Search squid archive

RE: ICAP Bypassing Causing Performance Issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Amos - regex pattern we're using is:

.*some_url_end.html$

We also have many individual domains which we're bypassing 

acl bypassIcapRequest dstdomain "/apps/cwapps/squid-3/etc/byPass_ICAP_request.properties"
icap_access class_1 deny bypassIcapRequest

as time has gone on - we've been adding more URLs to this list also (currently up to 39 URLs) - this won't be doing regular expression matching, but we've seen as time goes on, more and more established connections on ICAP server port. Also CPU usage going up, and we're seeing more 'essential ICAP service is down' errors in the logs.

Traffic has not changed significantly - in fact has maybe gone down. The only change we can really identify is the extra bypassed domains.

Does squid parse the properties file for every hit?

Also, we've only been reconfiguring squid when we update this file. Is this enough, or do we need to restart?

Will look into extra debugging now.

Thanks and regards,
Justin


-----Original Message-----
From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] 
Sent: Monday, August 22, 2011 10:29 PM
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re:  ICAP Bypassing Causing Performance Issues

On 23/08/11 00:03, Justin Lawler wrote:
> Hi,
>
> We have had to put in a number of URLs to the squid bypass
>
> icap_service service_1 reqmod_precache 0 icap://127.0.0.1:1344/reqmod
> icap_class class_1 service_1
>
> acl bypassIcapRequestURLregex urlpath_regex "./squid-3/etc/byPass_ICAP_request_URLregex.properties"
> icap_access class_1 deny bypassIcapRequestURLregex
>
>
> When we added 4 regular expressions to this file, we started to see the CPU usage going up quite a bit, and we started to see the number of established connections from squid to ICAP server double or triple.
>
> Is this a known issue? Is there a better/more efficient way to bypass ICAP than above?

Other than using other ACL types, no.

>
> Regular expressions were very simple, just matching end of URLs.

a) regex is a bit slow. Did you remember to anchor the ends? and 
manually aggregate the patterns? avoid extended-regex pattern tricks?

b) URLs can be many KB in length. That can make URL regex very CPU 
intensive.

d) routing selection ACLs are run multiple times per request.

You can turn on access control debugging (level 28,3) to see how many 
times those are run and how long they take each test.

>
> We're running squid 3.0.15 on Solaris 10.
>


Amos
-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.14
   Beta testers wanted for 3.2.0.10
This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,
you may review at http://www.amdocs.com/email_disclaimer.asp




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux