Quantcast

Slow performance through Squid

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Slow performance through Squid

fRANz
Hi,

for personal use I've a Soekris net4801 board with OpenBSD and Squid
as firewall and proxy server.
Squid works in transparent mode on the same Soekris board, pf send to
it http traffic with an rdr rule:

rdr pass inet proto tcp from $prv_ad to any port 80 \
        -> 127.0.0.1 port 3128

Without rdr rule (so without Squid), Speedtest reports 3.5Mbps as
download speed, when I enable rdr speed goes down to only 2.6Mbps.
How can I improve my Squid config to reach 3.5Mbps?!

More details:
board: Soekris net4801
os: OpenBSD 4.6
squid: squid-2.7.STABLE6

- squid config: -------------------------------------------------
http_port 127.0.0.1:3128 transparent
visible_hostname proxy.local.domain
cache_mgr [hidden email]

acl CONNECT method CONNECT
acl all src 0.0.0.0/0.0.0.0
acl restr src 192.168.100.50 192.168.100.51 \
        192.168.100.52 192.168.100.53 192.168.100.54
acl tutto src 192.168.100.0/255.255.255.0
acl localhost src 127.0.0.1
acl filetypes urlpath_regex -i "/etc/squid/extra/filetypes"
acl adservers dstdomain "/etc/squid/extra/adservers"
acl whitelist dstdomain "/etc/squid/extra/whitelist"
acl Skype_UA browser ^skype^

cache deny all
http_access allow whitelist
http_access deny adservers
http_access allow CONNECT localhost Skype_UA
http_access allow tutto !restr
http_access deny restr filetypes
http_access allow restr
http_access deny all

access_log syslog:daemon.info
emulate_httpd_log on
cache_log /dev/null
cache_store_log none
----------------------------------------------------------------------------

Let me know if futher information are required.
Thank you for any tips,
-f
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Slow performance through Squid

Luis Daniel Lucio Quiroz-2
Le mercredi 11 août 2010 15:39:52, fRANz a écrit :

> Hi,
>
> for personal use I've a Soekris net4801 board with OpenBSD and Squid
> as firewall and proxy server.
> Squid works in transparent mode on the same Soekris board, pf send to
> it http traffic with an rdr rule:
>
> rdr pass inet proto tcp from $prv_ad to any port 80 \
>         -> 127.0.0.1 port 3128
>
> Without rdr rule (so without Squid), Speedtest reports 3.5Mbps as
> download speed, when I enable rdr speed goes down to only 2.6Mbps.
> How can I improve my Squid config to reach 3.5Mbps?!
>
> More details:
> board: Soekris net4801
> os: OpenBSD 4.6
> squid: squid-2.7.STABLE6
>
> - squid config: -------------------------------------------------
> http_port 127.0.0.1:3128 transparent
> visible_hostname proxy.local.domain
> cache_mgr [hidden email]
>
> acl CONNECT method CONNECT
> acl all src 0.0.0.0/0.0.0.0
> acl restr src 192.168.100.50 192.168.100.51 \
>         192.168.100.52 192.168.100.53 192.168.100.54
> acl tutto src 192.168.100.0/255.255.255.0
> acl localhost src 127.0.0.1
> acl filetypes urlpath_regex -i "/etc/squid/extra/filetypes"
> acl adservers dstdomain "/etc/squid/extra/adservers"
> acl whitelist dstdomain "/etc/squid/extra/whitelist"
> acl Skype_UA browser ^skype^
>
> cache deny all
> http_access allow whitelist
> http_access deny adservers
> http_access allow CONNECT localhost Skype_UA
> http_access allow tutto !restr
> http_access deny restr filetypes
> http_access allow restr
> http_access deny all
>
> access_log syslog:daemon.info
> emulate_httpd_log on
> cache_log /dev/null
> cache_store_log none
> ---------------------------------------------------------------------------
> -
>
> Let me know if futher information are required.
> Thank you for any tips,
> -f
As far as i know soekris boxes, i also install linux on them, this coould be
because IO.  Try disabling your cache_dir cache, only use memory cache.  This
should improve performance.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Slow performance through Squid

Amos Jeffries
Administrator
On Wed, 11 Aug 2010 17:41:04 -0500, Luis Daniel Lucio Quiroz
<[hidden email]> wrote:

> Le mercredi 11 août 2010 15:39:52, fRANz a écrit :
>> Hi,
>>
>> for personal use I've a Soekris net4801 board with OpenBSD and Squid
>> as firewall and proxy server.
>> Squid works in transparent mode on the same Soekris board, pf send to
>> it http traffic with an rdr rule:
>>
>> rdr pass inet proto tcp from $prv_ad to any port 80 \
>>         -> 127.0.0.1 port 3128
>>
>> Without rdr rule (so without Squid), Speedtest reports 3.5Mbps as
>> download speed, when I enable rdr speed goes down to only 2.6Mbps.
>> How can I improve my Squid config to reach 3.5Mbps?!
>>
>> More details:
>> board: Soekris net4801
>> os: OpenBSD 4.6
>> squid: squid-2.7.STABLE6
>>
>> - squid config: -------------------------------------------------
>> http_port 127.0.0.1:3128 transparent
>> visible_hostname proxy.local.domain
>> cache_mgr [hidden email]

