[squid-users] Scaling concurrent TCP sessions beyond ephemeral port range
Praveen Ponakanti
pponakanti at roblox.com
Mon May 23 05:36:43 UTC 2022
Hi Amos,
Thanks will keep you posted if we proceed with the sock option flag and are
able to test it in our environment.
BTW, noticed that using multiple outbound IP's each with their own ACLs,
slows the squid server significantly after about 80k concurrent sessions.
We will test out both solutions and get in touch.
Thanks
Praveen
On Fri, May 20, 2022 at 9:31 PM Amos Jeffries <squid3 at treenet.co.nz> wrote:
> On 20/05/22 19:44, Praveen Ponakanti wrote:
> > Hi Alex,
> >
> > Thanks for going through several steps to help mitigate src port
> > exhaustion. We are looking to achieve 400-500% more
> > concurrent connections if we could :) as there is a significant buffer
> > on the available CPU.
>
> Then you require at least 4, maybe 5, IP addresses to handle that many
> concurrent connections with Squid.
>
>
> > The option to use multiple tcp_outoing_addresses appears to be promising
> > along with some tweaks to the TCP timeouts. I guess we could use ACLs to
> > pick a different outbound IP based on the requesting client's prefix. We
> > had not considered that option as the ephemeral ports were no longer
> > available to other applications when squid uses most of them with a
> > single outbound IP configured. We are also looking to modify the code to
> > use the IP_BIND_ADDRESS_NO_PORT sockopt as that could help delay port
> > assignment with the bind() call on the outbound TCP sessions (to
> > hopefully allow access to the 4-tuple on the socket).
>
> Patches welcome.
>
> However, please be aware that use of the 4-tuple is often no different
> from the 3-tuple since the dst-port is typically identical for all
> outgoing traffic to a given dst-IP.
>
>
> Cheers
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20220522/4c4a3043/attachment.htm>
More information about the squid-users
mailing list