Hello all,

Im having a problem with my squid setup, I have a server HP DL 380 3.06 Gig processor with 1 Gig memory and 3x64.6 scsi ultra 320 configure as raid 5. Im running named, Iptables and squid 2.5 stable on a Fedora Core 1.

My problem is that when there are few subscribers say 5 to 10 the squid seem to run smooth and fast but when i reach around 40 subscibers then it seems its very slow. below are the configuration i change in squid the rest are default:

http_port 3128
icp_port 3130
cache_mem 450 MB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 35000 256 512
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
debug_options ALL,1
ftp_user Squid
acl ipaddr src 212.119.85.0/255.255.255.0
http_access allow ipaddr
cache_peer proxy.cyberia.net.sa parent 8080 3130 no-query
cache_peer 212.119.85.85 sibling 3128 3130
never_direct allow ipaddr
always_direct deny ipaddr


my second question, is download speed from squid to a subscriber is affected by the type of the program it access, example, php, jsp, html etc.

thank you very much and im hoping that you can help me on fine tuning my squid server.

wennie

What does ps -A or top tell you about the resource usage on the machine? Is there a huge rise in usage when the users connect?

There is no other services that uses my squid, the machine is 1 GIG in memory and i alot 450 for the cache.

I actually have an idea so solve it but i just want to double check it with you if my idea is correct.

My proxy/cache server is situated with all the workstation meaning they share the bandwith, so if the workstation already consume the bandwidth therefore my cache cannot connect to the internet, thats probably causes its slowness. My idea is to put 2 NIC card eth0 is pointing to the internet and eth1 is pointing to the internal network, iptables is also activated and the bandwidth of the proxy/cache server is dedidated, while the workstation has there own bandwitdh so that even the workstation consume there bandwidth my proxy/cache server can still connect to the internet.

Is this solution is possible? or maybe you have other solution.

It definitely makes no sense to have the proxy and the clients both have direct access to the Internet. That ruins the cool barrier the proxy server serves as between the bad guys and your client machines. That is likely why your connection from the proxy to the web is so slow, the bandwidth is being eaten by the clients. Make the clients use the proxy to get out and you should see a big difference in performance, and a vast improvement in security as well.

Your idea is more than possible, it is the ideal set-up for a proxy server. :-)

Thank you very much. I'll implement it...

Good luck and post if you get stuck. Keep in mind 2 things.

The first is that it takes a little time for a proxy to build up a good cache, depending on the amount of traffic and the caching rules in the conf file.

The second is that browsing the web from the squid machine while clients are pounding the crap out of it will most likely be affected by their use. I tried to run YoU on our proxy last week without cutting off our 147 users and it timed out downloading the patches, all on a T-1 line. I normally disable the proxy while using the Internet for updating/downloading. It really depends on the total number and surfing habits of your users..

I already migrated to the new network setup for my server which runs firewall proxy and cache (eth0 is directly connected to the router going to the internet
and eth1 is connected to the switch going to the client) I have some question,

1 If my cache server is running for 1 week and my connection to the internet fails, can it offer at least the cache web pages to thew clients. (im testing it i cache a page let say yahoo.com and nba.com then i swich off the router, im expecting that when i browse the net looking for nba or yahoo my cache server will provide me with the cache page, but i cant get the cache page it seems that the cache is not working. how can i check if proxy and cache is working well except for using the netstat and tail command?

2. Can you please give me en example of rate limiting in squid, say for example i want to rate limit per client say for example client 1 has 10 kbits/sec commited internet rate and from that 10 kbs 7 kbps is for http, ftp,tftp and the remaining 3kbps is for chat, irc messenger. is there a way i can do it in the squid server with out buying an an expensive bandwidth manager machine?

3. can you give me an example of perfect caching rule?

thank you very much for your support

wennie

Pcghost,

I have a follow up question, my company is connected to an ISP and all our IP's are passing thru our ISP's proxy server (the only information i know about there proxy is the proxy name ip address and port) now I set up our own proxy/cache server and configure it with a parent and sibling cache: (cache_peer proxy.cyberia.net.sa parent 8080 3130 no-query; cache_peer 212.119.85.1 sibling 3128 )3130)ISP cache as parent and my cache as sibling.

my questions are:

1. Am i doing the right setup?
2. di i need to inform my isp to to define me as a sibling cache?
3. what other important parameter do i need to configure my squid to work smoothly with parent and sibling setup?

thank you very much,

wennie

All Squid should need is the address and port number of the parent proxy. I would not think you would need to inform you ISP that you are using a child proxy because the end result is the same as if you were connecting with a browser. Instead of browser-requests-page it is simply browser-requests-from-squis-->squid-requests-from-ISPproxy--->Squid-sends-result-to-browser if that makes any sense.

Your setup should serve you well from the sound of your needs.

Perfect caching rules really depend on a number of factors, including the number of clients, their surfing habits, and the type of Internet connection you have.