Sigh. So the remote admin who want to contact you about problems they
encounter coming out of your proxy are supposed to email [hidden email]
about the host at proxy.local.domain?. Very helpful :(

>>
>> acl CONNECT method CONNECT
>> acl all src 0.0.0.0/0.0.0.0
>> acl restr src 192.168.100.50 192.168.100.51 \
>>         192.168.100.52 192.168.100.53 192.168.100.54
>> acl tutto src 192.168.100.0/255.255.255.0

 acl all src all
 acl restr src 192.168.100.50-192.168.100.54
 acl tutto src 192.168.100.0/24

:)

>> acl localhost src 127.0.0.1
>> acl filetypes urlpath_regex -i "/etc/squid/extra/filetypes"
>> acl adservers dstdomain "/etc/squid/extra/adservers"
>> acl whitelist dstdomain "/etc/squid/extra/whitelist"
>> acl Skype_UA browser ^skype^
>>
>> cache deny all
>> http_access allow whitelist
>> http_access deny adservers
>> http_access allow CONNECT localhost Skype_UA
>> http_access allow tutto !restr
>> http_access deny restr filetypes
>> http_access allow restr
>> http_access deny all
>>
>> access_log syslog:daemon.info
>> emulate_httpd_log on

Um. Logging to syslog in apache format. Okay.

  access_log syslog:daemon.info common

>> cache_log /dev/null

Please at least start Squid with the command line options -s or -l which
will pipe the critical process errors into your syslog as well.

>> cache_store_log none
>>
---------------------------------------------------------------------------
>> -
>>
>> Let me know if futher information are required.
>> Thank you for any tips,
>> -f
> As far as i know soekris boxes, i also install linux on them, this
coould
> be
> because IO.  Try disabling your cache_dir cache, only use memory cache.
> This
> should improve performance.

Particularly since you have "cache deny all" anyway. That change will make
the temporary holding objects not cycle through disk in transit only to be
deleted.

Amos

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Slow performance through Squid

fRANz
On Thu, Aug 12, 2010 at 5:40 AM, Amos Jeffries <[hidden email]> wrote:

>>> http_port 127.0.0.1:3128 transparent
>>> visible_hostname proxy.local.domain
>>> cache_mgr [hidden email]
>
> Sigh. So the remote admin who want to contact you about problems they
> encounter coming out of your proxy are supposed to email [hidden email]
> about the host at proxy.local.domain?. Very helpful :(

just a personal use :-) don't worry

>>> acl CONNECT method CONNECT
>>> acl all src 0.0.0.0/0.0.0.0
>>> acl restr src 192.168.100.50 192.168.100.51 \
>>>         192.168.100.52 192.168.100.53 192.168.100.54
>>> acl tutto src 192.168.100.0/255.255.255.0
>
>  acl all src all
>  acl restr src 192.168.100.50-192.168.100.54
>  acl tutto src 192.168.100.0/24

OK! Thanks for the tip.

>>> access_log syslog:daemon.info
>>> emulate_httpd_log on
>
> Um. Logging to syslog in apache format. Okay.
>
>  access_log syslog:daemon.info common

Uh? :-) emulate_httpd_log could slow down Squid?

Regards,
-f
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Slow performance through Squid

Amos Jeffries
Administrator
fRANz wrote:

> On Thu, Aug 12, 2010 at 5:40 AM, Amos Jeffries <[hidden email]> wrote:
>
>>>> http_port 127.0.0.1:3128 transparent
>>>> visible_hostname proxy.local.domain
>>>> cache_mgr [hidden email]
>> Sigh. So the remote admin who want to contact you about problems they
>> encounter coming out of your proxy are supposed to email [hidden email]
>> about the host at proxy.local.domain?. Very helpful :(
>
> just a personal use :-) don't worry
>
>>>> acl CONNECT method CONNECT
>>>> acl all src 0.0.0.0/0.0.0.0
>>>> acl restr src 192.168.100.50 192.168.100.51 \
>>>>         192.168.100.52 192.168.100.53 192.168.100.54
>>>> acl tutto src 192.168.100.0/255.255.255.0
>>  acl all src all
>>  acl restr src 192.168.100.50-192.168.100.54
>>  acl tutto src 192.168.100.0/24
>
> OK! Thanks for the tip.
>
>>>> access_log syslog:daemon.info
>>>> emulate_httpd_log on
>> Um. Logging to syslog in apache format. Okay.
>>
>>  access_log syslog:daemon.info common
>
> Uh? :-) emulate_httpd_log could slow down Squid?
>

About one CPU cycle per output line. :-)

emulate_* has been deprecated since 2.5. So could be gone when you next
upgrade. One less config line too.

Amos
--
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.6
   Beta testers wanted for 3.2.0.1
Loading...