[squid-users] Fwd: Squid - Keepalive connections issue

Amos Jeffries squid3 at treenet.co.nz
Tue Apr 24 10:01:04 UTC 2018 

On 24/04/18 10:46, Vishali Somaskanthan wrote:
> Hi all,
> 
> I am working on opening up a persistent connection from Squid -> server.
> i have 2 questions. 
> 
> 1. I find Squid sometimes sends a [FIN, ACK] signal to server as a
> result of which, Squid sends RST and resets the connection. Ideally, for
> persistent connections, this shouldn't be the case. Can somebody help me
> in this regard? Am I missing any other config directives with respect to
> establishing keep-alive connections?? 

You are missing the part were the server (or something) is sending FIN
to Squid. FIN ACK is the _answer_ responding to a server FIN.

Connections MAY be closed at any time for any reason. It may not even be
the server sending the FIN but some hardware, router or other software
or device along the traffic route.

RST occuring after the FIN ACK is usually a sign that some other things
along the path is probably sending the FIN - not the server itself
unless you have REALLY bad routing and latency problems.
 NP: Experience tells me to start by looking for NAT devices along the
traffic path when this happens. Replacing NAT and old routers usually
makes this type of symptom magically disappear.


> 
> 2. Are there any ways to configure how many number of keep-alive
> connections should be initiated to the server??

No. The default for keep-alive is simply "all of them". Anything you can
configure will merely be a reduction in service ability.

> 
> PS: 
> 1. I am using Squid 4
> 2. I have my /server_persistent_connections on/ and
> /client_persistent_connections on/
> 3. Also, I enabled persistent connections for POST requests as well by
> the following lines.
> /acl post_req method POST PUT
> /
> /server_pconn_for_nonretriable allow post_req /
> 

That is all you can do. Squid is at the mercy of client and server
software - if *they* do not also use every available HTTP mechanism to
enable keep-alive on messages then eventually they will send a message
that ends the connection. There is nothing Squid can do about that.


What you can do is work with the server to ensure *it* is doing its best
to retain persistence. Make sure that it supports HTTP/1.1 chunked
encoding, AND that it uses that encoding to prevent messages with
unknown-length payloads closing connections.

If the messages to your server are CONNECT messages, discard all hope.
The traffic ceases to even be HTTP right after the tunnel setup is
complete. Tunnels can stay open for long time, but when they are done
they are done absolutely and the entire TCP connection ends as well.

Amos

More information about the squid-users mailing list