Getting lot of client lifetime timeout and subsequently running out of file descriptors

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Getting lot of client lifetime timeout and subsequently running out of file descriptors

Chirayu Patel
Hi,

I am running squid version 4.6 and have set the file descriptors limit to 5000

I get an average of 1 lakh hits daily and in a day or 2 , I start getting these messages :

Sun Aug 18 15:00:29 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:29 2019 daemon.notice squid[4906]: 172.217.160.206:443
Sun Aug 18 15:00:32 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:32 2019 daemon.notice squid[4906]: 52.114.158.52:443
Sun Aug 18 15:00:32 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:32 2019 daemon.notice squid[4906]: 172.217.160.174:443
Sun Aug 18 15:00:36 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:36 2019 daemon.notice squid[4906]: 172.217.160.174:443
Sun Aug 18 15:00:37 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:37 2019 daemon.notice squid[4906]: 172.217.160.174:443
Sun Aug 18 15:00:41 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:41 2019 daemon.notice squid[4906]: 172.217.160.174:443
Sun Aug 18 15:00:42 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:42 2019 daemon.notice squid[4906]: 172.217.166.165:443
Sun Aug 18 15:00:44 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:44 2019 daemon.notice squid[4906]: 52.37.239.109:443
Sun Aug 18 15:00:44 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:44 2019 daemon.notice squid[4906]: 52.37.239.109:443
Sun Aug 18 15:00:47 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:47 2019 daemon.notice squid[4906]: 52.37.239.109:443
Sun Aug 18 15:00:47 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:47 2019 daemon.notice squid[4906]: 52.37.239.109:443
Sun Aug 18 15:00:48 2019 daemon.notice squid[4906]: WARNING: Closing client connection due to lifetime timeout
Sun Aug 18 15:00:48 2019 daemon.notice squid[4906]: 52.37.239.109:443

------------------------------------------------------------------------------------------------

Squid Config :

http_port 3129 intercept
https_port 3131 intercept ssl-bump cert=/etc/ray/certificates/myCA.pem \
    generate-host-certificates=off dynamic_cert_mem_cache_size=2MB
## For Captive Portal    
http_port 3132 intercept
https_port 3133 intercept ssl-bump cert=/etc/ray/certificates/myCA.pem \
    generate-host-certificates=off dynamic_cert_mem_cache_size=1MB

#sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
#sslcrtd_children 5

# TLS/SSL bumping definitions
acl tls_s1_connect at_step SslBump1
acl tls_s2_client_hello at_step SslBump2
acl tls_s3_server_hello at_step SslBump3

# TLS/SSL bumping steps
ssl_bump peek tls_s1_connect all # peek at TLS/SSL connect data
ssl_bump splice all # splice: no active bumping
on_unsupported_protocol tunnel all

pinger_enable off
digest_generation off
netdb_filename none
ipcache_size 128
fqdncache_size 128
via off
forwarded_for transparent
httpd_suppress_version_string on
cache deny all
cache_mem 0 MB
memory_pools off
shutdown_lifetime 0 seconds

#logfile_daemon /dev/null
access_log none

#acl good_url dstdomain .yahoo.com
http_access allow all

url_rewrite_program /tmp/squid/urlcat_server_start.sh
#url_rewrite_bypass on
url_rewrite_children 1 startup=1 idle=1 concurrency=30 queue-size=10000 on-persistent-overload=ERR
#url_rewrite_access allow all
#url_rewrite_extras "%>a/%>A %un %>rm bump_mode=%ssl::bump_mode sni=\"%ssl::>sni\" referer=\"%{Referer}>h\""
url_rewrite_extras "%>a %lp %ssl::>sni"

max_filedesc 5120
coredump_dir /tmp

-----------------------------------------------------------------------

1. Should i decrease the client_lifetime ? Or should i increase the File Descriptor limit ? or adjust the timeouts 

2. Also, there is a steady increase of memory on the device.. Squid is currently installed on an Access Point which is  a resource constrained device.. Is there any way to control it..

--
Thank You
Chirayu Patel
Truecom Telesoft 
+91 8758484287



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Getting lot of client lifetime timeout and subsequently running out of file descriptors

Amos Jeffries
Administrator
On 2019-08-19 07:14, Chirayu Patel wrote:

> Hi,
>
> I am running squid version 4.6 and have set the file descriptors limit
> to 5000
>
> I get an average of 1 lakh hits daily and in a day or 2 , I start
> getting these messages :
>
> Sun Aug 18 15:00:29 2019 daemon.notice squid[4906]: WARNING: Closing
> client connection due to lifetime timeout
...
>
> 1. Should i decrease the client_lifetime ? Or should i increase the
> File Descriptor limit ? or adjust the timeouts
>

I would be looking into why these clients are having such long
connection times that they hit the 1 day lifetime limit.

If they do not actually need connections open for that whole time, then
lowering the client_lifetime is safe enough. You will still get these
log entries, no avoiding that since the clients are holding onto
connections.

You may be able to raise the FD limits as well. On a limited devices I
would pair that with lowering the read_ahead_gap to 8 KB.


> 2. Also, there is a steady increase of memory on the device.. Squid is
> currently installed on an Access Point which is  a resource
> constrained device.. Is there any way to control it..
>

Steadily increasing number of very log-lived client connections is
likely th esource of that, each will be using up to 256KB of I/O
buffers. Preventing too many connections in parallel is the best thing
for that, so you are on the right track trying to remove/reduce these
ones hitting the lifetime.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users