[SHARE] Update Lusca Release - r14371 (November 18, 2009)
-
streaming indowebster masih belum bersahabat om …
ada yg ngerasain juga gak ...utak-atik belum ketemu juga
Btw Mau ngeblock apa mau nglimit?
-
gak utk ngeblock
atau juga ngelimithanya kok gak smooth streamingnya, alias loading mulu, lama ….
gak langsung streaming gitu ... seperti youtube
apa yah yg salah yah ...thanks atas pencerahan lbh lanjut
-
delete dulu squid/lusca yang lama
pkg_delete squid*
pkg_delete lusca*
pkg_add -rv http://shakau.googlepages.com/vanila-lusca-1.4_2.tbz
rehash
squid -vrestart squid dengan mengclick stop/start di webgui services squid
NB: LUSCA hanya support file system COSS dan AUFS tdk support UFS dan DISKD
Mas grage95 …Mantab..2 jempol buat grage95 ;D
lansung uninstall squid
pkg_delete squid*
trus..
pkg_add -rv http://shakau.googlepages.com/vanila-lusca-1.4_2.tbz
then...
squid -vlast tekan stop/start atau restart squid...
jalan tuh Luscanya.. ::)
squid -v
Squid Cache: Version LUSCA_HEAD
configure options: '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/usr/local/squid' '--sysconfdir=/usr/local/etc/squid' '--enable-removal-policies=heap' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-epoll' '--disable-auth' '--disable-wccpv2' '--with-maxfd=16384' '--with-pthreads' '--enable-storeio=null aufs coss' '--enable-delay-pools' '--disable-carp' '--disable-wccp' '--disable-ident-lookups' '--enable-pf-transparent' '--with-large-files' '--enable-large-cache-files' '--enable-err-languages=English' '--enable-default-err-language=English' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd7.2' 'build_alias=i386-portbld-freebsd7.2' 'CC=cc' 'CFLAGS=-O2 -pipe -fno-strict-aliasing' 'LDFLAGS=' 'CPPFLAGS='dah di monitoring selama 4 hari pakai lightsquid :
Date Group Users Oversize Bytes Average Hit %
25 Nov 2009 grp 28 20 951.4 M 34.0 M 20.46%
24 Nov 2009 grp 29 23 2.3 G 79.8 M 8.38%
23 Nov 2009 grp 29 23 2.5 G 86.8 M 10.15%
19 Nov 2009 grp 21 13 468.6 M 22.3 M 17.31%Lumayan ...ada perubahan walau pun belum significant.. ;D
Mas grage95 and rekans, Gimana biar bisa hit 50% ya..? :P
-
harus di tunning :
step2nyatambahkan ini di squid.inc
include /usr/local/etc/squid/tunning.conf
setelah baris
acl dynamic urlpath_regex cgi-bin ?jadinya nanti
_**acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 $webgui_port $port 1025-65535
acl sslports port 443 563 $webgui_port
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?include /usr/local/etc/squid/tunning.conf
EOD;**_
dan masuk ke directory
cd /usr/local/etc/squid/
dan download file2 ini :
fetch http://freebsd-squid-system.googlecode.com/files/tunning.conf
fetch http://freebsd-squid-system.googlecode.com/files/storeurl.pl
chmod +x storeurl.pl
chown proxy:proxy storeurl.pl
chown proxy:proxy tunning.conf
cd /etc
fetch http://freebsd-squid-system.googlecode.com/files/sysctl.conf
cd /boot
fetch http://freebsd-squid-system.googlecode.com/files/loader.conftrus reboot server
-
Tuning tambahan Experimen:
System -> General Setup :
DNS servers : 127.0.0.1 203.130.196.155 ---> DNS prymary ISPbuat file /usr/local/etc/dnsmasq.conf
port=53 cache-size=10000 expand-hosts/etc/sysctl.conf
