[squid-users] Cache Peers and traffic handling

Alex Rousskov rousskov at measurement-factory.com
Mon Apr 12 16:03:48 UTC 2021


On 4/10/21 5:03 PM, koshik moshik wrote:

> I am trying to run a Squid proxy Server witth about 5000 cache peers. I
> am running a dedicated server with 6 cores and 32GB RAM on Ubuntu 16. 
> 
> 
> Could you tell me what else is needed / not needed in my squid.config? I
> am encountering a high CPU usage and would like to create a very
> efficient proxy server. 

IIRC, Squid code is not optimized for handling a large number of
cache_peers: Several cache peer selection steps involve linear searches.

I do not know what exactly causes high CPU usage in your environment but
it could be those linear searches. You can test that (indirectly) by
decreasing the number of cache_peers from 5000 to, say, 5. That is a
weak test, of course, because other cache_peer-related overheads could
be to blame, but I would start there.


HTH,

Alex.



> Down below you can find my squid.config(I deleted the other cache_peer
> lines):
> 
> -----------
> 
> http_port 3128
> 
> dns_v4_first on
> 
> acl SSL_ports port 1-65535
> 
> acl Safe_ports port 1-65535
> 
> acl CONNECT method CONNECT
> 
> http_access deny !Safe_ports
> 
> http_access deny CONNECT !SSL_ports
> 
> auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/.htpasswd
> 
> auth_param basic children 5
> 
> auth_param basic realm Squid Basic Authentication
> 
> auth_param basic credentialsttl 5 hours
> 
> acl password proxy_auth REQUIRED
> 
> http_access allow password
> 
> #http_access deny all
> 
> cache allow all
> 
> never_direct allow all
> 
> ident_access deny all
> 
> 
> 
> 
> 
> cache_mem 1 GB
> 
> maximum_object_size_in_memory 16 MB
> 
> 
> 
> 
> 
> # Leave coredumps in the first cache dir
> 
> coredump_dir /var/spool/squid
> 
> 
> #Rules to anonymize http headers
> 
> forwarded_for off
> 
> request_header_access Allow allow all
> 
> request_header_access Authorization allow all
> 
> request_header_access WWW-Authenticate allow all
> 
> request_header_access Proxy-Authorization allow all
> 
> request_header_access Proxy-Authenticate allow all
> 
> request_header_access Cache-Control allow all
> 
> request_header_access Content-Encoding allow all
> 
> request_header_access Content-Length allow all
> 
> request_header_access Content-Type allow all
> 
> request_header_access Date allow all
> 
> request_header_access Expires allow all
> 
> request_header_access Host allow all
> 
> request_header_access If-Modified-Since allow all
> 
> request_header_access Last-Modified allow all
> 
> request_header_access Location allow all
> 
> request_header_access Pragma allow all
> 
> request_header_access Accept allow all
> 
> request_header_access Accept-Charset allow all
> 
> request_header_access Accept-Encoding allow all
> 
> request_header_access Accept-Language allow all
> 
> request_header_access Content-Language allow all
> 
> request_header_access Mime-Version allow all
> 
> request_header_access Retry-After allow all
> 
> request_header_access Title allow all
> 
> request_header_access Connection allow all
> 
> request_header_access Proxy-Connection allow all
> 
> request_header_access User-Agent allow all
> 
> request_header_access Cookie allow all
> 
> request_header_access All deny all
> 
> 
> 
> 
> 
> #
> 
> # Add any of your own refresh_pattern entries above these.
> 
> #
> 
> #refresh_pattern ^ftp:           1440    20%     10080
> 
> #refresh_pattern ^gopher:        1440    0%      1440
> 
> #refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
> 
> #refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
> 
> #refresh_pattern .               0       20%     4320
> 
> 
> ################################
> 
> acl me proxy_auth ye-1
> 
> cache_peer my.proxy.com <http://my.proxy.com/> parent 31280
> login=user1:password1 no-query name=a1
> 
> cache_peer_access a1 allow me
> 
> cache_peer_access a1 deny all
> 
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> 



More information about the squid-users mailing list