[squid-users] Tune Squid proxy to handle 90k connection

Andre Bolinhas andre.bolinhas at articatech.com
Thu May 16 19:57:21 UTC 2024 

Ok, so in this case you recommended both enable 
client_persistent_connections and server_persistent_connections to gain 
more performance in tems of CPU and Networking, correct?

Thanks in advance for your help.
Best regards

On 16/05/2024 20:53, Amos Jeffries wrote:
> On 17/05/24 02:23, Bolinhas André wrote:
>> Hi Alex
>> Has I explain, by default I set those directives to off to avoid high 
>> cpu consumption.
>
>
> Ah, actually with NTLM auth you are using *more* CPU per transaction 
> with those turned off.
>
> The thing is that auth takes a relatively long time to happen, so the 
> transactions are slower. Hiding the fact that they are, in total, 
> using more CPU and TCP networking resources.
>
>
>
>> My doubt is enabling persistent connection will help squid to process 
>> the request more efficiently and gain more performance or not.
>>
>
> With persistent connections disabled, every client request must:
>
>  1) wait for a TCP socket to become free for use
>  2) perform a full SYN / SYN+ACK exchange to open it for use
>  3) perform a NTLM challenge-response over HTTP
>  4) wait for a second TCP socket to become free for use
>  5) perform a full SYN / SYN+ACK exchange to open it for use
>  6) perform the actual HTTP NTLM authenticated transaction.
>
> Then
>  7) locate a server that can be used
>  8) wait for a TCP socket to become free for use
>  9) perform a full SYN / SYN+ACK exchange to open it for use
>  10) send the request on to the found server
>
>
> That is a LOT of time, CPU, and networking.
>
>
> With persistent connections enabled, only the first request looks like 
> above. The second, third etc look like below:
>
>
>  11) perform the HTTP NTLM authenticated transaction.
>
> Then
>  12) locate a server that can be used
>  13) send the request on to the found server
>
>
>  14) perform the HTTP NTLM authenticated transaction.
>
> Then
>  15) locate a server that can be used
>  16) send the request on to the found server
>
>
> That is MUCH better for performance.
>
>
> HTH
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240516/ba988c14/attachment.htm>

More information about the squid-users mailing list