<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0cm;
margin-right:0cm;
margin-bottom:0cm;
margin-left:36.0pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EstiloCorreioEletrnico18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:389689272;
mso-list-type:hybrid;
mso-list-template-ids:-1002645680 135659531 135659523 135659525 135659521 135659523 135659525 135659521 135659523 135659525;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:1734425865;
mso-list-type:hybrid;
mso-list-template-ids:1663751036 -780337962 135659523 135659525 135659521 135659523 135659525 135659521 135659523 135659525;}
@list l1:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=PT link=blue vlink=purple style='word-wrap:break-word'><div class=WordSection1><p class=MsoNormal><span style='mso-fareast-language:EN-US'>Hi<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'>I will not use cache in this project.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'>Yes, I will need<o:p></o:p></span></p><ul style='margin-top:0cm' type=disc><li class=MsoListParagraph style='margin-left:0cm;mso-list:l1 level1 lfo1'><span lang=EN-US style='mso-fareast-language:EN-US'>ACL (based on Domain, AD user, Headers, User Agent…)<o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0cm;mso-list:l1 level1 lfo1'><span lang=EN-US style='mso-fareast-language:EN-US'>Authentication<o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0cm;mso-list:l1 level1 lfo1'><span lang=EN-US style='mso-fareast-language:EN-US'>SSL bump just for one domain.<o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0cm;mso-list:l1 level1 lfo1'><span lang=EN-US style='mso-fareast-language:EN-US'>DNS resolution (I will use Unbound DNS service for this)<o:p></o:p></span></li></ul><p class=MsoListParagraph><span lang=EN-US style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'>Also, I will divide the traffic between two Squid box instead just one.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'>So each box will handle around 50k request.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'>Each box have:<o:p></o:p></span></p><ul style='margin-top:0cm' type=disc><li class=MsoListParagraph style='margin-left:0cm;mso-list:l0 level1 lfo2'><span lang=EN-US> CPU(s) 16</span><span lang=EN-US style='mso-fareast-language:EN-US'><o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0cm;mso-list:l0 level1 lfo2'><span lang=EN-US> Threads per code 2</span><span lang=EN-US style='mso-fareast-language:EN-US'><o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0cm;mso-list:l0 level1 lfo2'><span lang=EN-US>Cores per socket 8</span><span lang=EN-US style='mso-fareast-language:EN-US'><o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0cm;mso-list:l0 level1 lfo2'><span lang=EN-US>Sockets 1</span><span lang=EN-US style='mso-fareast-language:EN-US'><o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0cm;mso-list:l0 level1 lfo2'><span lang=EN-US>Inter Xeron Silver 4208 @ 2.10GHz</span><span lang=EN-US style='mso-fareast-language:EN-US'><o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0cm;mso-list:l0 level1 lfo2'><span lang=EN-US>96GB Ram</span><span lang=EN-US style='mso-fareast-language:EN-US'><o:p></o:p></span></li><li class=MsoListParagraph style='margin-left:0cm;mso-list:l0 level1 lfo2'>1TB raid-0 SSD<span lang=EN-US style='mso-fareast-language:EN-US'><o:p></o:p></span></li></ul><p class=MsoListParagraph><span lang=EN-US style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'>At this time I have 5 workers on each Squid box and the Squid version is 4.17, do you recommend more workers or upgrade the squid version to 5?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'>Best regards<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US style='mso-fareast-language:EN-US'><o:p> </o:p></span></p><div style='border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b>De:</b> NgTech LTD <ngtech1ltd@gmail.com> <br><b>Enviada:</b> 31 de janeiro de 2022 04:59<br><b>Para:</b> André Bolinhas <andre.bolinhas@articatech.com><br><b>Cc:</b> Squid Users <squid-users@lists.squid-cache.org><br><b>Assunto:</b> Re: [squid-users] Tune Squid proxy to handle 90k connection<o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>I would recommend you to start with 0 caching.<o:p></o:p></p><div><p class=MsoNormal>However, for choosing the right solution you must give more details.<o:p></o:p></p></div><div><p class=MsoNormal>For example there is an IBM reasearch that prooved that for about 90k connections you can use vm's ontop of such hardware with apache web server.<o:p></o:p></p></div><div><p class=MsoNormal>If you do have the set of the other requirements from the proxy else then the 90k requests it would be wise to mention them.<o:p></o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Do you need any specific acls?<o:p></o:p></p></div><div><p class=MsoNormal>Do you need authentication?<o:p></o:p></p></div><div><p class=MsoNormal>etc..<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>For a simple forward proxy I would suggest to use a simpler solution and if possible to not log anything as a starter point.