Dear All,
First, please bear with me for the lengthy message. I'm really in need
of help from your expertise regarding a good, robust, high-performance
forward-proxy Squid setup for ISP customers.
I am running an ISP with around 500 customers. I've been using a single
Squid machine to do forward proxy for the customers to cache the Web
contents and thus save some costly bandwidth.
The single Squid machine has the following hardware specs roughly:
- RAM: 16GB
- CPU: 2 of 3 GHz Intel XEON CPUs
- Hard drive: 4 x 300GB SCSI drives
I use Squid-2.7STABLE9 on Fedora 12.
Right now, I allow only half of the customers (around 250 users) to use
this forward proxy machine and I notice that, the 16GB memory is used up
easily in 3 hours after Squid's startup.
I would like to know how can tweak that box for better performance than
it has now.
Or is it reaching the limit already?
Please find in the attached files for the Squid configuration, and cache
info & utilization.
I am also thinking of running 2 Squid machines as cache peers: one being
a child and the other a parent. For that setup, I would like to have the
child peer to do caching for local customers and redirect any outside
(Internet) destinations to the parent peer, which will not cache anything.
May I have your inputs on this setup: is it correct and does it follow
the best practice?
If it does, may I have some guidances/pointers on this from those who
had set up similar scenario before?
Hope for your kind advice.
Many thanks & best regards,
Khem
# cat /etc/squid/squid.conf
########### Port Config:
http_port 127.0.0.1:3128
http_port 192.168.24.26:3128 transparent
icp_port 3130
########### WCCP2 Config:
wccp2_router 192.168.24.25
wccp2_address 192.168.24.26
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0 password=123_cp
########### Performance Related Config:
hierarchy_stoplist cgi-bin ?
forwarded_for on
half_closed_clients off
persistent_request_timeout 2 minutes
max_filedescriptors 65536
max_open_disk_fds 65536
relaxed_header_parser on
reload_into_ims on
quick_abort_min 0 KB
quick_abort_max 0 KB
client_lifetime 15 minutes
read_timeout 5 minutes
request_timeout 1 minutes
extension_methods NICK
ie_refresh on
ignore_expect_100 on
vary_ignore_expire on
cache_mem 6 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
ipcache_size 2048
ipcache_low 98
ipcache_high 99
memory_pools off
pipeline_prefetch on
httpd_accel_no_pmtu_disc on
httpd_suppress_version_string on
########### Cache Config:
cache_dir aufs /cache1 180000 32 256
cache_dir aufs /cache2 180000 32 256
cache_dir aufs /cache3 180000 32 256
cache_effective_user squid
cache_effective_group squid
cache_swap_low 98
cache_swap_high 99
cache_replacement_policy heap LFUDA
request_header_max_size 2048 KB
minimum_object_size 512 bytes
maximum_object_size 5 GB
negative_ttl 0 seconds
negative_dns_ttl 1 second
########### ACL Config:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl cachehost src 192.168.24.26
acl to_cachehost dst 192.168.24.26
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl localnet src 192.168.24.0/255.255.248.0 172.18.80.0/255.255.240.0
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access allow localhost
###
http_access allow cachehost
http_access deny to_cachehost
http_access allow localnet
###
http_access deny all
icp_access deny all
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
coredump_dir /var/log/squid
error_directory /etc/squid/errors/English
cache_store_log none
pid_filename /var/run/squid.pid
log_fqdn off
log_icp_queries off
logfile_rotate 1
### Caching Videos: YouTube, Google, and others:
acl store_rewrite_list urlpath_regex \/(get_video\?|videodownload\?|videoplayback.*id)
acl store_rewrite_list urlpath_regex \/ads\?
acl store_rewrite_list urlpath_regex \.(mp2|mp3|mid|midi|mp[234]|wav|ram|ra|rm|au|3gp|m4r|m4a)\?
acl store_rewrite_list urlpath_regex \.(mpg|mpeg|mp4|m4v|mov|avi|asf|wmv|wma|dat|flv|swf)\?
acl store_rewrite_list urlpath_regex \.(jpeg|jpg|jpe|jp2|gif|tiff?|pcx|png|bmp|pic|ico)\?
