[squid-users] Tune Squid proxy to handle 90k connection

Amos Jeffries squid3 at treenet.co.nz
Fri Jan 21 18:09:07 UTC 2022 

On 22/01/22 05:35, André Bolinhas wrote:
> Thanks Amos
> Yes, you are right, I will put a second box with HaProxy in front to balance the traffic.
> About the sockets I can't double it because is a physical machine, do you think disable hyperthreading from bios will help, because we have other services inside the box that works in multi-threading, like unbound DNS?

CPU hyperthreading and software multi-threading are different things. 
Software can still perform threading without CPU hyperthreading turned on.

Like I said you will have to test its effect, and other services 
reaction will be one of the things to look at carefully there.


Disclaimer: it has been ~5 years since I last had hands-on with any high 
performance Squid system. Others here are likely to have better 
experience when you come to the actual fine tuning.


> 
> Just more a few questions:
> 1º The server have 92Gb of Ram, do you think that is needed that adding swap will help squid performance?

That should be fine. But YMMV.

Swap is an absolute killer of performance for Squid. Avoid it as much as 
you can.


> 2º Right now we are using squid 4.17 did you recommend upgrade or downgrade to any specific version?

I have not seen any good benchmarking since v3.5 so don't have any 
specific version advice in regards to your install.

I would usually advise the latest supported for new setups. Purely to 
ensure maximum length of support time before upgrade. However, there are 
some issues in v5.3 that make me reluctant to promote it for now.


> 3º We need categorization, for this we are using an external helper to achieve it, do you recommend use this approach with ACL or move to some kind of ufdbguard service?
> 

That depends on what and why your categories are.

External ACL helper is usually best for making access control decisions 
and/or marking traffic on arbitrary (but non-payload) properties.

ufdbguard operates primarily on the URI-rewrite/redirect API so best for 
decisions focused around URI modification.

Both are external processes, taking up cycles for their own use and so 
the performance impact should be similar.



Amos

More information about the squid-users mailing list