hi , ive configure squid 3.1.0 with router cisco 7200 i configured "tproxy " i noted that squid with suqidguard gave a good performance i pumped 2000 users with about 190 M the problem is the wccp serive between squid & cisco router is lost and returned agian , lost and retured agian , and so on. this make a drop for a few time and it seems annoying issue . here is the logging from the cisco router about flapping service =========================================================== *Oct 21 09:12:27.706: %WCCP-5-SERVICEFOUND: Service 90 acquired on WCCP client x.x.x.x *Oct 21 09:12:27.706: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP client x.x.x.x *Oct 21 09:29:47.830: %WCCP-1-SERVICELOST: Service 90 lost on WCCP client 1x.x.x. *Oct 21 09:29:57.722: %WCCP-5-SERVICEFOUND: Service 90 acquired on WCCP client x.x.x.x *Oct 21 09:34:17.842: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client x.x.x.x *Oct 21 09:34:37.710: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP client 1x.x.x. *Oct 21 09:36:27.826: %WCCP-1-SERVICELOST: Service 90 lost on WCCP client x.x.x *Oct 21 09:36:27.826: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client xxxx *Oct 21 09:36:48.342: %WCCP-5-SERVICEFOUND: Service 90 acquired on WCCP client 1xxx *Oct 21 09:36:48.342: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP client 1xxx *Oct 21 10:19:38.730: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client 1xxxx *Oct 21 10:19:58.718: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP client 1xxxx *Oct 21 10:29:18.606: %WCCP-1-SERVICELOST: Service 90 lost on WCCP client 1xxxxxx *Oct 21 10:29:18.606: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client 1xxx *Oct 21 11:20:02.901: %WCCP-5-SERVICEFOUND: Service 90 acquired on WCCP client 1xxx *Oct 21 11:20:02.901: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP client xxxx *Oct 21 11:21:23.025: %WCCP-1-SERVICELOST: Service 90 lost on WCCP client 1xx *Oct 21 11:21:23.025: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client 1xxx *Oct 21 11:23:54.141: %WCCP-5-SERVICEFOUND: Service 90 acquired on WCCP client xxx *Oct 21 11:23:54.141: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP client xxx *Oct 21 11:35:25.037: %WCCP-1-SERVICELOST: Service 90 lost on WCCP client 1xxx *Oct 21 11:35:25.037: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client 1xxx *Oct 21 11:35:34.941: %WCCP-5-SERVICEFOUND: Service 90 acquired on WCCP client 1xxx *Oct 21 11:35:34.941: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP client xxx *Oct 21 11:38:05.033: %WCCP-1-SERVICELOST: Service 90 lost on WCCP client 1xxx *Oct 21 11:38:05.033: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client 1xxx *Oct 21 12:58:34.357: %WCCP-5-SERVICEFOUND: Service 90 acquired on WCCP client xxx *Oct 21 12:58:34.357: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP client 1xxx *Oct 21 13:06:44.465: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client 1xxx *Oct 21 13:07:04.449: %WCCP-5-SERVICEFOUND: Service 80 acquired on WCCP client xxxx *Oct 21 13:09:34.461: %WCCP-1-SERVICELOST: Service 90 lost on WCCP client xxx *Oct 21 13:09:34.461: %WCCP-1-SERVICELOST: Service 80 lost on WCCP client xxx =============================================================== here is my squid.conf file config !: [root@squid ~]# cat /etc/squid/squid.conf # # squid Config By "" "" # ################### acl all src all acl manager proto cache_object acl localnet src 192.168.1.0/24 x.x.x.x/16 x.x.x.x/16 acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl localnet src 10.0.0.0/8 #include the 10 subnet & freezed users :) #acl localhost src 127.0.0.1/255.255.255.255 #acl to_localhost dst 127.0.0.0/8 acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 590 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT ##################### #cache deny all ################################ visible_hostname squid coredump_dir /var/spool/squid ################################ ###Block specific sites### acl min1 dstdomain "/min/min1.conf" http_access deny min1 ####squidguard################### redirect_program /usr/local/squidguard5/bin/squidGuard -c /etc/squidguard.conf redirector_bypass on url_rewrite_children 200 cache_effective_user squid cache_effective_group squid ############################## #Recommended minimum configuration: # Only allow cachemgr access from localhost http_access allow manager localhost http_access allow localnet http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # And finally deny all other access to this proxy http_access deny all #Allow ICP queries from everyone icp_access allow all ####################################### access_log /var/log/squid/access.log cache_dir aufs /cache1 500000 