Hey Saravanan,
The main issue is that we can try to support you in a very basic way but
note that if it's a BUG it cannot be fixed later rather then porting a
patch manually or to try newer versions of squid.
Sometimes it's a bit difficult to upgrade but you can compile squid
without installing it and also installing it along side older version
(with proper configurations).
Your problem is a bit difficult to understand since if you use a proxy
server with 100hz I assume this is what you will get from it..
There are couple levels to the connections which needs to be analyzed
first before jumping and throwing everything on the linux machine.
The availability of example bug reports is nice to analyze but I am not
sure this is the case.
10Mbps link or 15Mbps link is almost the same but some things in the
network are out of your hands.
First the diagram is a bit weird to me..
what is the network topology and what hardware are we talking about?
There is a reason for *dropping* from 6.5 to 8.5 Mbps.
Either this is being consumed in a way or it might be throttled in a way.
Both can be squid or in any other level of the link and even physical one.
A cat4 cable with a loose contact will lead for something like that in
some cases.
So I am saying "from the ground up".
What is the IP of the client?
Is this server properly firewalled?
What is the basic TCP settings for CLOSE_WAIT timeout?
Do you have iptraf installed on this server?
You can look at the "general interface statistics" or "Detailed
interface statistics" to identify couple things.
The iptraf tool can give you another angle on your network traffic(note
that using it on a ssh can be confusing due to the ssh overhead usage of
the link)
It can happen that squid server "slows" down the connection but not in
most cases.
So we need: basic network diagram or "picture" like "a cable goes from
this computer to this switch and from this switch to this router and
from this router to this switch".
If you can add IP addresses it will help me to understand the big picture.
I am not sure yet what is the client IP and what is the speed between
each connection and whether it's a full-duplex half-duplex or no-duplex
support at all.
Are talking about a LAN traffic only? what about DNS and WAN traffic?
Thanks,
Eliezer
On 04/12/13 18:02, SaRaVanAn wrote:
Hi All,
I need a help on this issue. On heavy network traffic with squid
running, link bandwidth is not utilized properly. If I bypass squid,
my link bandwidth is utilized properly.
Updated topology:
=============
(10 Mbps Link)
client< ------- > Squid Box <-------> Proxy client<------> Proxy
server<---> webserver
During problem scenario, I could see more tcp sessions with FIN_WAIT_1
state in Proxy server . I also observed that Recv -q in CLOSE_WAIT
state is getting increased in Squid Box. The number of tcp sessions
from Squid to webserver are also getting dropped drastically.
Squid.conf
========
http_port 3128 tproxy transparent
http_port 80 accel defaultsite=xyz.abc.com
hierarchy_stoplist cgi-bin
acl VIDEO url_regex ^http://fa\.video\.abc\.com
cache allow VIDEO
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 100 MB
cache_swap_low 70
cache_swap_high 80
maximum_object_size 51200 KB
maximum_object_size_in_memory 10 KB
ipcache_size 8192
fqdncache_size 8192
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA
cache_dir aufs //var/logs/cache 6144 16 256
access_log //var/logs/access.log squid
cache_log //var/logs/cache.log
cache_store_log none
mime_table //var/opt/abs/config/acpu/mime.conf
pid_filename //var/run/squid.pid
refresh_pattern -i fa.video.abc.com/* 600 0% 600 override-expire
override-lastmod reload-into-ims ignore-reload
refresh_pattern -i video.abc.com/* 600 0% 600 override-expire
override-lastmod reload-into-ims ignore-reload
refresh_pattern -i media.abc.com/* 600 0% 600 override-expire
override-lastmod reload-into-ims ignore-reload
refresh_pattern -i xyz.abc.com/.*\.js 600 200% 600 override-expire
override-lastmod reload-into-ims
refresh_pattern -i xyz.abc.com/.*\.gif 600 200% 600 override-expire
override-lastmod reload-into-ims
refresh_pattern -i xyz.abc.com/.*\.jpg 600 200% 600 override-expire
override-lastmod reload-into-ims
refresh_pattern -i xyz.abc.com/.*\.jpg 600 200% 600 override-expire
override-lastmod reload-into-ims
refresh_pattern -i xyz.abc.com/.*\.png 600 200% 600 override-expire
override-lastmod reload-into-ims
refresh_pattern -i xyz.abc.com/.*\.css 600 200% 600 override-expire
override-lastmod reload-into-ims
refresh_pattern -i ^http://.wsj./.* 10 200% 10 override-expire
override-lastmod reload-into-ims ignore-reload
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 480 100% 480
override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(htm|html|js|css)$ 480 100% 480 override-expire
override-lastmod reload-into-ims
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 0 KB
quick_abort_max 0 KB
negative_ttl 1 minutes
positive_dns_ttl 1800 seconds
