Hey there, Please try to state the purpose of the squid instance in words in order to understand the situation..(fake IP and domains if you need) you do have a WWW server right? what is the logic purpose of the squid instance? is it a forward proxy for a network?? what is this cache_peer config you are trying to do??? Do you first want to just make it work and later on tune for performance?? please give me a small description of the network infrastructure we are talking about. a small example: http://wiki.squid-cache.org/Features/Wccp Why do you use WCCP for the interception?is there a specific need for that? Eliezer On 08/28/2013 08:52 AM, Mohsen Dehghani wrote: > Hello > I think you didn't get my last reply...here is a copy: > based on your help and this example > http://wiki.squid-cache.org/ConfigExamples/SmpCarpCluster ,The following is > my config and access.log. > the problem is the websites does not load resulting in timeout... > it works perfectly when commenting out cache peer lines any help is > appreciated > > #######squid.conf######## > # DO change this "somepassword" > cachemgr_passwd somepassword all > #debug_options ALL,9 > acl localnet src 178.173.12.70 > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > wccp2_router 172.22.122.33 > wccp_version 2 > wccp2_rebuild_wait off > wccp2_forwarding_method 2 > wccp2_return_method 2 > wccp2_assignment_method 2 > # wccp2_service standard 0 > wccp2_service dynamic 80 > wccp2_service dynamic 90 > wccp2_service_info 80 protocol=tcp flags=src_ip_hash priority=240 ports=80 > wccp2_service_info 90 protocol=tcp flags=dst_ip_hash,ports_source > priority=240 ports=80 > > > # basic safety net access controls. > # NOTE that user access and local access controls are all in frontend.conf > http_access deny !Safe_ports http_access deny CONNECT !SSL_ports > > > # 3 workers, using worker #1 as the frontend is important workers 3 if > ${process_number} = 1 include /etc/squid3/frontend.conf else include > /etc/squid3/backend.conf endif http_access allow localnet http_access deny > all > > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > ######################################### > > > ######frontend.conf####### > http_port 3128 > http_port 3129 tproxy > shutdown_lifetime 3 second > # add user authentication and similar options here http_access allow manager > localhost http_access allow manager all http_access deny manager > > # add backends - one line for each additional worker you configured # NOTE > how the port number matches the kid number cache_peer localhost parent 4002 > 0 carp login=PASS name=backend-kid2 no-tproxy cache_peer localhost parent > 4003 0 carp login=PASS name=backend-kid3 no-tproxy > > #you want the frontend to have a significant cache_mem cache_mem 512 MB > > # change /tmp to your own log directory, e.g. /var/log/squid access_log > /var/log/squid3/frontend.access.log > cache_log /var/log/squid3/frontend.cache.log > > > # the frontend requires a different name to the backend(s) visible_hostname > frontend.example.com http_access allow localhost > ################################################# > > > ########backend.conf########### > # each backend must listen on a unique port # without this the CARP > algorithm would be useless http_port 127.0.0.1:400${process_number} > shutdown_lifetime 3 second # a 10 GB cache of small (up to 32KB) objects > accessible by any backend worker #cache_dir rock /mnt/cacheRock 10240 > max-size=32768 follow_x_forwarded_for allow localhost # NP: for now AUFS > does not support SMP but the CARP algorithm helps reduce object duplications > # a 10 GB cache of large ( over 32KB) objects per-worker cache_dir aufs > /mnt/cache${process_number} 10240 128 128 min-size=32769 > > # the default maximum cached object size is a bit small # you want the > backend to be able to cache some fairly large objects maximum_object_size > 512 MB > > # you want the backend to have a small cache_mem cache_mem 4 MB > > # the backends require a different name to frontends, but can share one # > this prevents forwarding loops between backends while allowing # frontend to > forward via the backend visible_hostname backend-kid${process_number} > > # change /var/log/squid to your own log directory access_log > /var/log/squid3/backend.access.log > cache_log /var/log/squid3/backend.cache.log > > # add just enough access permissions to allow the frontend http_access allow > localhost ######################################## > > > #######frontend.log########### > 1377506559.692 61025 178.173.12.70 TCP_MISS/503 4201 GET > http://ubuntuforums.org/favicon.ico - CARP/127.0.0.1 text/html > 1377506559.692 61025 178.173.12.70 TCP_MISS/503 4252 GET > http://www.tucny.com/favicon.ico - CARP/127.0.0.1 text/html > 1377506559.692 61025 178.173.12.70 TCP_MISS/503 4135 GET > http://www.crypt.gen.nz/favicon.ico - CARP/127.0.0.1 text/html > 1377506560.528 185790 178.173.12.70 TCP_MISS/503 4234 GET > http://packages.debian.org/jessie/amd64/squid3/download - CARP/127.0.0.1 > text/html > 1377506569.155 59998 178.173.12.70 TCP_MISS_ABORTED/000 0 GET > http://um10.eset.com/eset_eval/update.ver - CARP/127.0.0.1 - > 1377506574.699 183383 178.173.12.70 TCP_MISS/503 4267 GET > http://www.googletagservices.com/tag/js/gpt.js - CARP/127.0.0.1 text/html > 1377506590.529 180764 178.173.12.70 TCP_MISS/503 4261 GET > http://cm.g.doubleclick.net/pixel? - CARP/127.0.0.1 text/html > 1377506615.522 59941 178.173.12.70 TCP_MISS/503 4150 GET > http://wiki.squid-cache.org/favicon.ico - CARP/127.0.0.1 text/html > 1377506618.710 60996 178.173.12.70 TCP_MISS/503 4186 GET > http://devel.squid-cache.org/favicon.ico - CARP/127.0.0.1 text/html > 1377506618.710 60990 178.173.12.70 TCP_MISS/503 4170 GET > http://www.pmoghadam.com/favicon.ico - CARP/127.0.0.1 text/html > 1377506618.710 61012 178.173.12.70 TCP_MISS/503 4554 GET > http://www.packtpub.com/favicon.ico - CARP/127.0.0.1 text/html > 1377506618.710 60996 178.173.12.70 TCP_MISS/503 4358 GET > http://www.netcontractor.pl/favicon.ico - CARP/127.0.0.1 text/html > 1377506618.710 60836 178.173.12.70 TCP_MISS/503 4333 GET > http://etutorials.org/favicon.ico - CARP/127.0.0.1 text/html > 1377506620.530 60830 178.173.12.70 TCP_MISS/503 4357 GET > http://www.thegeekstuff.com/favicon.ico - CARP/127.0.0.1 text/html > 1377506620.530 60660 178.173.12.70 TCP_MISS/503 4187 GET > http://www.web-polygraph.org/favicon.ico - CARP/127.0.0.1 text/html > 1377506620.531 60830 178.173.12.70 TCP_MISS/503 4233 GET > http://ubuntuforums.org/favicon.ico - CARP/127.0.0.1 text/html > 1377506622.740 241014 178.173.12.70 TCP_MISS/503 5098 GET > http://code.google.com/p/shellinabox/ - CARP/127.0.0.1 text/html > 1377506624.744 61206 178.173.12.70 TCP_MISS/503 4284 GET > http://www.tucny.com/favicon.ico - CARP/127.0.0.1 text/html > 1377506625.549 240496 178.173.12.70 TCP_MISS/503 4397 GET > http://gravatar.com/avatar/33be8eebf9ff1375eecabb6d45bb84f0/? - > CARP/127.0.0.1 text/html > 1377506625.744 240691 178.173.12.70 TCP_MISS/503 4397 GET > http://gravatar.com/avatar/10c08133f930b023f8a29f7aca903ade/? - > CARP/127.0.0.1 text/html > 1377506625.744 240691 178.173.12.70 TCP_MISS/503 4397 GET > http://gravatar.com/avatar/bbafaf9e10ccbeadb05132f0907eef62/? - > CARP/127.0.0.1 text/html > 1377506629.328 59998 178.173.12.70 TCP_MISS_ABORTED/000 0 GET > http://um16.eset.com/eset_eval/update.ver - CARP/127.0.0.1 - > 1377506633.749 241284 178.173.12.70 TCP_MISS/503 7215 GET > http://cisco.112.2o7.net/b/ss/cisco-us,cisco-usprodswitches/1/H.24.3/s641795 > 77133309? - CARP/127.0.0.1 text/html > 1377506634.605 820 178.173.12.70 TCP_MISS/200 1650 GET > http://www.cisco.com/favicon.ico - HIER_DIRECT/2.21.32.170 image/x-icon > 1377506675.522 59980 178.173.12.70 TCP_MISS/503 4182 GET > http://wiki.squid-cache.org/favicon.ico - CARP/127.0.0.1 text/html > 1377506680.531 59983 178.173.12.70 TCP_MISS/503 4187 GET > http://www.web-polygraph.org/favicon.ico - CARP/127.0.0.1 text/html > 1377506687.797 61209 178.173.12.70 TCP_MISS/503 5054 GET > http://beacon-1.newrelic.com/1/c7e812077e? - CARP/127.0.0.1 text/html > 1377506690.518 61188 178.173.12.70 TCP_MISS/503 4297 GET > http://um16.eset.com/eset_eval/update.ver - CARP/127.0.0.1 text/html > 1377506740.805 180167 178.173.12.70 TCP_MISS/503 4178 GET > http://packages.debian.org/favicon.ico - CARP/127.0.0.1 text/html > 1377506863.962 241107 178.173.12.70 TCP_MISS/503 5085 GET > http://code.google.com/favicon.ico - CARP/127.0.0.1 text/html > ################################# > > #############backend.log################ > > 1377506560.528 181935 178.173.12.70 TCP_MISS/503 4100 GET > http://packages.debian.org/jessie/amd64/squid3/download - > HIER_DIRECT/213.165.95.4 text/html > 1377506569.155 59998 178.173.12.70 TCP_MISS_ABORTED/000 0 GET > http://um10.eset.com/eset_eval/update.ver - HIER_DIRECT/93.184.71.21 - > 1377506574.698 183217 178.173.12.70 TCP_MISS/503 4133 GET > http://www.googletagservices.com/tag/js/gpt.js - HIER_DIRECT/173.194.36.25 > text/html > 1377506590.529 180754 178.173.12.70 TCP_MISS/503 4127 GET > http://cm.g.doubleclick.net/pixel? - HIER_DIRECT/173.194.36.13 text/html > 1377506615.522 59940 178.173.12.70 TCP_MISS/503 4016 GET > http://wiki.squid-cache.org/favicon.ico - HIER_DIRECT/77.93.254.178 > text/html > 1377506618.708 60994 178.173.12.70 TCP_MISS/503 4052 GET > http://devel.squid-cache.org/favicon.ico - HIER_DIRECT/216.34.181.97 > text/html > 1377506618.708 60988 178.173.12.70 TCP_MISS/503 4036 GET > http://www.pmoghadam.com/favicon.ico - HIER_DIRECT/79.175.162.79 text/html > 1377506618.709 60995 178.173.12.70 TCP_MISS/503 4224 GET > http://www.netcontractor.pl/favicon.ico - HIER_DIRECT/78.46.37.186 text/html > 1377506618.709 60835 178.173.12.70 TCP_MISS/503 4199 GET > http://etutorials.org/favicon.ico - HIER_DIRECT/195.234.5.139 text/html > 1377506618.709 61011 178.173.12.70 TCP_MISS/503 4420 GET > http://www.packtpub.com/favicon.ico - HIER_DIRECT/83.166.169.231 text/html > 