net.inet.ip.fastforwarding=1 net.inet.ip.portrange.last=65535 net.inet.ip.portrange.first=1024 net.inet.icmp.icmplim=0 net.inet.icmp.icmplim_output=0 net.inet.tcp.msl=3000 net.inet.tcp.hostcache.expire=3900 net.inet.tcp.inflight.enable=0 net.inet.tcp.sendspace=65536 net.inet.tcp.recvspace=65536 net.inet.tcp.delayed_ack=0 net.inet.udp.recvspace=65535 net.inet.udp.maxdgram=57344 net.local.stream.recvspace=1048576 net.local.stream.sendspace=1048576 net.inet.ip.intr_queue_maxlen=5000 net.inet.tcp.sendbuf_max=65536 net.inet.tcp.recvbuf_max=65536 net.inet.tcp.slowstart_flightsize=54 net.inet.tcp.local_slowstart_flightsize=10 net.inet.tcp.nolocaltimewait=1 kern.ipc.maxsockbuf=16777216 kern.ipc.maxsockets=65536 kern.ipc.somaxconn=32768 kern.ipc.nmbclusters=131072 kern.polling.burst_max=1000 kern.polling.each_burst=50 kern.maxfiles=262144 kern.maxfilesperproc=65536 kern.ipc.shmall=32768 kern.ipc.shmmax=134217728 kern.ipc.semmap=256 kern.dirdelay=6 kern.metadelay=5 kern.filedelay=7/boot/loader.conf
autoboot_delay="1" kern.ipc.maxsockbuf="16777216" kern.ipc.nmbclusters="131072" kern.ipc.msgmnb="16384" kern.ipc.msgssz="64" kern.ipc.msgtql="4096" kern.ipc.shmseg="16" kern.ipc.somaxconn="32768" kern.ipc.nmbclusters="131072" kern.ipc.maxsockets="65536" kern.maxfiles="262144" kern.maxfilesperproc="65536" net.inet.tcp.tcbhashsize="4096" net.inet.tcp.tcbhashsize="4096" net.inet.tcp.hostcache.hashsize="1024"untuk tuning sysctl.conf silahkan sesuaikan memory dan HW and lihat manual FreeBSD;
lihat configurasi :
sysctl [option]# sysctl -aagar tidak melebihi layar
# sysctl -a | moreatau jika melihat valunya saja :
sysctl [key]
# sysctl net.inet.tcp.hostcache.hashsize
net.inet.tcp.hostcache.hashsize:1024untuk ngeset value :
sysctl [key]=[value]
# sysctl net.inet.tcp.hostcache.hashsize=2048
net.inet.tcp.hostcache.hashsize:1024 -> 2048
jika menunjukkan read only, biasanya setting di lettakkan di /boot/loader.conf lalu reboot pf.Atau pingin melihat key pergroup :
misal key dengan awalan net.inet# sysctl net.inet net.inet.tcp.hostcache.hashsize:2048 --------- --------- --------- ---------dst# sysctl kern.ipc kern.ipc.msgssz:64 kern.ipc.msgtql:4096 kern.ipc.shmseg:16 kern.ipc.somaxconn:32768 kern.ipc.nmbclusters:131072 kern.ipc.maxsockets:65536 --------- --------- --------- ---------dstSelamat ber-eksperimen.
-
kawan2 … mohon pencerahan ...
last pid: 29871; load averages: 0.13, 0.07, 0.03 up 8+01:57:47 11:32:06
237 processes: 6 running, 211 sleeping, 2 zombie, 18 waiting
CPU: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 0.0% idle
Mem: 378M Active, 1322M Inact, 215M Wired, 34M Cache, 112M Buf, 41M Free
Swap: 2048M Total, 100K Used, 2048M Freeitu hasil top dari mesin LUSCA
ram pisik 2 Gig, cahe dir 100 GB, baru 34% terisi ...
sudah "mau" swapkah ... atau sudah terengah2 LUSCA nya ?makasih yooo ...
-
RAM : 1322M Inact = memory yg pernah terpakai cuman tidak aktif
RAM FREE (belum pernah terpakai sama sekali) = 41M Free
SWAP: 2048M Total, 100K Used, 2048M Freemasih belum kena swap, 2048M-2048M= 0
untuk menggunakan top sebaiknya jangan yg relatime, gunakan option -n {nilai baris yang mau di tampilkan}
contoh top -n 60
aplikasi top realtime makan memory banyak
-
thanks om @grage95 atas pencerahannya …
dapat disimpulkan masih aman2 saja :D
keragu2 an hilang sudah, waktunya swapping ke LUSCAom ...
sekiranya dibuat thread baru ttg performance LUSCA, gimana om ...
