<div><div><div dir="auto">Amos,</div></div><div dir="auto"><br></div><div dir="auto">Thank you for your reply.</div><div dir="auto">It was very helpful.</div><div dir="auto"><br></div><div dir="auto">> That number was gained before HTTPS became so popular. So YMMV depending<br>> on how many CONNECT tunnels you have to deal with. That HTTPS traffic can possibly be decrypted </div><div dir="auto">> and cached but performance trade-offs are quite large.<br></div><div dir="auto"><br></div><div dir="auto">Squid uses SSL-Bump.</div><div dir="auto">I'm very worried about the internet slowing down due to https decording. and I'm also worried about the internet slowing down due to using Blacklist.</div><div dir="auto">I load tens of thousands of URL(black list file) every time I set up ACL.</div><div dir="auto"><br></div><div dir="auto">How many requests does SSL-Bump in one second?</div><div dir="auto"><br></div><div dir="auto">Thank you,</div><div dir="auto">kitamura</div><div dir="auto"><br></div><div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">2020年8月5日(水) 10:32 Amos Jeffries <<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>>:<br></div></div></div></div><div><div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 5/08/20 11:28 am, m k wrote:<br>
>> We are considering to use Squid for our proxy, and would like to know<br>
>> performance sizing aspects.<br>
>><br>
>> Current web access request averages per 1 hour are as followings <br>
>> Clients:30,000、<br>
>> Page Views:141,741/hour<br>
>> *Requests:4,893,106<br>
>><br>
<br>
Okay. Requests and client count are the important numbers there.<br>
<br>
The ~1359 req/sec is well within a default Squid capabilities, which can<br>
extend up to around 10k req/sec before needing careful tuning.<br>
<br>That number was gained before HTTPS became so popular. So YMMV depending<br>on how many CONNECT tunnels you have to deal with. That HTTPS traffic<br>can possibly be decrypted and cached but performance trade-offs are<br>quite large.</blockquote><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
>> We will install Squid on CentOS 8.1. Please kindly share your<br>
>> thoughts / advices<br>
<br>
Whatever OS you are most comfortable with administering. Be aware that<br>
CentOS official Squid packages are very slow to update - Apparently they<br>
still have only v4.4 (8 months old) despite a 8.2 point release only a<br>
few weeks ago.<br>
<br>
So you may need to be building your own from sources and/or using other<br>
semi-official packagers such as the ones from Eliezer at NGTech when he<br>
gets around to CentOS 8 packages.<br>
<<a href="https://wiki.squid-cache.org/KnowledgeBase/CentOS" rel="noreferrer" target="_blank">https://wiki.squid-cache.org/KnowledgeBase/CentOS</a>><br>
<br>
<br>
FYI; If you find yourself having to use SSL-Bump, then we highly<br>
recommended to follow the latest Squid releases with fairly frequent<br>
updates (at minimum a few times per year - worst case monthly). If you<br>
like CentOS you may find Fedora more suitable to track the security<br>
environment volatility and update churn.<br>
<br>
<br>
>> Is there sizing methodology and tools?<br>
<br>
There are a couple of methodologies, depending on what aspect you are<br>
tuning towards - and one for identifying the limitation points to begin<br>
a tuning process tuning.<br>
<br>
The info you gave above is the beginning. Checking to see if your<br>
traffic rate is reasonably within capability of a single Squid instance.<br>
<br>
Yours is reasonable, so next step is to get Squid running and see where<br>
the trouble points (if any) are.<br>
<br>
For more see <<a href="https://wiki.squid-cache.org/SquidFaq/" rel="noreferrer" target="_blank">https://wiki.squid-cache.org/SquidFaq/</a>><br>
<br>
<br>
<br>
>> How much resources are generally recommended for our environment?<br>
>> CPU: Memory: Disk space : Other factors to be considered if any:<br>
>> Do you have a generally recommended performance testing tools? Any<br>
>> suggested guidelines?<br>
>><br>
<br>
<br>
CPU - squid is still mostly single-process. So prioritize faster GHz<br>
rates over core number. Multi-core can help of course, but not as much<br>
as cycle speeds do. Hyper-threading is useless for Squid.<br>
<br>
Memory - Squid will use as much as you can give it. Let your budget<br>
govern this.<br>
<br>
Disk - Squid will happily run with no disk - or lots of large ones.<br>
<br>
- Avoid RAID. Squid *will* shorten disk lifetimes with its unusually<br>
high write I/O pattern. How much shorter varies by disk type (HDD vs<br>
SSD). So you may find it better to plan budget towards maintenance costs<br>
of replacing disks in future rather than buying multiple up-front for<br>
RAID use.<br>
see <<a href="https://wiki.squid-cache.org/SquidFaq/RAID" rel="noreferrer" target="_blank">https://wiki.squid-cache.org/SquidFaq/RAID</a>> for details.<br>
<br>
- Up to a few hundred GB per cache_dir can be good for large caches.<br>
Going up to TB is not (yet) worth the disk cost as Squid has a per-cache<br>
limit on stored objects.<br>
<br>
- Disk caches can be re-tuned, added, moved, removed, and/or extended<br>
at any time and will depend on the profile of object sizes your proxy<br>
handles - which itself likely changes over time. So general let your<br>
budget decide the initial disks and work from there.<br>
<br>
<br>
<br>
Load Testing - the tools us dev use to review performance are listed at<br>
the bottom of the profiling FAQ page. These are best for testing the<br>
theoretical limits of a particular installation - real traffic tends to<br>
be somewhat lower. So I personally prefer taking stats from the running<br>
proxy on real traffic and seeing what I can observe from those.<br>
<br>
<br>
HTH<br>
Amos<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" rel="noreferrer" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</blockquote></div></div>
</div>