[squid-users] Always getting TCP connection failed in cache.log

Wed Sep 9 17:43:17 UTC 2015

On 9/09/2015 10:21 p.m., Akmal Abbasov wrote:
> Hi, 
> I have a squid 3.3, which has 1 parent, no siblings.
> The cache.log file is full of
> 2015/09/09 10:13:08| TCP connection to parent1.net/443 failed
> 2015/09/09 10:13:12| TCP connection to parent1.net/443 failed
> 2015/09/09 10:13:13| TCP connection to parent1.net/443 failed
> 2015/09/09 10:13:15| TCP connection to parent1.net/443 failed
> 2015/09/09 10:13:15| Detected DEAD Parent: Parent1
> 2015/09/09 10:13:16| Detected REVIVED Parent: Parent1
> 2015/09/09 10:13:37| TCP connection to parent1.net/443 failed
> 2015/09/09 10:13:38| TCP connection to parent1.net/443 failed
> 2015/09/09 10:13:40| TCP connection to parent1.net/443 failed
> 2015/09/09 10:13:49| TCP connection to parent1.net/443 failed
> 2015/09/09 10:13:53| TCP connection to parent1.net/443 failed
> 2015/09/09 10:13:58| TCP connection to parent1.net/443 failed
> 2015/09/09 10:14:10| TCP connection to parent1.net/443 failed
> 2015/09/09 10:14:14| TCP connection to parent1.net/443 failed
> 2015/09/09 10:14:16| TCP connection to parent1.net/443 failed
> 2015/09/09 10:14:16| TCP connection to parent1.net/443 failed
> 2015/09/09 10:14:16| Detected DEAD Parent: Parent1
> 2015/09/09 10:14:19| Detected REVIVED Parent: Parent1
> 2015/09/09 10:14:46| TCP connection to parent1.net/443 failed
> 2015/09/09 10:14:46| Error sending to ICMPv6 packet to []. ERR: (101) Network is unreachable
> 2015/09/09 10:14:49| TCP connection to parent1.net/443 failed
> 2015/09/09 10:14:55| TCP connection to parent1.net/443 failed
> 2015/09/09 10:14:57| TCP connection to parent1.net/443 failed
> 2015/09/09 10:14:59| TCP connection to parent1.net/443 failed
> 2015/09/09 10:15:01| TCP connection to parent1.net/443 failed
> 2015/09/09 10:15:16| TCP connection to parent1.net/443 failed
> 2015/09/09 10:15:17| TCP connection to parent1.net/443 failed
> 2015/09/09 10:15:20| TCP connection to parent1.net/443 failed
> 2015/09/09 10:15:29| TCP connection to parent1.net/443 failed
> 2015/09/09 10:15:29| Detected DEAD Parent: Parent1
> 
> The cache_peer is configured as follows 
> cache_peer parent1.net parent 443 0 no-query no-digest originserver ssl ssloptions=NO_SSLv3 name=Parent1
> 
> One more thing, 
> There are TCP_MISS/500 in access.log at the exact same time as 2015/09/09 10:14:19| Detected REVIVED Parent: Parent1 messages in cache.log.

Noted. Though be aware that many other requests could be happening in
that same second.

> 
> I would appreciate any suggestions.
> 

Some things to look at:

* is connectivity to that peer actually "good" during all this?

* is that answer the same for all IPs that peers hostname resolves to?

Both IPv4 and IPv6 are relevant. The ICMP error might be a hint.

* does the peer support TLSv1.x ?

* is the openssl library underneath your Squid a recent version?
 which version is it?

* does adding no-netdb-exchange improve things?

* does using ssloptions=NO_SSLv2:NO_SSLv3 help?

* are these CONNECT requests going through?

* is an upgrade possible?
 we have fixed several bugs that could lead to that type of behaviour
If not, what is your squid -v output? we will need that to identify if
any of the known bugs are possibly relevant.

Amos