[squid-users] Squid stop sending icp after a random time

[Amos Jeffries]

On 18/07/22 18:38, Théo BARRAGUE wrote:> Hello,
> 
> After a random time ( seconds, minutes or even hours ) squid stop 
> sending ICP to neighbours.
Given that all traffic from squid-1 is forced to go through squid-2 why 
are you bothering with ICP? that is only useful when there are 2+ peers 
to select from.



> This is my configuration for squid-1 :
> 
> cache_peer squid-2 parent 3128 3130 background-ping
> 
> dns_nameservers 1.1.1.1
> > netdb_filename none
> netdb_ping_period 1 seconds> query_icmp on
> never_direct allow all
> 
I highly recommend that you at least retain the default security 
settings for http_access. They are designed to protect against some 
nasty situations like proxy hijacking and DoS attacks.


> http_access allow all
> http_port 3128
> icp_access allow all
> icp_port 3130
> 
> ​This is my configuration for squid-2 :
> 
> cache_peer_access squid-1 allow
> 


There is no cache_peer definition in this config. Either this is not 
actually your config file contents, or Squid is using a different config 
file than you think.


> dns_nameservers 1.1.1.1
> 
> netdb_filename none
> netdb_ping_period 1 seconds
> 
> cache_dir null /tmp


The "null" storage type has not been part of Squid for most of a decade.
Erase the cache_dir line. Add "cache_mem 0 KB" instead.


> cache deny all
> 
> shutdown_lifetime 15 seconds
> 
> http_access allow all
> http_port 3128
> icp_access allow all
> icp_port 3130
> 
> 
> I'm using Squid 4.6 from Debian Bullseye on a amd64 architecture
> 

Bullseye currently ships with Squid-4.13. Please update to that, if only 
for the security patches.

I doubt v5 will work differently for your issue, but YMMV.


HTH
Amos