1377506620.529 60830 178.173.12.70 TCP_MISS/503 4223 GET > http://www.thegeekstuff.com/favicon.ico - HIER_DIRECT/192.254.201.75 > text/html > 1377506620.529 60659 178.173.12.70 TCP_MISS/503 4053 GET > http://www.web-polygraph.org/favicon.ico - HIER_DIRECT/209.169.10.130 > text/html > 1377506620.530 60829 178.173.12.70 TCP_MISS/503 4099 GET > http://ubuntuforums.org/favicon.ico - HIER_DIRECT/91.189.94.12 text/html > 1377506622.740 240843 178.173.12.70 TCP_MISS/503 4964 GET > http://code.google.com/p/shellinabox/ - HIER_DIRECT/74.125.236.164 text/html > 1377506624.743 61038 178.173.12.70 TCP_MISS/503 4150 GET > http://www.tucny.com/favicon.ico - HIER_DIRECT/74.125.135.121 text/html > 1377506625.548 240492 178.173.12.70 TCP_MISS/503 4263 GET > http://gravatar.com/avatar/33be8eebf9ff1375eecabb6d45bb84f0/? - > HIER_DIRECT/72.233.69.5 text/html > 1377506625.744 240688 178.173.12.70 TCP_MISS/503 4263 GET > http://gravatar.com/avatar/10c08133f930b023f8a29f7aca903ade/? - > HIER_DIRECT/72.233.69.4 text/html > 1377506625.744 240687 178.173.12.70 TCP_MISS/503 4263 GET > http://gravatar.com/avatar/bbafaf9e10ccbeadb05132f0907eef62/? - > HIER_DIRECT/72.233.69.4 text/html > 1377506629.328 59995 178.173.12.70 TCP_MISS_ABORTED/000 0 GET > http://um16.eset.com/eset_eval/update.ver - HIER_DIRECT/93.184.71.10 - > 1377506633.748 240973 178.173.12.70 TCP_MISS/503 7081 GET > http://cisco.112.2o7.net/b/ss/cisco-us,cisco-usprodswitches/1/H.24.3/s641795 > 77133309? - HIER_DIRECT/66.235.132.232 text/html > 1377506674.091 0 :: TCP_DENIED/403 3788 GET > http://backend-kid2:4002/squid-internal-periodic/store_digest - HIER_NONE/- > text/html > 1377506675.522 59980 178.173.12.70 TCP_MISS/503 4048 GET > http://wiki.squid-cache.org/favicon.ico - HIER_DIRECT/77.93.254.178 > text/html > 1377506680.531 59983 178.173.12.70 TCP_MISS/503 4053 GET > http://www.web-polygraph.org/favicon.ico - HIER_DIRECT/209.169.10.130 > text/html > 1377506687.797 61064 178.173.12.70 TCP_MISS/503 4920 GET > http://beacon-1.newrelic.com/1/c7e812077e? - HIER_DIRECT/50.31.164.168 > text/html > 1377506690.518 61188 178.173.12.70 TCP_MISS/503 4163 GET > http://um16.eset.com/eset_eval/update.ver - HIER_DIRECT/93.184.71.10 > text/html > 1377506734.092 0 :: TCP_DENIED/403 3788 GET > http://backend-kid3:4003/squid-internal-periodic/store_digest - HIER_NONE/- > text/html > 1377506740.804 180166 178.173.12.70 TCP_MISS/503 4044 GET > http://packages.debian.org/favicon.ico - HIER_DIRECT/82.195.75.113 text/html > 1377506863.961 241103 178.173.12.70 TCP_MISS/503 4951 GET > http://code.google.com/favicon.ico - HIER_DIRECT/74.125.236.166 text/html > ###################################################### > > -----Original Message----- > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] > Sent: Wednesday, August 28, 2013 9:55 AM > To: Mohsen Dehghani > Subject: Re: [NEED HELP] TPROXY + L2 WCCP + multi cpu > > On 24/08/2013 6:26 p.m., Mohsen Dehghani wrote: >> Thanks >> But my bandwidth is gonna to be extended to 2Gbps. Are workers still >> perform better than multi instance? > > I'm not sure of the answer to that one sorry. You are in a quite select > group at present dealing with Gbps traffic rates. > (If you understand Eliezers response earlier it sounds good thoguh I'm not > sure I udnerstand the specifics myself yet). > > Amos > >
