[squid-users] Tune Squid proxy to handle 90k connection

Andre Bolinhas andre.bolinhas at articatech.com
Wed May 15 23:02:00 UTC 2024 

Hi

To handle this amount of traffic should I enable 
client_persistent_connections and server_persistent_connections or is it 
better to keep it disable?

Best regards

On 31/01/2022 14:52, Eliezer Croitoru wrote:
>
> Hey Andre,
>
> I *would not *recommend on 5.x yet since there are couple bugs which 
> are blocking it to be used as stable.
>
> I believe that your current setup is pretty good.
>
> The only thing which might affect the system is the authentication and 
> ACLs.
>
> As long these ACL rules are static it should not affect too much on 
> the operation, however,
> When adding external authentication and external helpers for other 
> things it’s possible to see some slowdown in specific scenarios.
>
> As long as the credentials and the ACLs will be fast enough it is 
> expected to work fast but only testing will prove how the real world usage
> will affect the service.
>
> I believe that 5 workers is enough and also take into account that the 
> external helpers would also require CPU so don’t rush into
> changing the workers amount just yet.
>
> All The Bests,
>
> Eliezer
>
> ----
>
> Eliezer Croitoru
>
> NgTech, Tech Support
>
> Mobile: +972-5-28704261
>
> Email: ngtech1ltd at gmail.com
>
> *From:* André Bolinhas <andre.bolinhas at articatech.com>
> *Sent:* Monday, January 31, 2022 15:47
> *To:* 'NgTech LTD' <ngtech1ltd at gmail.com>
> *Cc:* 'Squid Users' <squid-users at lists.squid-cache.org>
> *Subject:* RE: [squid-users] Tune Squid proxy to handle 90k connection
>
> Hi
>
> I will not use cache in this project.
>
> Yes, I will need
>
>   * ACL (based on Domain, AD user, Headers, User Agent…)
>   * Authentication
>   * SSL bump just for one domain.
>   * DNS resolution (I will use Unbound DNS service for this)
>
> Also, I will divide the traffic between two Squid box instead just one.
>
> So each box will handle around 50k request.
>
> Each box have:
>
>   * CPU(s) 16
>   * Threads per code 2
>   * Cores per socket 8
>   * Sockets 1
>   * Inter Xeron Silver 4208  @ 2.10GHz
>   * 96GB Ram
>   * 1TB raid-0 SSD
>
> At this time I have 5 workers on each Squid box and the Squid version 
> is 4.17, do you recommend more workers or upgrade the squid version to 5?
>
> Best regards
>
> *De:*NgTech LTD <ngtech1ltd at gmail.com>
> *Enviada:* 31 de janeiro de 2022 04:59
> *Para:* André Bolinhas <andre.bolinhas at articatech.com>
> *Cc:* Squid Users <squid-users at lists.squid-cache.org>
> *Assunto:* Re: [squid-users] Tune Squid proxy to handle 90k connection
>
> I would recommend you to start with 0 caching.
>
> However, for choosing the right solution you must give more details.
>
> For example there is an IBM reasearch that prooved that for about 90k 
> connections you can use vm's ontop of such hardware with apache web 
> server.
>
> If you do have the set of the other requirements from the proxy else 
> then the 90k requests it would be wise to mention them.
>
> Do you need any specific acls?
>
> Do you need authentication?
>
> etc..
>
> For a simple forward proxy I would suggest to use a simpler solution 
> and if possible to not log anything as a starter point.
>
> Any local disk i/o will slow down the machine.
>
> About the url categorization, I do not have experience with ufdbguard 
> on such scale but it would be pretty heavy for any software to handle 
> 90k rps...
>
>  It's doable to implement such setup but will require testing.
>
> Will you use ssl bump in this setup?
>
> If I will have all the technical and specs/requirements details I 
> might be able to suggest better then now.
>
> Take into account that each squid worker can handle about 3k rps 
> tops(with my experience) and it's a juggling between two sides so... 