acl store_rewrite_list_web url_regex ^http:\/\/([A-Za-z-]+[0-9]+)*\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_web_CDN url_regex ^http:\/\/[a-z]+[0-9]\.google\.com doubleclick\.net
acl store_rewrite_list_path urlpath_regex \.(mp2|mp3|mid|midi|mp[234]|wav|ram|ra|rm|au|3gp|m4r|m4a)$
acl store_rewrite_list_path urlpath_regex \.(mpg|mpeg|mp4|m4v|mov|avi|asf|wmv|wma|dat|flv|swf)$
acl store_rewrite_list_path urlpath_regex \.(jpeg|jpg|jpe|jp2|gif|tiff?|pcx|png|bmp|pic|ico)$
#this is not related to youtube video its only for CDN pictures
storeurl_access allow store_rewrite_list_web_CDN
storeurl_access allow store_rewrite_list_web store_rewrite_list_path
storeurl_access allow store_rewrite_list
storeurl_access deny all
storeurl_rewrite_program /etc/squid/storeurl.pl
storeurl_rewrite_children 2
storeurl_rewrite_concurrency 10
########### Refresh_pattern Config:
#for YouTube and Google:
refresh_pattern -i (get_video\?|videoplayback\?|videodownload\?) 5259487 999% 5259487 override-expire ignore-reload reload-into-ims ignore-no-cache ignore-private
#for the music:
refresh_pattern -i \.(mp2|mp3|mid|midi|mp[234]|wav|ram|ra|rm|au|3gp|m4r|m4a)(\?.*|$) 5259487 999% 5259487 override-expire ignore-reload reload-into-ims ignore-no-cache ignore-private
#for the movies:
refresh_pattern -i \.(mpg|mpeg|mp4|m4v|mov|avi|asf|wmv|wma|dat|flv|swf)(\?.*|$) 5259487 999% 5259487 override-expire ignore-reload reload-into-ims ignore-no-cache ignore-private
#for pictures:
refresh_pattern -i \.(jpeg|jpg|jpe|jp2|gif|tiff?|pcx|png|bmp|pic|ico)(\?.*|$) 5259487 999% 5259487 override-expire ignore-reload reload-into-ims ignore-no-cache ignore-private
#for MS docs:
refresh_pattern -i \.(chm|dll|doc|docx|xls|xlsx|ppt|pptx|pps|ppsx|mdb|mdbx)(\?.*|$) 5259487 999% 5259487 override-expire ignore-reload reload-into-ims ignore-no-cache ignore-private
#for various other docs:
refresh_pattern -i \.(txt|conf|cfm|psd|wmf|emf|vsd|pdf|rtf|odt)(\?.*|$) 5259487 999% 5259487 override-expire ignore-reload reload-into-ims ignore-no-cache ignore-private
#for the well-known compressed/excutable files:
refresh_pattern -i \.(class|jar|exe|gz|bz|bz2|tar|tgz|zip|gzip|arj|ace|bin|cab|msi|rar)(\?.*|$) 5259487 999% 5259487 override-expire ignore-reload reload-into-ims ignore-no-cache ignore-private
#for various client-side Web docs:
refresh_pattern -i \.(htm|html|mhtml|css|js)(\?.*|$) 1440 90% 86400 override-expire ignore-reload reload-into-ims
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
# squidclient mgr:info
HTTP/1.0 200 OK
Server: squid
Date: Fri, 04 Jun 2010 03:59:45 GMT
Content-Type: text/plain
Expires: Fri, 04 Jun 2010 03:59:45 GMT
X-Cache: MISS from cache.wicam.com.kh
X-Cache-Lookup: MISS from cache.wicam.com.kh:3128
Via: 1.0 cache.wicam.com.kh:3128 (squid)
Connection: close
Squid Object Cache: Version 2.7.STABLE9
Start Time: Thu, 03 Jun 2010 22:03:12 GMT
Current Time: Fri, 04 Jun 2010 03:59:45 GMT
Connection information for squid:
Number of clients accessing cache: 326
Number of HTTP requests received: 3941573
Number of ICP messages received: 0
Number of ICP messages sent: 0
Number of queued ICP replies: 0
Request failure ratio: 0.00
Average HTTP requests per minute since start: 11054.7
Average ICP messages per minute since start: 0.0
Select loop called: 46791692 times, 0.457 ms avg
Cache information for squid:
Request Hit Ratios: 5min: 29.6%, 60min: 29.1%
Byte Hit Ratios: 5min: 22.6%, 60min: 24.2%
Request Memory Hit Ratios: 5min: 0.2%, 60min: 0.1%
Request Disk Hit Ratios: 5min: 63.4%, 60min: 63.5%
Storage Swap size: 214154844 KB
Storage Mem size: 21424 KB
Mean Object Size: 43.48 KB
Requests given to unlinkd: 0
Median Service Times (seconds) 5 min 60 min:
HTTP Requests (All): 0.20843 0.22004
Cache Misses: 0.42149 0.39928
Cache Hits: 0.00091 0.00091
Near Hits: 0.08265 0.27332
Not-Modified Replies: 0.00000 0.00000
DNS Lookups: 0.00000 0.00000
ICP Queries: 0.00000 0.00000
Resource usage for squid:
UP Time: 21393.067 seconds
CPU Time: 4243.338 seconds
CPU Usage: 19.84%
CPU Usage, 5 minute avg: 30.57%
CPU Usage, 60 minute avg: 32.24%
