[squid-users] Squid as forward proxy far slow than Shadowsocks

[Amos Jeffries]

On 23/02/2016 6:41 a.m., Billy.Zheng (zw963) wrote:
> and connect to server with shadowssocks android app, the speed is
> improve a lot, I can access almost any website as i did in my laptop ,
> and more faster.
> 
> I love squid, so I want to know why those big difference between those
> two software.

The main difference is protocol type. You are comparing SOCKS protocol
with HTTP.

SOCKS has more in common with NAT. A simple mapping of "packets with
certain IP:port (all) go to router X:y". Processing this is extremely
fast as all it requires is swapping ~12 bytes in each packet to new
values and leaving it to be delivered to the new location.

Squid is actually parsing and processing the TLS and HTTP(S) messages
inside each packet stream - which have to be queued and buffered to get
enough packet data for each message (messages being bigger than
packets). All that work slows the traffic down and takes up machine
resources, which further slows down how much traffic can be processed
per second.

Which one you need to use depends on your requirements. If its just
getting the traffic from A to B, then SOCKS is as good or better than
Squid. Proper routing rules would be even better.

If you need to manage traffic based on anything in the HTTP messages
themselves. Then Squid is the better tool despite the speed differences.

You will find the same tradeoff between fine grained control and speed
with any networking software or protocols. Even between different Squid
configurations. For example you might get faster traffic by moving from
stunnel+Squid to a Squid with intercept, ssl-bump and "ssl_bump splice
all" in the latest Squid-3.5 releases.


Amos