On 11/04/2011, at 9:22 PM, rpereyra@xxxxxxxxxxx wrote: > Hi > > How I can limit the ram memory use in my squid/tproxy box ? > > I have a fast server with 16Gb ram. The average bandwidth is about 60-70 > Mb/s. > > The bridge works well but when the cache and memory becomes full its goes > slow and becomes unusable. > > The cache is 10G size. > > I see that a few hours to be working and have used the 16 GB of RAM > starts to run slow. > > Any help ?. I have configured some memory optimization options but looks > don't help for me. > > Thanks in advance > > roberto > > This is my config: > > ------------------------------------- > > cache_mem 10 MB > memory_pools off > cache_swap_low 94 > cache_swap_high 95 > > # > # Recommended minimum configuration: > # > acl manager proto cache_object > acl localhost src 127.0.0.1/32 > acl localhost src ::1/128 > acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 > acl to_localhost dst ::1/128 > > # Example rule allowing access from your local networks. > # Adapt to list your (internal) IP networks from where browsing > # should be allowed > acl localnet src 10.0.0.0/8 # RFC1918 possible internal network > acl localnet src 172.16.0.0/12 # RFC1918 possible internal network > acl localnet src 192.168.0.0/16 # RFC1918 possible internal network > acl localnet src fc00::/7 # RFC 4193 local private network range > acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines > > acl net-g1 src 200.117.xxx.xxx/24 > acl net-g2 src 200.xxx.xxx.xxx/24 > acl net-g3 src 190.xxx.xxx.xxx/24 > > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > # > # Recommended minimum Access Permission configuration: > # > # Only allow cachemgr access from localhost > http_access allow manager localhost > http_access deny manager > > # Deny requests to certain unsafe ports > http_access deny !Safe_ports > > # Deny CONNECT to other than secure SSL ports > http_access deny CONNECT !SSL_ports > > # We strongly recommend the following be uncommented to protect innocent > # web applications running on the proxy server who think the only > # one who can access services on "localhost" is a local user > #http_access deny to_localhost > > http_access allow net-g1 > http_access allow net-g2 > http_access allow net-g3 > > # > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS > # > > # Example rule allowing access from your local networks. > # Adapt localnet in the ACL section to list your (internal) IP networks > # from where browsing should be allowed > http_access allow localnet > http_access allow localhost > > # And finally deny all other access to this proxy > http_access deny all > > # Squid normally listens to port 3128 > http_port 3128 > http_port 3129 tproxy > > > # We recommend you to use at least the following line. > hierarchy_stoplist cgi-bin ? > > # Uncomment and adjust the following to add a disk cache directory. > cache_dir ufs /var/spool/squid 10000 64 256 The fact that it runs fine initially then performance begins to degrade after a number of hours, I would start looking io statistics when the disk cache is full. aufs or diskd provide better performance so I would suggest using one of these methods for your cache_dir and see if you get an increase in performance. > > #access_log /var/log/squid/access.log squid > access_log none > > cache_log /var/log/squid/cache.log > > > > # Leave coredumps in the first cache dir > coredump_dir /var/spool/squid > > # Add any of your own refresh_pattern entries above these. > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > >
