[squid-users] access from same ID and different IP addresses.
asakura at ioc.dnp.co.jp
asakura at ioc.dnp.co.jp
Wed Mar 16 04:06:17 UTC 2016
Hello,
Recently, in our environment, CPU load on the squid proxy server
is happening trouble to become a 100%.
example----
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
29767 squid 20 0 1430m 1.3g 5332 R 99.1 17.4 6836:56 squid
16856 squid 20 0 29764 3280 1620 S 2.0 0.0 68:46.34 squid_kerb_auth
16860 squid 20 0 29760 3272 1616 S 1.7 0.0 43:53.67 squid_kerb_auth
16855 squid 20 0 22636 1244 1000 S 0.3 0.0 2:57.66 negotiate_wrapp
21437 asakura 20 0 15432 1632 932 R 0.3 0.0 0:01.02 top
26167 root 20 0 19088 2248 1060 S 0.3 0.0 1016:14 syslog-ng
---
As a result of investigation, We suspect that CPU load become a 100%
when user attempts to log in from more than different ip addresses.
This time, squid has been accessed from 20 or more units of
the PC with the same user ID.
When we disable user authentication from target segment, CPU load be low.
We want to know whether CPU load goes up when squid is accessed from
a large number of different IP addresses with the same user ID.
Our environment is below,
- squid-3.5.1 with squid_kerb_auth(sorry old version...) x5 server
- using BIG-IP LTM load balancer
- enable "follow_x_fowarded_for" option
- User ID number is about 5300
- IP address number is about 6300
- Most user authentication is ActiveDirectory(Kerberos), NTLM is only a little
- Normaly, CPU load is about 20%
Regards,
Kazuhiro
More information about the squid-users
mailing list