Gentoo, with Squid for proxy, slow internet.

D0zer · n00b Joined: 28 Jul 2013 Posts: 46 Location: South Africa

Hi All

I have a client which is experiencing slow internet connectivity. They are running squid for proxying, the sites that time out are https sites. Below is the output of the "squidclient mgr:info" Command. Does anybody have any recommendation of things to change in Squid, or does it look okay.

Thanks in advance

HTTP/1.1 200 OK
Server: squid/3.3.8
Mime-Version: 1.0
Date: Mon, 28 Jul 2014 19:20:12 GMT
Content-Type: text/plain
Expires: Mon, 28 Jul 2014 19:20:12 GMT
Last-Modified: Mon, 28 Jul 2014 19:20:12 GMT
X-Cache: MISS from mail
X-Cache-Lookup: MISS from mail:3128
Via: 1.1 mail (squid/3.3.

Connection: close

Squid Object Cache: Version 3.3.8
Start Time: Mon, 28 Jul 2014 13:00:36 GMT
Current Time: Mon, 28 Jul 2014 19:20:12 GMT
Connection information for squid:
Number of clients accessing cache: 27
Number of HTTP requests received: 7376
Number of ICP messages received: 0
Number of ICP messages sent: 0
Number of queued ICP replies: 0
Number of HTCP messages received: 0
Number of HTCP messages sent: 0
Request failure ratio: 0.00
Average HTTP requests per minute since start: 19.4
Average ICP messages per minute since start: 0.0
Select loop called: 40663704 times, 0.560 ms avg
Cache information for squid:
Hits as % of all requests: 5min: 0.0%, 60min: 0.0%
Hits as % of bytes sent: 5min: -0.0%, 60min: 0.0%
Memory hits as % of hit requests: 5min: 0.0%, 60min: 0.0%
Disk hits as % of hit requests: 5min: 0.0%, 60min: 0.0%
Storage Swap size: 92088 KB
Storage Swap capacity: 89.9% used, 10.1% free
Storage Mem size: 30240 KB
Storage Mem capacity: 11.5% used, 88.5% free
Mean Object Size: 23.83 KB
Requests given to unlinkd: 1703
Median Service Times (seconds) 5 min 60 min:
HTTP Requests (All): 0.00000 0.00815
Cache Misses: 0.00000 0.00815
Cache Hits: 0.00000 0.00000
Near Hits: 0.00000 0.00000
Not-Modified Replies: 0.00000 0.00000
DNS Lookups: 0.00000 4.77162
ICP Queries: 0.00000 0.00000
Resource usage for squid:
UP Time: 22775.882 seconds
CPU Time: 67.760 seconds
CPU Usage: 0.30%
CPU Usage, 5 minute avg: 0.71%
CPU Usage, 60 minute avg: 0.25%
Process Data Segment Size via sbrk(): 44596 KB
Maximum Resident Size: 209824 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
Total space in arena: 44728 KB
Ordinary blocks: 44614 KB 13 blks
Small blocks: 0 KB 0 blks
Holding blocks: 1324 KB 4 blks
Free Small blocks: 0 KB
Free Ordinary blocks: 114 KB
Total in use: 114 KB 0%
Total free: 114 KB 0%
Total size: 46052 KB
Memory accounted for:
Total accounted: 38449 KB 83%
memPool accounted: 38449 KB 83%
memPool unaccounted: 7603 KB 17%
memPoolAlloc calls: 1784534
memPoolFree calls: 1806098
File descriptor usage for squid:
Maximum number of file descriptors: 1024
Largest file desc currently in use: 19
Number of file desc currently in use: 12
Files queued for open: 0
Available number of file descriptors: 1012
Reserved number of file descriptors: 100
Store Disk files open: 0
Internal Data Structures:
3919 StoreEntries
1481 StoreEntries with MemObjects
1479 Hot Object Cache Items
3865 on-disk objects
_________________
Gentoo Newbie

NeddySeagoon · Posted: Mon Jul 28, 2014 8:05 pm Post subject:

D0zer,

As https is encrypted, it cannot usefully be cached.
From memory, squid doesn't even try to cache https but its been a while since I set it up.

Are you using squid as a transparent proxy or as a real proxy server?

The former works with no setup on the machines squid is proxying for, the latter requires that the machines that squid proxies for know to use the proxy.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

dataking · Apprentice Joined: 20 Apr 2005 Posts: 251

D0zer · n00b Joined: 28 Jul 2013 Posts: 46 Location: South Africa

Hi dataking

Thank's for the reply. Squid is not suppose to cache HTTPS, but I am not sure if it is. We use a wpad file to send the proxy settings to the workstations on the network.

The Server has 3 NIC's, one for Local Network, 2 for ISP connectivity, one runs mail and the other is for browsing with loadblancing and automatic fail over setup.

On the server I am using the recommended MTU size from the ISP, I will check the person's computer who is having issues and see what MTU there machine is using.
_________________
Gentoo Newbie

D0zer · n00b Joined: 28 Jul 2013 Posts: 46 Location: South Africa

Hi NeddySeagoon

Thanks for the reply. As far as I know https is not suppose to be cahced by the proxy. We using a wpad file that gets served to the client's computer's to get the proxy configurations. Sometimes I get "time out" messages from squid when I am using the internet. From what I can see DNS is working correctly.

Any suggestions where is the best place to start digging to resolve this issue. On a side note we are using 2 un managed gigabit switches, I have suggested we replace those with smart managed switches. Later on today I will post the network setup in more detail.
_________________
Gentoo Newbie

D0zer · n00b Joined: 28 Jul 2013 Posts: 46 Location: South Africa

Hi All

Still trying to resolve these issue at this client. The Server is running 3 NICS/ NIC0 is connected to one ISP, NIC1 is connected to the Internal LAN. Eth2 is connected to second Internet Service provider.

I was using Jnettop to monitor traffic, eth0, was running very slowly, showing speed as b/s not kb/s. Eth0 seems to mostly be running dns queries and mail. Eth2 is running the web browsing. My suspicion is the issues are in the routing which is why things are so slow here. I am a bit clueless on the routing side, any advice of what to check would be a great help.

I am working through some google results to get a better understanding of the routing.

Thanks in Advance.
_________________
Gentoo Newbie