On 23/08/11 17:31, Justin Lawler wrote:
Thanks Amos - regex pattern we're using is:
.*some_url_end.html$
We also have many individual domains which we're bypassing
acl bypassIcapRequest dstdomain "/apps/cwapps/squid-3/etc/byPass_ICAP_request.properties"
icap_access class_1 deny bypassIcapRequest
as time has gone on - we've been adding more URLs to this list also (currently up to 39 URLs) - this won't be doing regular expression matching, but we've seen as time goes on, more and more established connections on ICAP server port. Also CPU usage going up, and we're seeing more 'essential ICAP service is down' errors in the logs.
True, that test is faster.
"essential ICAP service is down" means the ICAP service is not
responding well to the traffic load. So I'm thinking the CPU strain is
probably at that end, or possibly some problem with the communication
between the two. Retries could be adding to the problem.
If it is actually an easily bypassable service try using the bypass
configuration option instead of ACLs. That 0 on the service line to 1.
That will allow all those requests getting failure messages to bypass
the service and get unchanged content straight form the origin.
I know 3.0 has ICAP, but regard it ass early days in the
implementation. There have been a lot of advances and optimizations
added in the later series. Try the newest version you can then contact
The Measurement Factory who manage that code. They might be of more help
if the problem remains.
Traffic has not changed significantly - in fact has maybe gone down. The only change we can really identify is the extra bypassed domains.
Does squid parse the properties file for every hit?
No the file is compiled into memory structures. Each regex pattern is
tested individually though, which is time consuming.
Also, we've only been reconfiguring squid when we update this file. Is this enough, or do we need to restart?
That is fine.
Amos
--
Please be using
Current Stable Squid 2.7.STABLE9 or 3.1.14
Beta testers wanted for 3.2.0.10