32 256 cache_dir aufs /cache2 500000 32 256 cache_dir aufs /cache3 500000 32 256 cache_mem 10000 MB ########################## http_port 127.0.0.1:3127 http_port x.x.x.x:65000 http_port 3128 http_port 3129 tproxy ########### Performance Related Config: relaxed_header_parser on vary_ignore_expire on ########################################## memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA ########################################### ipcache_size 2048 ipcache_low 98 ipcache_high 99 memory_pools off pipeline_prefetch on ############################################ httpd_suppress_version_string on server_persistent_connections on client_persistent_connections on pconn_timeout 2 minutes persistent_request_timeout 1 minute ########################################### ########### WCCP2 Config############# wccp2_router x.x.x.x wccp_version 2 wccp2_forwarding_method 2 wccp2_return_method 2 wccp2_service dynamic 80 wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80 wccp2_service dynamic 90 wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source priority=240 ports=80 ########################################## ########################################### #default option refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 ################################################# forwarded_for on max_filedescriptors 65536 max_open_disk_fds 65536 relaxed_header_parser on reload_into_ims on client_lifetime 15 minutes read_timeout 5 minutes request_timeout 1 minutes ie_refresh on ignore_expect_100 on vary_ignore_expire on ############################### ################################ httpd_suppress_version_string on server_persistent_connections on client_persistent_connections on pconn_timeout 2 minutes persistent_request_timeout 1 minute shutdown_lifetime 20 seconds ############################# cache_swap_low 98 cache_swap_high 99 cache_replacement_policy heap LFUDA minimum_object_size 0 maximum_object_size 130 MB ############################### note that this flapping may occur after 30 minutes or may be after 15 minutes or may be longer than that . ========================================================================= ========================================================================= the 2nd problem is , sometimes i need to stop squid , but when i type stop, it seems to be restarted not stopped . i mean that if i want to stop suqid , i have to type the command /etc/init.d/squid stop many times so that it take effect . here is an example , ive tried twice to stop it so that it have been stopped ==================================================================== [root@squid ~]# /etc/init.d/squid stop Stopping squid: 2013/02/28 05:18:24| WARNING: (B) '::/0' is a subnetwork of (A) '::/0' 2013/02/28 05:18:24| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable 2013/02/28 05:18:24| WARNING: You should probably remove '::/0' from the ACL named 'all' .................[ OK ] [root@squid ~]# /etc/init.d/squid status squid (pid 7110) is running... 2013/02/28 05:20:28| WARNING: (B) '::/0' is a subnetwork of (A) '::/0' 2013/02/28 05:20:28| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable 2013/02/28 05:20:28| WARNING: You should probably remove '::/0' from the ACL named 'all' [root@squid ~]# /etc/init.d/squid stop Stopping squid: 2013/02/28 05:20:33| WARNING: (B) '::/0' is a subnetwork of (A) '::/0' 2013/02/28 05:20:33| WARNING: because of this '::/0' is ignored to keep splay tree searching predictable 2013/02/28 05:20:33| WARNING: You should probably remove '::/0' from the ACL named 'all' ............................[ OK ] [root@squid ~]# /etc/init.d/squid status squid is stopped [root@squid ~]# ============================= [root@squid ~]# squid -v Squid Cache: Version 3.1.10 configure options: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-arp-acl' '--enable-follow-x-forwarded-for' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,DB,POP3,squid_radius_auth' '--enable-ntlm-auth-helpers=smb_lm,no_check,fakeauth' '--enable-digest-auth-helpers=password,ldap,eDirectory' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-referer-log' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-ssl' '--enable-storeio=aufs,diskd,ufs' '--enable-useragent-log' '--enable-wccpv2' '--enable-esi' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' 'LDFLAGS=-pie' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fpie' --with-squid=/builddir/build/BUILD/squid-3.1.10 ==================================================== with my best regards -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/flapping-wccp-serive-squid-sometimes-dont-reply-to-stop-tp4658768.html Sent from the Squid - Users mailing list archive at Nabble.com.
