On Mon, 27 Jun 2011 15:40:10 +0800, ICT Department wrote:
Hi,
I am very confused now as to why 99% of https access has 503, even
yahoo
which is very fast..
This problem arises when my network is at peak use. This problem
arises when
I upgraded my connection from
Copper connection 4mbps to Fiber optic 6mbps. Hope could someone
point me
to the right direction. Thank you.
503 is "Service Unable". On CONNECT requests for Squid that means the
TCP connection to that IP address could not be opened. The 59 second
duration for those requests indicate a TCP setup timeout is happening.
Next steps I'd look at is PMTU issues between you and that server.
Squid-3.1 does IPv6. So if you have that incorrectly disabled Squid
could be failing to connect to that IPv4-only destination over an IPv6
socket.
NP: (rant warning) if you followed most any online tutorial for
disabling IPv6 in RHEL. Most only go so far as to make the kernel drop
IPv6 packets. Rather than actually turning the OFF kernel control which
would inform the relevant software that it cannot use IPv6 ports. So it
sends a packet, and waits... and waits...
(and yes I know you are connecting to an IPv4 host. Linux "hybrid
stack" which Squid uses can use IPv6 sockets to contact IPv4 space).
Access.log
1309159630.003 59632 192.168.100.33 TCP_MISS/503 0 CONNECT
124.102.69.115:443 - DIRECT/124.102.69.115 -
1309159630.003 59629 192.168.100.33 TCP_MISS/503 0 CONNECT
140.127.205.122:443 - DIRECT/140.127.205.122 -
1309159632.000 59480 192.168.100.33 TCP_MISS/503 0 CONNECT
218.226.219.106:443 - DIRECT/218.226.219.106 -
1309159632.000 59996 192.168.10.105 TCP_MISS/503 0 CONNECT
login.yahoo.com:443 - DIRECT/124.108.120.31 -
1309159636.001 59997 192.168.100.84 TCP_MISS/503 0 CONNECT
www.facebook.com:443 - DIRECT/69.171.228.11 -
1309159644.000 59906 192.168.100.58 TCP_MISS/503 0 CONNECT
us.data.toolbar.yahoo.com:443 - DIRECT/98.137.53.23 -
1309159656.002 59085 192.168.100.33 TCP_MISS/503 0 CONNECT
118.167.16.72:443 - DIRECT/118.167.16.72 -
My squid is compiled with
Squid Cache: Version 3.1.12
configure options: '--build=i686-redhat-linux-gnu'
'--host=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu'
'--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
'--bindir=/usr/bin'
'--sbindir=/usr/sbin' '--sysconfdir=/etc' '--includedir=/usr/include'
'--libdir=/usr/lib' '--libexecdir=/usr/libexec'
'--sharedstatedir=/usr/com'
'-mandir=/usr/share/man' '--infodir=/usr/share/info'
'--exec_prefix=/usr'
'--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid'
'--localstatedir=/var'
'--datadir=/usr/share' '--sysconfdir=/etc/squid'
'--enable-removal-policies=heap,lru'
'--enable-storeio=aufs,diskd,ufs'
'--enable-ssl' '--with-openssl=/usr/kerberos' '--enable-delay-pools'
'--enable-linux-netfilter' '--with-pthreads'
'--enable-ntlm-auth-helpers=fakeauth'
'--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group'
'--enable-auth=basic,digest,ntlm,negotiate'
'--enable-negotiate-auth-helpers=squid_kerb_auth'
'--enable-digest-auth-helpers=password'
'--with-winbind-auth-challenge'
'--enable-useragent-log' '--enable-referer-log'
'--disable-dependency-tracking'
'--enable-cachemgr-hostname=localhost'
'--enable-underscores' '--enable-useragent_log'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain
-NTLM,SASL' '--enable-cache-digests' '--disable-ident-lookups'
'--with-large-files' '--enable-gnuregex'
'--disable-follow-x-forwarded-for'
'--enable-fd-config' '--with-maxfd=16384' '--enable-internal-dns'
'build_alias=i686-redhat-linux-gnu'
'host_alias=i686-redhat-linux-gnu'
'target_alias=i386-redhat-linux-gnu' --with-squid=/root/squid-3.1.12
--enable-ltdl-convenience
Amos
