[squid-users] Tune Squid proxy to handle 90k connection

Bolinhas André andre.bolinhas at articatech.com
Thu May 16 14:23:11 UTC 2024 

Hi Alex 
Has I explain, by default I set those directives to off to avoid high cpu consumption. 
My doubt is enabling persistent connection will help squid to process the request more efficiently and gain more performance or not. 

Best regards 

Sent from Nine

--------------------------------
De: Alex Rousskov <rousskov at measurement-factory.com>
Enviado: quinta-feira, 16 de maio de 2024 14:56
Para: squid-users at lists.squid-cache.org
Assunto Re: [squid-users] Tune Squid proxy to handle 90k connection



On 2024-05-15 19:02, Andre Bolinhas wrote:

> To handle this amount of traffic should I enable 
> client_persistent_connections and server_persistent_connections or is it 
> better to keep it disable?

As Jonathan has already mentioned, the question is misleading because 
these directives default to "on" -- persistent connections are enabled 
by default. Modern HTTP specs enable them by default as well.

Since you do not know whether persistent connections are harmful in your 
particular deployment environments, remove those two directives from 
your Squid configuration files (effectively enabling persistent 
connection use). There are always exceptions, but in the vast majority 
of cases, not specifying those directives is the best first step.

If you want to research whether persistent connections are harmful in 
your environments, you will need to define performance metrics and 
experiment with all four different combinations across the two boolean 
directives (at least -- there are more directives that affect connection 
persistency). Doing this kind of research right is difficult!


HTH,

Alex.


