On Mon, 8 Mar 2010 11:38:02 -0600, Luis Daniel Lucio Quiroz <luis.daniel.lucio@xxxxxxxxx> wrote: > Le Dimanche 10 Mai 2009 03:01:14, Roland Roland a écrit : >> Hi All, >> >> users on my network have been complaining of slow browsing sessions for a >> while now.. >> i'm trying to figure out ways to speed sessions up without necessarily >> upgrading my current bandwidth plan... >> i've thought about Squid, i've set it up on centOS and it's under >> testing. >> so my question is, an out of the box squid configuration would be enough >> to >> speed things up with it's caching options? or is there specific config to >> do so.. ? >> >> PS: i've done the minimal following config so far: >> >> - added an ACL defining my trusted subnet >> - allowed all access to this ACL >> >> i can browse the net and so on through squid, but am i actually caching? >> i >> check the caching directory and i see it's growing in size (as minimal as >> one user could cause it to do so) but while using wireshark, i see that >> for >> each browsing session i retrieve all "Static" objects from the net! at >> the >> same time caching logs shows hit after another... >> am at a loss..! >> >> is that normal ?! what did i do wrong ? why am I retrieving static >> objects >> times and times again off the internet instead of squid's caching >> directory >> ? Check carefully what type of HIT they are. TCP_HIT is fetched only from cache, the others involve network fetches of some kind. REFRESH and UNMODIFIED are squid sending out an IMS (if-modified-sice) request to check fro newer content. REFRESH is when there _is_ newer content received whole and the server provides the entire object back. UNMODIFIED is when unchanged and cache copy sent back to the client, but a network check and very small data is still required to be done to indentify if that is possible. Also, check that your config does not include QUERY acl and "cache deny QUERY". That prevents caching of any potentially dynamic content (even though well designed sites permit caching of dynamic content). The badly designed sites still require a refresh_pattern: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 [placed just above the "refresh_pattern . " line] > > I'm also reviewn how to seepd up mandriva's squid. Here it is my config. > Any > suggestion? > > ./configure --build=x86_64-mandriva-linux-gnu --prefix=/usr > --exec-prefix=/usr -- > bindir=/usr/sbin --sbindir=/usr/sbin --sysconfdir=/etc/squid -- > datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 -- > libexecdir=/usr/lib64/squid --localstatedir=/var --sharedstatedir=/usr/com > -- > mandir=/usr/share/man --infodir=/usr/share/info --x-includes=/usr/include > --x- > libraries=/usr/lib64 --enable-shared=yes --enable-static=no > --enable-xmalloc- > statistics --enable-carp --enable-async-io --enable- > storeio=aufs,diskd,null,ufs --enable-disk- > io=AIO,Blocking,DiskDaemon,DiskThreads --enable-removal-policies=heap,lru > -- > enable-icmp --enable-delay-pools --disable-esi --enable-icap-client > --enable- > useragent-log --enable-referer-log --enable-wccp --enable-wccpv2 --disable- > kill-parent-hack --enable-snmp --enable-cachemgr-hostname=localhost > --enable- > arp-acl --enable-htcp --enable-ssl --enable-forw-via-db > --enable-cache-digests > --disable-poll --enable-epoll --enable-linux-netfilter > --disable-ident-lookups > --enable-default-hostsfile=/etc/hosts > --enable-auth=basic,digest,negotiate,ntlm > --enable-basic-auth-helpers=getpwnam,LDAP,MSNT,multi-domain- > NTLM,NCSA,PAM,SMB,YP,SASL,POP3,DB,squid_radius_auth --enable-ntlm-auth- > helpers=fakeauth,no_check,SMB > --enable-negotiate-auth-helpers=squid_kerb_auth > --enable-digest-auth-helpers=password,ldap,eDirectory > --enable-external-acl- > helpers=ip_user,ldap_group,session,unix_group,wbinfo_group --with-default- > user=squid --with-pthreads --with-dl --with-openssl=/usr > --with-large-files -- > with-build-environment=default --with-filedescriptors=8192 The referrer log, useragent log are mostly a waste. In the rare cases they really are needed they can be replicated with logformat settings. Speed in Squid is mostly driven by squid.conf and how much optimization we have built into the code. The only configure settings that really affect speed AFAIK are the disk IO methods (which you already have) and the select loop methods, epoll and kqueue if available and working on your OS make sure they are available as options. If they are available but not working thats maybe a bug we need to look into. The rest is up to the users configuration. For example admin with a fixation on regex will immediately cut a large percentage off their speed. Amos