Process Data Segment Size via sbrk(): 873492 KB
Maximum Resident Size: 3807024 KB
Page faults with physical i/o: 4
Memory usage for squid via mallinfo():
Total space in arena: 873492 KB
Ordinary blocks: 868340 KB 2235 blks
Small blocks: 0 KB 0 blks
Holding blocks: 107052 KB 9 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 5151 KB
Total in use: 975392 KB 99%
Total free: 5151 KB 1%
Total size: 980544 KB
Memory accounted for:
Total accounted: 579211 KB
memPoolAlloc calls: 586662179
memPoolFree calls: 576679787
File descriptor usage for squid:
Maximum number of file descriptors: 65536
Largest file desc currently in use: 7905
Number of file desc currently in use: 7079
Files queued for open: 0
Available number of file descriptors: 58457
Reserved number of file descriptors: 100
Store Disk files open: 164
IO loop method: epoll
Internal Data Structures:
4925960 StoreEntries
850 StoreEntries with MemObjects
49 Hot Object Cache Items
4925229 on-disk objects
# squidclient mgr:utilization
HTTP/1.0 200 OK
Server: squid
Date: Fri, 04 Jun 2010 03:58:53 GMT
Content-Type: text/plain
Expires: Fri, 04 Jun 2010 03:58:53 GMT
X-Cache: MISS from cache.wicam.com.kh
X-Cache-Lookup: MISS from cache.wicam.com.kh:3128
Via: 1.0 cache.wicam.com.kh:3128 (squid)
Connection: close
Cache Utilisation:
Last 5 minutes:
sample_start_time = 1275623593.913597 (Fri, 04 Jun 2010 03:53:13 GMT)
sample_end_time = 1275623893.914815 (Fri, 04 Jun 2010 03:58:13 GMT)
client_http.requests = 302.122107/sec
client_http.hits = 89.699636/sec
client_http.errors = 0.000000/sec
client_http.kbytes_in = 253.025639/sec
client_http.kbytes_out = 5353.594931/sec
client_http.all_median_svc_time = 0.208426 seconds
client_http.miss_median_svc_time = 0.421485 seconds
client_http.nm_median_svc_time = 0.000000 seconds
client_http.nh_median_svc_time = 0.082651 seconds
client_http.hit_median_svc_time = 0.000911 seconds
server.all.requests = 211.575808/sec
server.all.errors = 0.000000/sec
server.all.kbytes_in = 4107.226658/sec
server.all.kbytes_out = 217.929115/sec
server.http.requests = 211.575808/sec
server.http.errors = 0.000000/sec
server.http.kbytes_in = 4107.226658/sec
server.http.kbytes_out = 217.929115/sec
server.ftp.requests = 0.000000/sec
server.ftp.errors = 0.000000/sec
server.ftp.kbytes_in = 0.000000/sec
server.ftp.kbytes_out = 0.000000/sec
server.other.requests = 0.000000/sec
server.other.errors = 0.000000/sec
server.other.kbytes_in = 0.000000/sec
server.other.kbytes_out = 0.000000/sec
icp.pkts_sent = 0.000000/sec
icp.pkts_recv = 0.000000/sec
icp.queries_sent = 0.000000/sec
icp.replies_sent = 0.000000/sec
icp.queries_recv = 0.000000/sec
icp.replies_recv = 0.000000/sec
icp.replies_queued = 0.000000/sec
icp.query_timeouts = 0.000000/sec
icp.kbytes_sent = 0.000000/sec
icp.kbytes_recv = 0.000000/sec
icp.q_kbytes_sent = 0.000000/sec
icp.r_kbytes_sent = 0.000000/sec
icp.q_kbytes_recv = 0.000000/sec
icp.r_kbytes_recv = 0.000000/sec
icp.query_median_svc_time = 0.000000 seconds
icp.reply_median_svc_time = 0.000000 seconds
dns.median_svc_time = 0.000000 seconds
unlink.requests = 0.000000/sec
page_faults = 0.003333/sec
select_loops = 3181.140418/sec
select_fds = 4104.493336/sec
average_select_fd_period = 0.000244/fd
median_select_fds = 0.000000
swap.outs = 41.913163/sec
swap.ins = 156.332699/sec
swap.files_cleaned = 0.000000/sec
aborted_requests = 14.786607/sec
syscalls.polls = 3181.140418/sec
syscalls.disk.opens = 136.732778/sec
syscalls.disk.closes = 273.472223/sec
syscalls.disk.reads = 461.364794/sec
syscalls.disk.writes = 704.960471/sec
syscalls.disk.seeks = 0.000000/sec
syscalls.disk.unlinks = 8.593298/sec
syscalls.sock.accepts = 218.045781/sec
syscalls.sock.sockets = 122.809501/sec
syscalls.sock.connects = 122.749502/sec
syscalls.sock.binds = 122.809501/sec
syscalls.sock.closes = 233.912384/sec
syscalls.sock.reads = 1709.156394/sec
syscalls.sock.writes = 2282.674066/sec
syscalls.sock.recvfroms = 47.203142/sec
syscalls.sock.sendtos = 23.779903/sec
cpu_time = 92.846885 seconds
wall_time = 300.001218 seconds
cpu_usage = 30.948836%
