squid[6221]: TCP connection to 10.1.1.1 (10.1.1.1:8080) failed Sep 19 12:37:04 proxy last message repeated 7 times Sep 19 12:37:04 proxy squid[6221]: httpAppendBody: Request not yet fully sent "POST http://blugro1relay.groove.microsoft.com/2.0/blugro1relay.groove.microsoft.com/nver529yip5guwwtywu9zde24r4p65chsr4ceua,ConnType=LongLived"; Sep 19 12:37:05 proxy squid[6221]: httpAppendBody: Request not yet fully sent "POST http://blugro1relay.groove.microsoft.com/2.0/blugro1relay.groove.microsoft.com/nver529yip5guwwtywu9zde24r4p65chsr4ceua,ConnType=LongLived"; Sep 19 12:37:05 proxy squid[6221]: httpAppendBody: Request not yet fully sent "POST http://blugro1relay.groove.microsoft.com/2.0/blugro1relay.groove.microsoft.com/nver529yip5guwwtywu9zde24r4p65chsr4ceua,ConnType=LongLived"; Sep 19 12:37:06 proxy squid[6221]: TCP connection to 10.1.1.1 (10.1.1.1:8080) failed # sysctl -a | grep tcp net.inet.tcp.rfc1323=1 net.inet.tcp.keepinittime=150 net.inet.tcp.keepidle=14400 net.inet.tcp.keepintvl=150 net.inet.tcp.slowhz=2 net.inet.tcp.baddynamic=587,749,750,751,871 net.inet.tcp.recvspace=65536 net.inet.tcp.sendspace=32768 net.inet.tcp.sack=1 net.inet.tcp.mssdflt=512 net.inet.tcp.rstppslimit=100 net.inet.tcp.ackonpush=0 net.inet.tcp.ecn=0 net.inet.tcp.syncachelimit=10255 net.inet.tcp.synbucketlimit=105 net.inet.tcp.rfc3390=1 net.inet.tcp.reasslimit=3072 net.inet.tcp.sackholelimit=32768 # sysctl -a | grep "net.inet.ip" | grep -v ipsec net.inet.ip.forwarding=1 net.inet.ip.redirect=1 net.inet.ip.ttl=64 net.inet.ip.sourceroute=0 net.inet.ip.directed-broadcast=0 net.inet.ip.portfirst=1024 net.inet.ip.portlast=49151 net.inet.ip.porthifirst=49152 net.inet.ip.porthilast=65535 net.inet.ip.maxqueue=300 net.inet.ip.encdebug=0 net.inet.ip.mtudisc=1 net.inet.ip.mtudisctimeout=600 net.inet.ip.ifq.len=0 net.inet.ip.ifq.maxlen=256 net.inet.ip.ifq.drops=0 net.inet.ip.mforwarding=0 net.inet.ip.multipath=0 net.inet.ipip.allow=0 net.inet.ipcomp.enable=0
