[squid-users] I would like to know performance sizing aspects.

vacheslav m_zouhairy at skno.by
Thu Aug 6 05:31:59 UTC 2020


having 3GB memory with a ufdb improves performace

6.08.20 08:28, m k пишет:
> Eliezer,
>
> Squid's default setting is 1 core CPU, 16GB mem.
> How many URLs(Blacklist) will degrade Squid's performance?
>
> Also, SSL-Bump.
>
> Thank you,
> kitamura
>
>
> 2020年8月6日(木) 13:38 Eliezer Croitor <ngtech1ltd at gmail.com 
> <mailto:ngtech1ltd at gmail.com>>:
>
>     Kitamura,
>
>     About the tens of thousands of URLs, Have you considered using a
>     Blacklisting utility, it might lower the memory footprint.
>
>     Eliezer
>
>     ----
>
>     Eliezer Croitoru
>
>     Tech Support
>
>     Mobile: +972-5-28704261
>
>     Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>
>
>     *From:* squid-users <squid-users-bounces at lists.squid-cache.org
>     <mailto:squid-users-bounces at lists.squid-cache.org>> *On Behalf Of *m k
>     *Sent:* Thursday, August 6, 2020 7:25 AM
>     *To:* Amos Jeffries <squid3 at treenet.co.nz
>     <mailto:squid3 at treenet.co.nz>>
>     *Cc:* squid-users at lists.squid-cache.org
>     <mailto:squid-users at lists.squid-cache.org>
>     *Subject:* Re: [squid-users] I would like to know performance
>     sizing aspects.
>
>     Amos,
>
>     Thank you for your reply.
>
>     It was very helpful.
>
>     > That number was gained before HTTPS became so popular. So YMMV
>     depending
>     > on how many CONNECT tunnels you have to deal with. That HTTPS
>     traffic can possibly be decrypted
>
>     > and cached but performance trade-offs are quite large.
>
>     Squid uses SSL-Bump.
>
>     I'm very worried about the internet slowing down due to https
>     decording. and I'm also worried about the internet slowing down
>     due to using Blacklist.
>
>     I load tens of thousands of URL(black list file) every time I set
>     up ACL.
>
>     How many requests does SSL-Bump in one second?
>
>     Thank you,
>
>     kitamura
>
>     2020年8月5日(水) 10:32 Amos Jeffries <squid3 at treenet.co.nz
>     <mailto:squid3 at treenet.co.nz>>:
>
>         On 5/08/20 11:28 am, m k wrote:
>         >> We are considering to use Squid for our proxy, and would
>         like to know
>         >> performance sizing aspects.
>         >>
>         >> Current web access request averages per 1 hour are as
>         followings
>         >> Clients:30,000、
>         >> Page Views:141,741/hour
>         >> *Requests:4,893,106
>         >>
>
>         Okay. Requests and client count are the important numbers there.
>
>         The ~1359 req/sec is well within a default Squid capabilities,
>         which can
>         extend up to around 10k req/sec before needing careful tuning.
>
>         That number was gained before HTTPS became so popular. So YMMV
>         depending
>         on how many CONNECT tunnels you have to deal with. That HTTPS
>         traffic
>         can possibly be decrypted and cached but performance
>         trade-offs are
>         quite large.
>
>
>         >> We will install Squid on CentOS 8.1.  Please kindly share your
>         >> thoughts / advices
>
>         Whatever OS you are most comfortable with administering. Be
>         aware that
>         CentOS official Squid packages are very slow to update -
>         Apparently they
>         still have only v4.4 (8 months old) despite a 8.2 point
>         release only a
>         few weeks ago.
>
>         So you may need to be building your own from sources and/or
>         using other
>         semi-official packagers such as the ones from Eliezer at
>         NGTech when he
>         gets around to CentOS 8 packages.
>           <https://wiki.squid-cache.org/KnowledgeBase/CentOS>
>
>
>         FYI; If you find yourself having to use SSL-Bump, then we highly
>         recommended to follow the latest Squid releases with fairly
>         frequent
>         updates (at minimum a few times per year - worst case
>         monthly). If you
>         like CentOS you may find Fedora more suitable to track the
>         security
>         environment volatility and update churn.
>
>
>         >> Is there sizing methodology and tools?
>
>         There are a couple of methodologies, depending on what aspect
>         you are
>         tuning towards - and one for identifying the limitation points
>         to begin
>         a tuning process tuning.
>
>         The info you gave above is the beginning. Checking to see if your
>         traffic rate is reasonably within capability of a single Squid
>         instance.
>
>         Yours is reasonable, so next step is to get Squid running and
>         see where
>         the trouble points (if any) are.
>
>          For more see <https://wiki.squid-cache.org/SquidFaq/>
>
>
>
>         >> How much resources are generally recommended for our
>         environment?
>         >>  CPU:  Memory:  Disk space : Other factors to be considered
>         if any:
>         >> Do you have a generally recommended performance testing
>         tools? Any
>         >> suggested guidelines?
>         >>
>
>
>          CPU - squid is still mostly single-process. So prioritize
>         faster GHz
>         rates over core number. Multi-core can help of course, but not
>         as much
>         as cycle speeds do. Hyper-threading is useless for Squid.
>
>          Memory - Squid will use as much as you can give it. Let your
>         budget
>         govern this.
>
>          Disk - Squid will happily run with no disk - or lots of large
>         ones.
>
>            - Avoid RAID. Squid *will* shorten disk lifetimes with its
>         unusually
>         high write I/O pattern. How much shorter varies by disk type
>         (HDD vs
>         SSD). So you may find it better to plan budget towards
>         maintenance costs
>         of replacing disks in future rather than buying multiple
>         up-front for
>         RAID use.
>          see <https://wiki.squid-cache.org/SquidFaq/RAID> for details.
>
>             - Up to a few hundred GB per cache_dir can be good for
>         large caches.
>         Going up to TB is not (yet) worth the disk cost as Squid has a
>         per-cache
>         limit on stored objects.
>
>            - Disk caches can be re-tuned, added, moved, removed,
>         and/or extended
>         at any time and will depend on the profile of object sizes
>         your proxy
>         handles - which itself likely changes over time. So general
>         let your
>         budget decide the initial disks and work from there.
>
>
>
>         Load Testing - the tools us dev use to review performance are
>         listed at
>         the bottom of the profiling FAQ page. These are best for
>         testing the
>         theoretical limits of a particular installation - real traffic
>         tends to
>         be somewhat lower. So I personally prefer taking stats from
>         the running
>         proxy on real traffic and seeing what I can observe from those.
>
>
>         HTH
>         Amos
>         _______________________________________________
>         squid-users mailing list
>         squid-users at lists.squid-cache.org
>         <mailto:squid-users at lists.squid-cache.org>
>         http://lists.squid-cache.org/listinfo/squid-users
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200806/ab9962aa/attachment-0001.htm>


More information about the squid-users mailing list