forward_timeout 2 minutes
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl video_server dstdomain cs.video.abc.com
always_direct allow video_server
acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT all
http_access allow all
icp_access allow all
tcp_outgoing_address 172.19.134.2
visible_hostname 172.19.134.2
server_persistent_connections off
logfile_rotate 1
error_maphttp://localhost:1000/abp/squidError.do 404
memory_pools off
store_objects_per_bucket 100
strip_query_terms off
coredump_dir //var/cache
store_dir_select_algorithm round-robin
cache_peer 172.19.134.2 parent 1000 0 no-query no-digest originserver
name=aportal
cache_peerwww.abc.com parent 80 0 no-query no-digest originserver name=dotcom
cache_peer guides.abc.com parent 80 0 no-query no-digest originserver
name=travelguide
cache_peer selfcare.abc.com parent 80 0 no-query no-digest
originserver name=selfcare
cache_peer abcd.mediaroom.com parent 80 0 no-query no-digest
originserver name=mediaroom
acl webtrends url_regex ^http://statse\.webtrendslive\.com
acl the_host dstdom_regex xyz\.abc\.com
acl abp_regex url_regex ^http://xyz\.abc\.com/abp
acl gbp_regex url_regex ^http://xyz\.abc\.com/gbp
acl abcdstatic_regex url_regex ^http://xyz\.goginflight\.com/static
acl dotcom_regex url_regex ^www\.abc\.com
acl dotcomstatic_regex url_regex ^www\.abc\.com/static
acl travelguide_regex url_regex ^http://guides\.abc\.com
acl selfcare_regex url_regex ^http://selfcare\.abc\.com
acl mediaroom_regex url_regex ^http://abcd\.mediaroom\.com
never_direct allow abp_regex
cache_peer_access aportal allow abp_regex
acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT all
http_access allow all
icp_access allow all
tcp_outgoing_address 172.19.134.2
visible_hostname 172.19.134.2
server_persistent_connections off
logfile_rotate 1
error_maphttp://localhost:1000/abp/squidError.do 404
memory_pools off
store_objects_per_bucket 100
strip_query_terms off
coredump_dir //var/cache
store_dir_select_algorithm round-robin
cache_peer 172.19.134.2 parent 1000 0 no-query no-digest originserver
name=aportal
cache_peerwww.abc.com parent 80 0 no-query no-digest originserver name=dotcom
cache_peer guides.abc.com parent 80 0 no-query no-digest originserver
name=travelguide
cache_peer selfcare.abc.com parent 80 0 no-query no-digest
originserver name=selfcare
cache_peer abcd.mediaroom.com parent 80 0 no-query no-digest
originserver name=mediaroom
acl webtrends url_regex ^http://statse\.webtrendslive\.com
acl the_host dstdom_regex xyz\.abc\.com
acl abp_regex url_regex ^http://xyz\.abc\.com/abp
acl gbp_regex url_regex ^http://xyz\.abc\.com/gbp
acl abcdstatic_regex url_regex ^http://xyz\.goginflight\.com/static
acl dotcom_regex url_regex ^www\.abc\.com
acl dotcomstatic_regex url_regex ^www\.abc\.com/static
acl travelguide_regex url_regex ^http://guides\.abc\.com
acl selfcare_regex url_regex ^http://selfcare\.abc\.com
acl mediaroom_regex url_regex ^http://abcd\.mediaroom\.com
never_direct allow abp_regex
cache_peer_access aportal allow abp_regex
acl PURGE method PURGE
http_access allow PURGE localhost
http_access deny PURGE
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT all
http_access allow all
icp_access allow all
tcp_outgoing_address 172.19.134.2
visible_hostname 172.19.134.2
server_persistent_connections off
logfile_rotate 1
error_maphttp://localhost:1000/abp/squidError.do 404
memory_pools off
store_objects_per_bucket 100
strip_query_terms off
coredump_dir //var/cache
store_dir_select_algorithm round-robin
cache_peer 172.19.134.2 parent 1000 0 no-query no-digest originserver
name=aportal
cache_peerwww.abc.com parent 80 0 no-query no-digest originserver name=dotcom
cache_peer guides.abc.com parent 80 0 no-query no-digest originserver
name=travelguide
cache_peer selfcare.abc.com parent 80 0 no-query no-digest
originserver name=selfcare
cache_peer abcd.mediaroom.com parent 80 0 no-query no-digest
originserver name=mediaroom
acl webtrends url_regex ^http://statse\.webtrendslive\.com
acl the_host dstdom_regex xyz\.abc\.com
acl abp_regex url_regex ^http://xyz\.abc\.com/abp
acl gbp_regex url_regex ^http://xyz\.abc\.com/gbp
acl abcdstatic_regex url_regex ^http://xyz\.goginflight\.com/static
acl dotcom_regex url_regex ^www\.abc\.com
acl dotcomstatic_regex url_regex ^www\.abc\.com/static
acl travelguide_regex url_regex ^http://guides\.abc\.com
acl selfcare_regex url_regex ^http://selfcare\.abc\.com
acl mediaroom_regex url_regex ^http://abcd\.mediaroom\.com
never_direct allow abp_regex
cache_peer_access aportal allow abp_regex
cache_peer_access aportal allow abp_regex
cache_peer_access dotcom allow dotcom_regex
cache_peer_access dotcom allow dotcomstatic_regex
cache_peer_access travelguide allow travelguide_regex
cache_peer_access selfcare allow selfcare_regex
cache_peer_access mediaroom allow mediaroom_regex
cache deny webtrends
Do i need to tune squid.conf / tcp parameters in order to address this issue?
Please share your suggestions on this.
Regards,
Saravanan N