<o:p></o:p></p></div><div><p class=MsoNormal>Any local disk i/o will slow down the machine.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>About the url categorization, I do not have experience with ufdbguard on such scale but it would be pretty heavy for any software to handle 90k rps...<o:p></o:p></p></div><div><p class=MsoNormal> It's doable to implement such setup but will require testing.<o:p></o:p></p></div><div><p class=MsoNormal>Will you use ssl bump in this setup?<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>If I will have all the technical and specs/requirements details I might be able to suggest better then now.<o:p></o:p></p></div><div><p class=MsoNormal>Take into account that each squid worker can handle about 3k rps tops(with my experience) and it's a juggling between two sides so... 3k is really 3k+3k+external_acls+dns...<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>I believe that in this case an example of configuration from the squid developers might be usefull.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Eliezer<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><div><p class=MsoNormal>בתאריך יום ג׳, 25 בינו׳ 2022, 18:42, מאת André Bolinhas <<a href="mailto:andre.bolinhas@articatech.com" target="_blank">andre.bolinhas@articatech.com</a>>:<o:p></o:p></p></div><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><p class=MsoNormal>Any tip about my last comment?<br><br>-----Mensagem original-----<br>De: André Bolinhas <<a href="mailto:andre.bolinhas@articatech.com" target="_blank">andre.bolinhas@articatech.com</a>> <br>Enviada: 21 de janeiro de 2022 16:36<br>Para: 'Amos Jeffries' <<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>>; <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>Assunto: RE: [squid-users] Tune Squid proxy to handle 90k connection<br><br>Thanks Amos<br>Yes, you are right, I will put a second box with HaProxy in front to balance the traffic.<br>About the sockets I can't double it because is a physical machine, do you think disable hyperthreading from bios will help, because we have other services inside the box that works in multi-threading, like unbound DNS?<br><br>Just more a few questions:<br>1º The server have 92Gb of Ram, do you think that is needed that adding swap will help squid performance?<br>2º Right now we are using squid 4.17 did you recommend upgrade or downgrade to any specific version?<br>3º We need categorization, for this we are using an external helper to achieve it, do you recommend use this approach with ACL or move to some kind of ufdbguard service?<br><br>Best regards<br>-----Mensagem original-----<br>De: squid-users <<a href="mailto:squid-users-bounces@lists.squid-cache.org" target="_blank">squid-users-bounces@lists.squid-cache.org</a>> Em Nome De Amos Jeffries<br>Enviada: 21 de janeiro de 2022 16:05<br>Para: <a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br>Assunto: Re: [squid-users] Tune Squid proxy to handle 90k connection<br><br>Sorry for the slow reply. Responses inline.<br><br><br>On 14/01/22 05:44, André Bolinhas wrote:<br>> Hi<br>> ~80k request per second 10k users<br><br><br>Test this, but you may need a second machine to achieve the full 80k RPS.<br><br>Latest Squid do not have any details analysis, but older Squid-3.5 were only achieving >15k RPS under lab conditions, more likely expect under 10k RPS/worker on real traffic.<br> That means (IME) this machine is quite likely to hit its capacity somewhere under 70k RPS.<br><br><br>> CPU info:<br>> CPU(s) 16<br>> Threads per code 2<br>> Cores per socket 8<br><br>With this CPU you will be able to run 7 workers. Setup affinity of one core per worker (the "kidN" processes of Squid). Leaving one core to the OS and additional processing needs - this matters at peak loading.<br><br>CPU "threads" tend not to be useful for Squid. Under high loads Squid workers will consume all available cycles on their core, not leaving any for the fancy "thread" core sharing features to pretend there is another core available. YMMV. One of the tests to try when tuning is to turn off the CPU hyperthreading and see what effect it has (if any).<br><br><br>> Sockets 1<br>> Inter Xeron Silver 4208 @ 2.10GHz<br>><br><br>Okay. Doable, but for best performance you want as high GHz rating on the cores as your budget can afford. The amount of "lag" Squid adds to traffic and RPS performance/parallelism directly correlates with how fast the CPU core can run cycles.<br><br><br><br>HTH<br>Amos<br>_______________________________________________<br>squid-users mailing list<br><a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br><a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br><br>_______________________________________________<br>squid-users mailing list<br><a href="mailto:squid-users@lists.squid-cache.org" target="_blank">squid-users@lists.squid-cache.org</a><br><a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><o:p></o:p></p></blockquote></div></div></div></body></html>