On 3/08/2016 4:14 p.m., Michael Pelletier wrote: > I filter 7 Gbps of Internet with AD integration. > > To do this I have 28 CentOS VMs running in VMWare which are load balanced > (explicit and implicit traffic) The load balancer is also CentOS ipvs. > There are some 'rule of thumb' details that affect this type of installation; * ensuring that UFS based cache_dir (if any) do not share physical disk spindles. When using VM and other virtualised layers this can be very tricky to enforce. - if you can enforce is Squid will use that spindle to the hardware limits. - if you can't enforce it and any two Squid instances end up sharing their load capacity more than halves, and the disk lifetime is greatly reduced as disk I/O contention causes controller issues. * ensuring that heavily loaded Squid do not share their CPU core with other services. And core "threads" being (near) useless for Squid itself. - VM overheads themselves are to be avoided as much as possible. You may find the container approach better for Squid performance. * avoiding NTLM. It doubles the traffic load on the frontend compared to any other auth type. With special regards to VMs - some versions of VM tools have been shown that cloning the VM does something to greatly reduce its I/O capacities. If you have to use them at all a "clean install" type setup (eg. with ansible) is better to use than cloning an image. YMMV. HTH Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