sekedar "mengintimidasi" kawan2 utk tidak ragu pake LUSCA sebagai aternatif dari yg sudah ada
juga ... ubek2 di sub international sptnya belum ada
regional Indo bisa jadi pelopornya ... ;D :o -
mungkin yang perlu di bahas bareng2:
1. Sarat2 & formula ideal (hardisk & ram)
2. optimasi cache dengan fitur store_rewrite_url (hanya ada di lusca & squid-2.7.x)
3. optimasi refresh_pattern
4. optimasi kernel
5. optimasi dnsmasq utk menghandle client besar
6. ….silahkan barangkali ada yang perlu di tambahkan, nanti kita garap bareng2, masukan/saran di tunggu, kita bongkar rahasia proxy highperformance
berita menarik, setelah penasaran dengan performance freebsd, opensolaris & linux, ternyata dengan install minimalis OS dan optimasi kernel, spek mesin dan config yang hampir sama (beda di pengaturan di directory log saja ) lebih unggul di freebsd, saking penasaranya dengan freebsd ini, kernel freebsd ini di ganti dengan mengcopy kernel dari pfsense saja tepar hihihi. monitoring dengan menggunakan mrtg eksternal (mrtg di box lain hanya menyedot snmp proxy "enable-snmp"), urutannya keunggulan ini di tinjau dari efisiensi memory, kecepatan untuk menyimpan cache dan ke stabilan dari req/hits yang tinggi.
1. freebsd-7.2-release (ufs dgn option noatime mantap tenan)
2. opensolaris (zfs nya edun euy, quick tapi boros memory hiks hiks)
3. linux (reiserfs (utk file2 kecil) dan ext4 (utk file2 besar) podo wae walopun udah di tuning di fstab notail, noatime, nyoba reiser4 waktu load tinggi kernel panic, udah utak atik sysctl.conf tetep saja hiks)servis yang jalan hanya dns cache dan lusca
utk cache hits di total hampir sama, cuma beda timing saja
salute 4 jempol untuk developer pfsense ini (quick, easy, fast & stable) -
Salam , mahu bertanya, bagaimana mahu aktifkan SNMP , sudah cuba baca di cacti forum , tapi tak berhasil
T/K
zass -
download package pfSense Lusca Release - r14371 (November 18, 2009) with patch + snmp + arp
pkg_delete lusca*
or
pkg_delete squid*and then install
pkg_add -rv http://squid-proxy-pkg.googlecode.com/files/lusca-pfsense-arp-snmp-r14371_2.tbzenable snmp on squid.inc
acl snmp_host src 127.0.0.1
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic snmp_host
snmp_access deny allinfo :
build withpf-bsd72# squid -v Squid Cache: Version LUSCA_HEAD configure options: '--bindir=/usr/local/sbin' '--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid' '--libexecdir=/usr/local/libexec/squid' '--localstatedir=/usr/local/squid' '--sysconfdir=/usr/local/etc/squid' '--enable-removal-policies=heap' '--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-epoll' '--with-pthreads' '--enable-storeio=aufs coss' '--enable-delay-pools' '--enable-snmp' '--disable-carp' '--disable-wccp' '--disable-ident-lookups' '--enable-arp-acl' '--enable-pf-transparent' '--with-large-files' '--enable-large-cache-files' '--enable-err-languages=English' '--enable-default-err-language=English' '--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/' '--build=i386-portbld-freebsd7.2' 'build_alias=i386-portbld-freebsd7.2' 'CC=cc' 'CFLAGS=-O2 -pipe -funroll-loops -ffast-math -fno-strict-aliasing' 'LDFLAGS=' 'CPPFLAGS='patch with : aggressive.patch, 2451x.patch,lusca-vary.patch,loop2.patch (fix bug looping for use store_url_rewrite)
tips install squidstats
pkg_add -rv squidstats
after finisih, lets go config
_mkdir -p /var/db/squidstats/graphs
mkdir -p /var/db/squidstats/rrd
chown www:wheel /var/db/squidstats/graphs
chown proxy:wheel /var/db/squidstats/rrdln -s /var/db/squidstats/graphs /usr/local/www/data/
ln -s /usr/local/www/cgi-bin/graph-summary.cgi /usr/local/www/graph-summary.cgi
su -m proxy -c "/usr/local/bin/squidstats.pl createdb"
su -m proxy -c "/usr/local/bin/squidstats.pl gather 2"_
edit /etc/crontab
add this line*/5 * * * * /usr/local/bin/squidstats.pl gather 2 > /dev/null
restart crontab /etc/rc.d/cron restart
test open with your browser
http://your-ip/graph-summary.cgi
-
Ertinya kalau saya buat sampai di sini saja :
"pkg_delete lusca*
or
pkg_delete squid*and then install
pkg_add -rv http://squid-proxy-pkg.googlecode.com/files/lusca-pfsense-arp-snmp-r14371_2.tbzenable snmp on squid.inc
acl snmp_host src 127.0.0.1
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic snmp_host
snmp_access deny all "squid sudah support snmp > dan boleh di ambil datanya dari server lain ,
misalnya gunakan cacti ?
