irregular traffic when using proxy, not if NATed

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

irregular traffic when using proxy, not if NATed

le dahut
Hello.

On certain upload websites, the traffic monitor shows an irregular
traffic when uploading through squid, while uploading NATed (not using
squid) gives a regular traffic.

Traffic monitoring on the client gives this when using squid :
https://dev-eole.ac-dijon.fr/attachments/download/1978/trafic-en-ligne.ac-aix-marseille.png

And this when connecting directly to the website :
https://dev-eole.ac-dijon.fr/attachments/download/1998/trafic-en-ligne.ac-aix-marseille-NAT.png

"squid.conf" is here :
http://paste.ubuntu.com/23894668/


# squid -v
Squid Cache: Version 3.5.12
Service Name: squid
Ubuntu linux
configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc'
'--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.'
'--disable-maintainer-mode' '--disable-dependency-tracking'
'--disable-silent-rules' 'BUILDCXXFLAGS=-g -O2 -fPIE
-fstack-protector-strong -Wformat -Werror=format-security
-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now'
'--datadir=/usr/share/squid' '--sysconfdir=/etc/squid'
'--libexecdir=/usr/lib/squid' '--mandir=/usr/share/man'
'--enable-inline' '--disable-arch-native' '--enable-async-io=8'
'--enable-storeio=ufs,aufs,diskd,rock'
'--enable-removal-policies=lru,heap' '--enable-delay-pools'
'--enable-cache-digests' '--enable-icap-client'
'--enable-follow-x-forwarded-for'
'--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB'
'--enable-auth-digest=file,LDAP'
'--enable-auth-negotiate=kerberos,wrapper'
'--enable-auth-ntlm=fake,smb_lm'
'--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group'
'--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi'
'--enable-icmp' '--enable-zph-qos' '--enable-ecap'
'--disable-translation' '--with-swapdir=/var/spool/squid'
'--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid'
'--with-filedescriptors=65536' '--with-large-files'
'--with-default-user=proxy' '--enable-build-info=Ubuntu linux'
'--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2
-fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall'
'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now'
'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE
-fstack-protector-strong -Wformat -Werror=format-security'


Can you help me find out why ?


Regards,
  Klaas

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: irregular traffic when using proxy, not if NATed

Amos Jeffries
Administrator
On 31/01/2017 6:10 a.m., le dahut wrote:
> Hello.
>
> On certain upload websites, the traffic monitor shows an irregular
> traffic when uploading through squid, while uploading NATed (not using
> squid) gives a regular traffic.
>
<snip>
>
>
> Can you help me find out why ?
>

The first thing that comes to my mind is that this type of bunching in
the traffic graph is a sign of buffer bloat. Simply by using Squid you
are adding two buffers in each direction for the traffic as the client
and server connections are buffered separately. Bloat related problems
show up worst for CONNECT tunnels and uploads in Squid.

Your config shows the Squid buffers to be the default 16-64KB each
though so not exactly overly bloated on a transfer of 1 MB/s for ~30sec
straight. Could be compounding an underlying problem though.

The other thing that comes to mind is a bug in mem_node handling for
large objects. Any transfer that can fill a 1MB/s pipe for ~30sec is in
the range of objects which will start to see effects of Squid searching
memory for the next block of data to send or memory to read into.


To track down the actual reason you will need to figure out what Squid
is doing during the transfer. You do that with debug_options.

Some info on profiling Squid is mentioned at:
 <http://wiki.squid-cache.org/SquidFaq/SquidProfiling>

If you can replicate the problem on a machine that is not under a lot of
traffic load at the time you could use debug_options directive to raise
the debug level - "debug_options rotate=1 ALL,6" should give a lot of
info about whats happening.


I recommend that if you can please upgrade to the later 3.5.23 package
that is available for Ubuntu in 16.04 Xenial or later. There are quite a
few performance related issues that have been resolved in the .12
release. Not having to figure it out at all would be nice if possible.

HTH
Amos

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Loading...