> 3k is really 3k+3k+external_acls+dns...
>
> I believe that in this case an example of configuration from the squid 
> developers might be usefull.
>
> Eliezer
>
> בתאריך יום ג׳, 25 בינו׳ 2022, 18:42, מאתAndré Bolinhas 
> ‏<andre.bolinhas at articatech.com>:
>
>     Any tip about my last comment?
>
>     -----Mensagem original-----
>     De: André Bolinhas <andre.bolinhas at articatech.com>
>     Enviada: 21 de janeiro de 2022 16:36
>     Para: 'Amos Jeffries' <squid3 at treenet.co.nz>;
>     squid-users at lists.squid-cache.org
>     Assunto: RE: [squid-users] Tune Squid proxy to handle 90k connection
>
>     Thanks Amos
>     Yes, you are right, I will put a second box with HaProxy in front
>     to balance the traffic.
>     About the sockets I can't double it because is a physical machine,
>     do you think disable hyperthreading from bios will help, because
>     we have other services inside the box that works in
>     multi-threading, like unbound DNS?
>
>     Just more a few questions:
>     1º The server have 92Gb of Ram, do you think that is needed that
>     adding swap will help squid performance?
>     2º Right now we are using squid 4.17 did you recommend upgrade or
>     downgrade to any specific version?
>     3º We need categorization, for this we are using an external
>     helper to achieve it, do you recommend use this approach with ACL
>     or move to some kind of ufdbguard service?
>
>     Best regards
>     -----Mensagem original-----
>     De: squid-users <squid-users-bounces at lists.squid-cache.org> Em
>     Nome De Amos Jeffries
>     Enviada: 21 de janeiro de 2022 16:05
>     Para: squid-users at lists.squid-cache.org
>     Assunto: Re: [squid-users] Tune Squid proxy to handle 90k connection
>
>     Sorry for the slow reply. Responses inline.
>
>
>     On 14/01/22 05:44, André Bolinhas wrote:
>     > Hi
>     > ~80k request per second  10k users
>
>
>     Test this, but you may need a second machine to achieve the full
>     80k RPS.
>
>     Latest Squid do not have any details analysis, but older Squid-3.5
>     were only achieving >15k RPS under lab conditions, more likely
>     expect under 10k RPS/worker on real traffic.
>       That means (IME) this machine is quite likely to hit its
>     capacity somewhere under 70k RPS.
>
>
>     > CPU info:
>     > CPU(s) 16
>     > Threads per code 2
>     > Cores per socket 8
>
>     With this CPU you will be able to run 7 workers. Setup affinity of
>     one core per worker (the "kidN" processes of Squid). Leaving one
>     core to the OS and additional processing needs - this matters at
>     peak loading.
>
>     CPU "threads" tend not to be useful for Squid. Under high loads
>     Squid workers will consume all available cycles on their core, not
>     leaving any for the fancy "thread" core sharing features to
>     pretend there is another core available. YMMV. One of the tests to
>     try when tuning is to turn off the CPU hyperthreading and see what
>     effect it has (if any).
>
>
>     > Sockets 1
>     > Inter Xeron Silver 4208  @ 2.10GHz
>     >
>
>     Okay. Doable, but for best performance you want as high GHz rating
>     on the cores as your budget can afford. The amount of "lag" Squid
>     adds to traffic and RPS performance/parallelism directly
>     correlates with how fast the CPU core can run cycles.
>
>
>
>     HTH
>     Amos
>     _______________________________________________
>     squid-users mailing list
>     squid-users at lists.squid-cache.org
>     http://lists.squid-cache.org/listinfo/squid-users
>
>     _______________________________________________
>     squid-users mailing list
>     squid-users at lists.squid-cache.org
>     http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240516/022391cd/attachment-0001.htm>

More information about the squid-users mailing list