> Best regards
> 
> On 31/01/2022 14:52, Eliezer Croitoru wrote:
>>
>> Hey Andre,
>>
>> I *would not *recommend on 5.x yet since there are couple bugs which 
>> are blocking it to be used as stable.
>>
>> I believe that your current setup is pretty good.
>>
>> The only thing which might affect the system is the authentication and 
>> ACLs.
>>
>> As long these ACL rules are static it should not affect too much on 
>> the operation, however,
>> When adding external authentication and external helpers for other 
>> things it’s possible to see some slowdown in specific scenarios.
>>
>> As long as the credentials and the ACLs will be fast enough it is 
>> expected to work fast but only testing will prove how the real world usage
>> will affect the service.
>>
>> I believe that 5 workers is enough and also take into account that the 
>> external helpers would also require CPU so don’t rush into
>> changing the workers amount just yet.
>>
>> All The Bests,
>>
>> Eliezer
>>
>> ----
>>
>> Eliezer Croitoru
>>
>> NgTech, Tech Support
>>
>> Mobile: +972-5-28704261
>>
>> Email: ngtech1ltd at gmail.com
>>
>> *From:* André Bolinhas <andre.bolinhas at articatech.com>
>> *Sent:* Monday, January 31, 2022 15:47
>> *To:* 'NgTech LTD' <ngtech1ltd at gmail.com>
>> *Cc:* 'Squid Users' <squid-users at lists.squid-cache.org>
>> *Subject:* RE: [squid-users] Tune Squid proxy to handle 90k connection
>>
>> Hi
>>
>> I will not use cache in this project.
>>
>> Yes, I will need
>>
>>   * ACL (based on Domain, AD user, Headers, User Agent…)
>>   * Authentication
>>   * SSL bump just for one domain.
>>   * DNS resolution (I will use Unbound DNS service for this)
>>
>> Also, I will divide the traffic between two Squid box instead just one.
>>
>> So each box will handle around 50k request.
>>
>> Each box have:
>>
>>   * CPU(s) 16
>>   * Threads per code 2
>>   * Cores per socket 8
>>   * Sockets 1
>>   * Inter Xeron Silver 4208  @ 2.10GHz
>>   * 96GB Ram
>>   * 1TB raid-0 SSD
>>
>> At this time I have 5 workers on each Squid box and the Squid version 
>> is 4.17, do you recommend more workers or upgrade the squid version to 5?
>>
>> Best regards
>>
>> *De:*NgTech LTD <ngtech1ltd at gmail.com>
>> *Enviada:* 31 de janeiro de 2022 04:59
>> *Para:* André Bolinhas <andre.bolinhas at articatech.com>
>> *Cc:* Squid Users <squid-users at lists.squid-cache.org>
>> *Assunto:* Re: [squid-users] Tune Squid proxy to handle 90k connection
>>
>> I would recommend you to start with 0 caching.
>>
>> However, for choosing the right solution you must give more details.
>>
>> For example there is an IBM reasearch that prooved that for about 90k 
>> connections you can use vm's ontop of such hardware with apache web 
>> server.
>>
>> If you do have the set of the other requirements from the proxy else 
>> then the 90k requests it would be wise to mention them.
>>
>> Do you need any specific acls?
>>
>> Do you need authentication?
>>
>> etc..
>>
>> For a simple forward proxy I would suggest to use a simpler solution 
>> and if possible to not log anything as a starter point.
>>
>> Any local disk i/o will slow down the machine.
>>
>> About the url categorization, I do not have experience with ufdbguard 
>> on such scale but it would be pretty heavy for any software to handle 
>> 90k rps...
>>
>>  It's doable to implement such setup but will require testing.
>>
>> Will you use ssl bump in this setup?
>>
>> If I will have all the technical and specs/requirements details I 
>> might be able to suggest better then now.
>>
>> Take into account that each squid worker can handle about 3k rps 
>> tops(with my experience) and it's a juggling between two sides so... 
>> 3k is really 3k+3k+external_acls+dns...
>>
>> I believe that in this case an example of configuration from the squid 
>> developers might be usefull.
>>
>> Eliezer
>>
>> בתאריך יום ג׳, 25 בינו׳ 2022, 18:42, מאתAndré Bolinhas 
>> ‏<andre.bolinhas at articatech.com>:
>>
>>     Any tip about my last comment?
>>
>>     -----Mensagem original-----
>>     De: André Bolinhas <andre.bolinhas at articatech.com>
>>     Enviada: 21 de janeiro de 2022 16:36
>>     Para: 'Amos Jeffries' <squid3 at treenet.co.nz>;
>>     squid-users at lists.squid-cache.org
>>     Assunto: RE: [squid-users] Tune Squid proxy to handle 90k connection
>>
>>     Thanks Amos
>>     Yes, you are right, I will put a second box with HaProxy in front
>>     to balance the traffic.
>>     About the sockets I can't double it because is a physical machine,
>>     do you think disable hyperthreading from bios will help, because
>>     we have other services inside the box that works in
>>     multi-threading, like unbound DNS?
>>
>>     Just more a few questions:
>>     1º The server have 92Gb of Ram, do you think that is needed that
>>     adding swap will help squid performance?
>>     2º Right now we are using squid 4.17 did you recommend upgrade or
>>     downgrade to any specific version?
>>     3º We need categorization, for this we are using an external
>>     helper to achieve it, do you recommend use this approach with ACL
>>     or move to some kind of ufdbguard service?
>>
>>     Best regards
>>     -----Mensagem original-----
>>     De: squid-users <squid-users-bounces at lists.squid-cache.org> Em
>>     Nome De Amos Jeffries
>>     Enviada: 21 de janeiro de 2022 16:05
>>     Para: squid-users at lists.squid-cache.org
>>     Assunto: Re: [squid-users] Tune Squid proxy to handle 90k connection
>>
>>     Sorry for the slow reply. Responses inline.
>>
>>
>>     On 14/01/22 05:44, André Bolinhas wrote:
>>     > Hi
>>     > ~80k request per second  10k users
>>
>>
>>     Test this, but you may need a second machine to achieve the full
>>     80k RPS.
>>
>>     Latest Squid do not have any details analysis, but older Squid-3.5
>>     were only achieving >15k RPS under lab conditions, more likely
>>     expect under 10k RPS/worker on real traffic.
>>       That means (IME) this machine is quite likely to hit its
>>     capacity somewhere under 70k RPS.
>>
>>
>>     > CPU info:
>>     > CPU(s) 16
>>     > Threads per code 2
>>     > Cores per socket 8
>>
>>     With this CPU you will be able to run 7 workers. Setup affinity of
>>     one core per worker (the "kidN" processes of Squid). Leaving one
>>     core to the OS and additional processing needs - this matters at
>>     peak loading.
>>
>>     CPU "threads" tend not to be useful for Squid. Under high loads
>>     Squid workers will consume all available cycles on their core, not
>>     leaving any for the fancy "thread" core sharing features to
>>     pretend there is another core available. YMMV. One of the tests to
>>     try when tuning is to turn off the CPU hyperthreading and see what
>>     effect it has (if any).
>>
>>
>>     > Sockets 1
>>     > Inter Xeron Silver 4208  @ 2.10GHz
>>     >
>>
>>     Okay. Doable, but for best performance you want as high GHz rating
>>     on the cores as your budget can afford. The amount of "lag" Squid
>>     adds to traffic and RPS performance/parallelism directly
>>     correlates with how fast the CPU core can run cycles.
>>
>>
>>
>>     HTH
>>     Amos
>>     _______________________________________________
>>     squid-users mailing list
>>     squid-users at lists.squid-cache.org
>>     http://lists.squid-cache.org/listinfo/squid-users
>>
>>     _______________________________________________
>>     squid-users mailing list
>>     squid-users at lists.squid-cache.org
>>     http://lists.squid-cache.org/listinfo/squid-users
>>
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240516/1ad65980/attachment-0001.htm>

More information about the squid-users mailing list