Problem: internet navigation is extremely slow. I've used squid from 1999 with no problems at all; during last month, one proxy gave me a lot of troubles. First we upgraded the system, from RHEL5.x - squid 2.6.x to RHEL6.x squid3.4.x with no improvements. Second, we have bypassed the Trend Micro Interscan proxy (the parent proxy) without success. Third: I do not know what to do. So what should be done? Some configuration improvements (sysctl/squid)? Could it be a network related problem? (bandwidth/delay/MTU/other)? Pls., give me some hints. My boss wants to use bluecoat. I want to solve the issue. Regards Michele Masè Here are the configuration and some info: Environment: 1Gbit lan; 200Mbit internet bandwidth; Squid 3.4.0.2 from http://www1.ngtech.co.il/rpm/centos/6/$basearch, 2GB ram + 2x xeon 3GHZ, RHEL6, guest on VMware ESXi The server is more than 80% idle, more than 1GB free memory, no iowait. Configuration: see below: squid.conf: workers 2 acl SSL_ports port 443 acl Safe_ports port "/etc/squid/acls/Safe_ports.acl.list" acl myexample dstdomain "/etc/squid/acls/myexample.acl.list" acl domain-dst-direct dstdomain "/etc/squid/acls/domain-dst-direct.acl.list" acl ip-dst-direct dst "/etc/squid/acls/ip-dst-direct.acl.list" acl localnet src "/etc/squid/acls/ip-src-localnet.acl.list" acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access deny all always_direct allow all always_direct allow myexample always_direct allow localhost always_direct allow domain-dst-direct always_direct allow ip-dst-direct always_direct allow SSL_ports never_direct deny localhost never_direct deny domain-dst-direct never_direct allow all coredump_dir /var/spool/squid minimum_object_size 64 KB maximum_object_size 256 MB maximum_object_size_in_memory 2 MB cache_mem 1024 MB cache_dir ufs /cache 9000 16 256 cache_access_log stdio:/logs/squid/access.log cache_log /logs/squid/cache.log refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 sysctl.conf net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_max_syn_backlog = 4096 net.core.somaxconn = 1024 net.ipv4.tcp_keepalive_time = 3600 net.ipv4.ip_local_port_range = 1024 65000 net.core.netdev_max_backlog = 2048 The Response Time is slow and comparatively slower than bluecoat proxy During working hours extremely slow and sometimes some sites seems blocked Here are the connections: TIME_WAIT 4012 ################################################# CLOSE_WAIT 81 # FIN_WAIT1 42 # SYN_SENT 591 ######## FIN_WAIT2 136 ## ESTABLISHED 4950 ############################################################ SYN_RECV 13 # CLOSING 13 # LAST_ACK 81 # LISTEN 11 # ------------------------------------------------------------------------------- TOTAL 9930 squidclient mgr:info|grep file\ desc Sending HTTP request ... done. Maximum number of file descriptors: 32768 Largest file desc currently in use: 3419 Number of file desc currently in use: 6022 Available number of file descriptors: 26746 Reserved number of file descriptors: 200 With Proxy Blue Coat: Navigation is little bit better. Note: There is an external acl on firewall that allow network access to trusted sources only.
