Date: Tue, 2 Oct 2001 09:23:31 -0300 (BRT) From: Paulo Fragoso <paulo@nlink.com.br> To: Igor Podlesny <poige@morning.ru> Cc: <freebsd-isp@freebsd.org> Subject: Re: Transparent Cache Message-ID: <20011002080720.T11950-100000@mirage.nlink.com.br> In-Reply-To: <1821131144.20011002170147@morning.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2 Oct 2001, Igor Podlesny wrote:
> > Those querys are resend
>
> by which means?
Excuse me my poor english. We will try explain better.
It means that all trafic to some port 80 are redirect to port 8888 for the
transparent cache. In the cache it's forwarding to port 3128. All working
fine, our cache listen 3128 to normal cache configuration and listen 8888
to transparent cache from the router:
_______________ 8888 ______________
| transparent |<--------------------| router |
| cache running | | running natd | internet
| squid 2.4_6 |-------------------->| redirecting |--------->
| + ipforward | 10/100Mbps | http trafic | 2Mbps
!---------------! by switch !--------------!
(2) Micronet ^ (1)
|
|
____________ |
| a client | |
| accessing |----------!
| some web | -> www.foo.com:80
| page |
!------------!
(3)
This way a client (3) accessing some site like http://www.foo.com:80 is
redirect by the router (1) to port 8888 for the cache server. The cache
server (2) answer to router (1) and this anser to client (3).
Our problem happen rarely, sometimes the cache is logging a connection
attempt to 8888. We thinking it is happing because at specific time there
wasn't answer from squid. If this is true the cache serever doesn't have
capacity to answer all connections!! Why is this happening?
In the cache server (2) all conections to 8888 are forwarded to
127.0.0.1,3128:
${fwcmd} add fwd 127.0.0.1,3128 tcp from rrr.rrr.rrr.rrr to
sss.sss.sss.sss 8888
We think there aren't hardwere problem, so colud be a freebsd or
squid slowness!!!
The kernel was recompiled using:
maxusers 512
options NMBCLUSTERS=65535
options SMP
options APIC_IO
and sysctl.conf:
vfs.vmiodirenable=1
kern.ipc.maxsockbuf=2097152
kern.ipc.somaxconn=8192
kern.ipc.maxsockets=16424
kern.maxfiles=65535
kern.maxfilesperproc=32768
net.inet.tcp.rfc1323=1
net.inet.tcp.delayed_ack=0
net.inet.tcp.sendspace=65535
net.inet.tcp.sendspace=65535
net.inet.tcp.recvspace=65535
net.inet.udp.recvspace=65535
net.inet.udp.maxdgram=57344
net.local.stream.sendspace=65535
net.local.stream.recvspace=65535
What is happening? There is a limit in FreeBSD? Where?
Or there is a limit in the squid? Where?
Or we have configured with some mistake?
We was using this arrange a long time ago, but now we wave put
log_in_vain="YES" in the rc.conf and upgraded from FreeBSD 4.3 to
4.4-RELEASE.
Thanks,
Paulo Fragoso.
>
> > to squid from local port 8888 in the
> > proxy-server (FreeBSD 4.x, 2x Pentium III 933MHz, SCSI 1010-33 160MB/s, HD
> > Seagate 18GB SCSI 3 160MB/s) to squid program at port 3128.
>
> > Our problem happen some times in the proxy-server, some times it's
> > logging: (using log_in_vain="YES" in the rc.conf)
>
> > Connection attempt to TCP sss.sss.sss.sss:8888 from rrr.rrr.rrr.rrr:1192
> > Connection attempt to TCP sss.sss.sss.sss:8888 from rrr.rrr.rrr.rrr:1458
> > Connection attempt to TCP sss.sss.sss.sss:8888 from rrr.rrr.rrr.rrr:1460
>
> may be sometimes your re-sender tries to use 8888 instead 3128
>
> > where rrr.rrr.rrr.rrr is the router and sss.sss.sss.sss is the
> > proxy-server.
>
> > If there is a firewall rule in the proxy-server, like this:
>
> > ipfw add fwd 127.0.0.1,3128 tcp from rrr.rrr.rrr.rrr to sss.sss.sss.sss 8888
>
> > then is the squid program inefficient to answer all querys?
>
> > Could be any limit in the freebsd kernel?
>
> > There is several connections at same time to port 8888 in the
> > proxy-server:
>
> > netstat -na|grep -c 8888
> > 906
>
> > Is this a real problem? Can anyone help me?
>
> You should describe more precisely what you are exactly doing.
>
> > Thanks,
> > Paulo Fragoso.
>
>
> --
> Igor mailto:poige@morning.ru
>
--
__O
_-\<,_ Why drive when you can bike?
(_)/ (_)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011002080720.T11950-100000>