On 20/05/22 19:44, Praveen Ponakanti wrote:
Hi Alex,
Thanks for going through several steps to help mitigate src port
exhaustion. We are looking to achieve 400-500% more
concurrent connections if we could :) as there is a significant buffer
on the available CPU.
Then you require at least 4, maybe 5, IP addresses to handle that many
concurrent connections with Squid.
The option to use multiple tcp_outoing_addresses appears to be promising
along with some tweaks to the TCP timeouts. I guess we could use ACLs to
pick a different outbound IP based on the requesting client's prefix. We
had not considered that option as the ephemeral ports were no longer
available to other applications when squid uses most of them with a
single outbound IP configured. We are also looking to modify the code to
use the IP_BIND_ADDRESS_NO_PORT sockopt as that could help delay port
assignment with the bind() call on the outbound TCP sessions (to
hopefully allow access to the 4-tuple on the socket).
Patches welcome.
However, please be aware that use of the 4-tuple is often no different
from the 3-tuple since the dst-port is typically identical for all
outgoing traffic to a given dst-IP.
Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
