FYI; CPU in Squid is primarily consumed by two things:
1) parsing and processing HTTP message headers.
The only thing you can do about this is detect and reject unwanted
traffic as early as possible.
Your OS firewall is obviously the early line of defense. Preventing
unwanted network ranges from reaching Squid listening ports saves Squid
from spending CPU cycles looking up details about those unwanted clients.
Then for clients who are potentially valid the default http_access rules
reject dangerous traffic quickly and efficiently. Make sure any custom
http_access rules are listed *after* those ones. Then see (2).
2) processing access controls (ACL checks).
To optimize this needs attention to what order ACLs are tested in versus
how complex they are to process.
How many CPU cycles are consumed managing any resources they or other
processes they trigger is also important.
If you want a free optimization review please post your full squid.conf
(just without the documentation comments and empty lines). Then we can
point out any performance tricks you may not yet be using.
Beyond those two you are getting into "advanced admin" levels of
performance optimization. Where YMMV, Alex has mentioned. Every network
is different so none of us can say a specific thing to do that will be
better for you.
HTH
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users