tq
-
jika menggunkan mrtg di cacti other box
acl snmp_host src your-ip-cacti
acl snmp_host src 127.0.0.1
snmp_port 3401
acl snmppublic snmp_community public
snmp_access allow snmppublic snmp_host
snmp_access deny all "dan di firewall open port 3401 protocol udp
di box cacti install net-snmp dan cacti-template-squidstats
edit /etc/snmpd.conf
tambahkan line ini :#sec.name source community
com2sec local localhost public
com2sec mynetwork 1.2.3.0/24 publiccheck with snmpwalk
snmpwalk -v2c -c public your-ip-pfsense-squid-box:3401 .1.3.6.1.4.1.3495.1.1
-
tq,tq.tq ;D saya coba dulu !
-
Grage5, mengapa saya punya tiada option snmp ?
$ squid -v
Squid Cache: Version LUSCA_HEAD
configure options: '–bindir=/usr/local/sbin'
'--sbindir=/usr/local/sbin' '--datadir=/usr/local/etc/squid'
'--libexecdir=/usr/local/libexec/squid' '--localstatedir=/usr/local/squid'
'--sysconfdir=/usr/local/etc/squid' '--enable-removal-policies=lru heap'
'--disable-linux-netfilter' '--disable-linux-tproxy' '--disable-epoll'
'--with-pthreads' '--enable-storeio=aufs' '--enable-delay-pools'
'--disable-carp' '--disable-wccp' '--disable-ident-lookups'
'--enable-pf-transparent' '--with-large-files' '--enable-large-cache-files'
'--enable-err-languages=English' '--enable-default-err-language=English'
'--prefix=/usr/local' '--mandir=/usr/local/man' '--infodir=/usr/local/info/'
'--build=i386-portbld-freebsd7.2' 'build_alias=i386-portbld-freebsd7.2'
'CC=cc' 'CFLAGS=-O2 -pipe -funroll-loops -ffast-math -fno-strict-aliasing'
'LDFLAGS=' 'CPPFLAGS='tq
-
sudah mengupdate package dnegan http://squid-proxy-pkg.googlecode.com/files/lusca-pfsense-arp-snmp-r14371_2.tbz
dan sudah di rehash ? -
Bos Grage, ada sedikit masalah:
su -m proxy -c "/usr/local/bin/squidstats.pl createdb"
Can't locate RRDs.pm in @INC (@INC contains: /usr/local/lib/perl5/5.8.8/BSDPAN /usr/local/lib/perl5/site_perl/5.8.8/mach /usr/local/lib/perl5/site_perl/5.8.8 /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/5.8.8/mach /usr/local/lib/perl5/5.8.8 .) at /usr/local/bin/squidstats.pl line 4.
BEGIN failed–compilation aborted at /usr/local/bin/squidstats.pl line 4. -
kok perl nya versinya beda ya,
perl5/5.8.8kalau di saya
perl5/5.8.9
pfsense vesi 1.3.xxperlu di upgrade perlnya mungkin,
jika menggunakan pfsense 1.3
setenv PACKAGESITE "ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.2-release/Latest/"
pkg-delete -f perl-5*
pkg_add -rv perl -
kok perl nya versinya beda ya,
perl5/5.8.8kalau di saya
perl5/5.8.9
pfsense vesi 1.3.xxperlu di upgrade perlnya mungkin,
jika menggunakan pfsense 1.3
setenv PACKAGESITE "ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.2-release/Latest/"
pkg-delete -f perl-5*
pkg_add -rv perlSaya pakai Pfsense 1.2.3 bos, upgraded from 1.2
-
Akhir , berhasil tkasih grage5 ;D
