Squid3 recently very slow

lucky

Also, I already had the option mentioned here https://forum.pfsense.org/index.php?topic=52735.msg284810#msg284810 turned on. Doesn't seem to make a difference.

KOM

No hits at all.  I wonder if your cache folder hierarchy needs to be rebuilt?

IIRC, there are some issues with squid3 in transparent mode at the moment:

https://forum.pfsense.org/index.php?topic=91894.0

https://forum.pfsense.org/index.php?topic=89315.0

You might be hitting those problems as well.  I've spent some time studying squid3, squidguard, sarg and lightsquid.  I've gotten everything running on a Ubuntu Server 14.10 box.  I will be installing a standalone proxy once Ubuntu Server 15.04 comes out next week.  I've come to the conclusion that it's best to separate extra services from the basic routing firewall, so bye-bye to all packages except reporting, like bandwidthd.

lucky

Thanks for pointing out those links. I did have transparent mode on. I just turned it off and manually configured a browser to use the proxy. Also, yesterday I deleted the entire Squid cache folder structure via shell on pfSense. Still seem to have the same problem.

KOM

After you deleted it, I assume you rebuilt it with squid3 -z?

lucky

I didn't, though after the delete, I removed the entire squid3 package and re-installed it…which I assume will do the rebuild?

KOM

Should, but you should do it just to be sure.

lucky

Okay, I stopped Squid, ran this:

[2.2.1-RELEASE][root@fw]/root: /usr/local/sbin/squid -z
[2.2.1-RELEASE][root@fw]/root: 2015/04/15 16:28:15 kid1| Creating missing swap directories

And restarted Squid. Still getting the same bad performance.

KOM

I don't know what else to tell you.

lucky

Heh, np…I think my next experiment will be to set myself up to get some pcaps, on the client and on the server (both internal and WAN), to see what's happening on the network.

lucky

So I am still not sure exactly what the heck is going on. In some cases, it does appear that SYNs are not being responded to. I am not sure why. Then shortly after, it works…???

I added the following to my Squid config, on the General tab in the "Custom ACLS (Before_Auth)" section, and this is helping a lot...though still not good enough for "production":

connect_timeout 2
forward_max_tries 2
connect_retries 2