[squid-users] Squid slow down after awhile

Amos Jeffries squid3 at treenet.co.nz
Sat Oct 14 20:27:44 UTC 2017 

On 15/10/17 05:20, masoud mazarei wrote:
> i sent you an pcap file which shows the problem.
> my client ip is 172.22.127.1 and target host is  94.182.227.21.
> squid machine mac is e4:11:5b:ea:30:c2.
> filter pcap file in wireshark by filter "ip.host==94.182.227.21" you 
> will see that the first SYN packet arrived in No.304 and relative time 
> 6.637173 but first packet which goes out from cache machine as client by 
> squid happend in No.371 and relative time 45.013691

That kind of indicates the problem is either in how long the client 
takes to deliver the HTTP request to Squid, or DNS lookups to find the 
destination(s).

> what is happend in (6.637173 - 45.013691) duration.?

For a transparent proxy these things have happened between SYN on 
client<->Squid and SYN on Squid<->server:


* NAT/TPROXY record lookups for client connection state

* wait for the client to send its HTTP request.
  - with happy eyeballs there may be a large wait between the SYN and 
first data sent by client for ~50% of connections.

* parsing of that HTTP request message.

* DNS lookup(s) for Host header verification

* http_access checks

* Adaptation hooks (ICAP / eCAP), if any

* URL re-writer lookups, if any

* HTTP 'cache' directive ACL checks

* HTTP cache lookup

* DNS lookups to find destination, if any
  - this should be very fast since the Host verify results should be 
cached. But if any of the above took longer than DNS TTL new lookups may 
be required - naturally increasing the delay further.

* Destination selection

* TCP server connection(s) setup
  - if you are only looking at IPv4 packets you may be missing multiple 
SYN packets for IPv6 servers before the first IPv4 SYN packet appears.


The points above with sub-notes are the ones most likely to be delayed 
for seconds. You may be seeing one particular source of the problem, or 
multiple adding together. 45 sec seems an unusual number. Most of the 
timeouts in Squid and networking are multiples of 30 sec.



> which debug level will help me to know what is happend in background?
> i enabled
> "debug_options 5,3 6,3 46,3 11,3 19,3 55,3 58,3"
> BUT there is no valuable data to solve this problem.
> 

You may need an ALL,6 trace then to see if there are any clues in odd 
places. As verbose as it is the debugging in Squid is far from complete 
so for some of these delay issues there no specific lines to look for 
mention and we have to go by relative timing of things.

The durations between actions on the list of points above should narrow 
down a bit better what to look at.

Amos

More information about the squid-users mailing list