[squid-users] Issue with Citrix sessions and squid

David Touzeau david at articatech.com
Fri Jul 10 13:34:49 UTC 2015


Many thanks Amos

With your suggests, we have found that the issue is generated by Palo 
Alto Client for Citrix
https://live.paloaltonetworks.com/docs/DOC-1321
And not from SQUID...



Le 08/07/2015 23:26, Amos Jeffries a écrit :
> On 9/07/2015 7:01 a.m., David Touzeau wrote:
>> Thanks Yuri,
>>
>> Any tips how to increase TCP/IP stack ?
>> Did you means TCP/IP stack on the Citrix Server side or on the squid
>> box  or both ?
> I'm thinking its a problem related to TCP sockets.
> A rough estimate calculatino of:
>   10 users x10 tabs x20 avg domains per page x 2 for happy eyeballs
> makes it somewhere up to 4k sockets in active use at any time. if the
> users are accessing domains with larger numbers ofdomains per page (ie
> Facebook has up to 100) that could be 20k concurrent sockets just from
> the browser.
>   By the time that goes through Squid it becomes 40k, and if you have
> ICAP it becomes "up to 80K" (out of an available 64k sockets).
>
> Then there is all the OS background services that use HTTP through the
> proxy, etc.
>
> Without Citrix the users internal src-IPs vary. Making available a 64k
> sockets per-user. Which is harder to reach, and the browser silently
> limits itself when socekts start to run out.
>
> Without Squid the Citrix connections are going to N different domains
> with varying dst-IP. Which again raises the available port numbers per-user.
>
>
> If the assumptino behind the above is right you should be able to
> alleviate the problem by having Squid listen on multiple ports and/or
> IPs. Then spreading the client connections out across those Squid ports.
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users



More information about the squid-users mailing list