Date: Tue, 2 Oct 2001 09:23:31 -0300 (BRT) From: Paulo Fragoso <paulo@nlink.com.br> To: Igor Podlesny <poige@morning.ru> Cc: <freebsd-isp@freebsd.org> Subject: Re: Transparent Cache Message-ID: <20011002080720.T11950-100000@mirage.nlink.com.br> In-Reply-To: <1821131144.20011002170147@morning.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 2 Oct 2001, Igor Podlesny wrote: > > Those querys are resend > > by which means? Excuse me my poor english. We will try explain better. It means that all trafic to some port 80 are redirect to port 8888 for the transparent cache. In the cache it's forwarding to port 3128. All working fine, our cache listen 3128 to normal cache configuration and listen 8888 to transparent cache from the router: _______________ 8888 ______________ | transparent |<--------------------| router | | cache running | | running natd | internet | squid 2.4_6 |-------------------->| redirecting |---------> | + ipforward | 10/100Mbps | http trafic | 2Mbps !---------------! by switch !--------------! (2) Micronet ^ (1) | | ____________ | | a client | | | accessing |----------! | some web | -> www.foo.com:80 | page | !------------! (3) This way a client (3) accessing some site like http://www.foo.com:80 is redirect by the router (1) to port 8888 for the cache server. The cache server (2) answer to router (1) and this anser to client (3). Our problem happen rarely, sometimes the cache is logging a connection attempt to 8888. We thinking it is happing because at specific time there wasn't answer from squid. If this is true the cache serever doesn't have capacity to answer all connections!! Why is this happening? In the cache server (2) all conections to 8888 are forwarded to 127.0.0.1,3128: ${fwcmd} add fwd 127.0.0.1,3128 tcp from rrr.rrr.rrr.rrr to sss.sss.sss.sss 8888 We think there aren't hardwere problem, so colud be a freebsd or squid slowness!!! The kernel was recompiled using: maxusers 512 options NMBCLUSTERS=65535 options SMP options APIC_IO and sysctl.conf: vfs.vmiodirenable=1 kern.ipc.maxsockbuf=2097152 kern.ipc.somaxconn=8192 kern.ipc.maxsockets=16424 kern.maxfiles=65535 kern.maxfilesperproc=32768 net.inet.tcp.rfc1323=1 net.inet.tcp.delayed_ack=0 net.inet.tcp.sendspace=65535 net.inet.tcp.sendspace=65535 net.inet.tcp.recvspace=65535 net.inet.udp.recvspace=65535 net.inet.udp.maxdgram=57344 net.local.stream.sendspace=65535 net.local.stream.recvspace=65535 What is happening? There is a limit in FreeBSD? Where? Or there is a limit in the squid? Where? Or we have configured with some mistake? We was using this arrange a long time ago, but now we wave put log_in_vain="YES" in the rc.conf and upgraded from FreeBSD 4.3 to 4.4-RELEASE. Thanks, Paulo Fragoso. > > > to squid from local port 8888 in the > > proxy-server (FreeBSD 4.x, 2x Pentium III 933MHz, SCSI 1010-33 160MB/s, HD > > Seagate 18GB SCSI 3 160MB/s) to squid program at port 3128. > > > Our problem happen some times in the proxy-server, some times it's > > logging: (using log_in_vain="YES" in the rc.conf) > > > Connection attempt to TCP sss.sss.sss.sss:8888 from rrr.rrr.rrr.rrr:1192 > > Connection attempt to TCP sss.sss.sss.sss:8888 from rrr.rrr.rrr.rrr:1458 > > Connection attempt to TCP sss.sss.sss.sss:8888 from rrr.rrr.rrr.rrr:1460 > > may be sometimes your re-sender tries to use 8888 instead 3128 > > > where rrr.rrr.rrr.rrr is the router and sss.sss.sss.sss is the > > proxy-server. > > > If there is a firewall rule in the proxy-server, like this: > > > ipfw add fwd 127.0.0.1,3128 tcp from rrr.rrr.rrr.rrr to sss.sss.sss.sss 8888 > > > then is the squid program inefficient to answer all querys? > > > Could be any limit in the freebsd kernel? > > > There is several connections at same time to port 8888 in the > > proxy-server: > > > netstat -na|grep -c 8888 > > 906 > > > Is this a real problem? Can anyone help me? > > You should describe more precisely what you are exactly doing. > > > Thanks, > > Paulo Fragoso. > > > -- > Igor mailto:poige@morning.ru > -- __O _-\<,_ Why drive when you can bike? (_)/ (_) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011002080720.T11950-100000>