SQUID proxy question

BlazeStar

Hi guys,

I've been using a "vanilla" pfSense for a few weeks now / 2.1.5-RELEASE (amd64)

Recently, I installed the SQUID3 package (3.1.20 pkg 2.1.2)

Since then, there has been a drastic performance reduction (i.e. : when browsing the Web, etc.)

I've been looking over the options but I don't see how I can tweak this.

Right now it is in transparent mode.

If I can fix the performance issue, I would like to enable authentication and use with SQUIDGUARD or maybe DANSGUARDIAN.

For info my system is a Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz (4 CPUs: 1 package(s) x 2 core(s) x 2 SMT threads) for 4 Gb of RAM.

KOM

Did you enable Squid with its defaults or did you twiddle various options?  If not default, what is your hard disk cache size, memory cache size and Max object size?

sowen

Setting the alternate DNS value in the squid config may improve performance.

This is only the case if web pages seem to load very slowly initially.

BlazeStar

@KOM:

Did you enable Squid with its defaults or did you twiddle various options?  If not default, what is your hard disk cache size, memory cache size and Max object size?

I did not play with ANY setting, I just installed it and launched it.

To completely disable it, I uninstalled it completely until I can figure out how to properly configured it.

KOM

Are you running pfSense on a slow disk?  I use Squid in a production environment and it performs well enough.

heper

if you don't need a huge cache but simply want to use it to restrict certain things: set HD cache to zero/null and only cache in RAM

BlazeStar

@KOM:

Are you running pfSense on a slow disk?  I use Squid in a production environment and it performs well enough.

I'm running pfSense on a dedicated server which has, to my humble opinion, pretty good specs :

Dell PowerEdge T110
Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz (4 CPUs: 1 package(s) x 2 core(s) x 2 SMT threads)
4GB Memory (1x4GB), 1600Mhz, Dual Ranked UDIMM
500GB 7.2K RPM SATA 3Gbps 3.5in Cabled Hard Drive

Maybe I should boost the RAM ?

@heper:

if you don't need a huge cache but simply want to use it to restrict certain things: set HD cache to zero/null and only cache in RAM

I did try that… I don't have too much RAM though (4GB)

Still same problem.

To describe the issue:

When I type in an address, it will take a while to load.
Once it has loading (connected to the host, per say) it will be very fast.

If I try to open several websites (different domain names) in the same time, it'll be catastrophically slow and some of them will even fail when loading.
Refreshing will work.

As soon as first connection has been established, it becomes very fast.

KOM

Did you try sowen's suggestion?  I found this but it's a little old.

SSH in and run:

squidclient -p 3128 mgr:info

Look at the bottom for Median Service Times.  Anything look like a big delay there?

BlazeStar

@KOM:

Did you try sowen's suggestion?

You're right I did not !! Sorry !

@sowen:

Setting the alternate DNS value in the squid config may improve performance.

This is only the case if web pages seem to load very slowly initially.

So that's exactly what's going on in my case.

But I don't know what to set the Alternate DNS value to!

Here's my config :
http://cl.ly/image/1S1G00373t3b
http://cl.ly/image/442C2W0D1b0a

Where EXAMPLE.COM is my real domain.

@KOM:

SSH in and run:

squidclient -p 3128 mgr:info

Look at the bottom for Median Service Times.  Anything look like a big delay there?

Okay I did, here's what it gives me.

However be aware that I had stopped the SQUID service in pfSense because everyone was complaining about delays.

I restarted it, and when I started to see it was getting a little bit slow, I ran the command.

HTTP/1.0 200 OK
Server: squid/3.1.22
Mime-Version: 1.0
Date: Thu, 11 Dec 2014 20:45:32 GMT
Content-Type: text/plain
Expires: Thu, 11 Dec 2014 20:45:32 GMT
Last-Modified: Thu, 11 Dec 2014 20:45:32 GMT
X-Cache: MISS from XXX
X-Cache-Lookup: MISS from XXX:3128
Via: 1.0 XXX (squid/3.1.22)
Connection: close

Squid Object Cache: Version 3.1.22
Start Time:	Thu, 11 Dec 2014 20:33:40 GMT
Current Time:	Thu, 11 Dec 2014 20:45:32 GMT
Connection information for squid:
	Number of clients accessing cache:	6
	Number of HTTP requests received:	271
	Number of ICP messages received:	0
	Number of ICP messages sent:	0
	Number of queued ICP replies:	0
	Number of HTCP messages received:	0
	Number of HTCP messages sent:	0
	Request failure ratio:	 0.00
	Average HTTP requests per minute since start:	22.8
	Average ICP messages per minute since start:	0.0
	Select loop called: 83680 times, 8.513 ms avg
Cache information for squid:
	Hits as % of all requests:	5min: 2.2%, 60min: 1.1%
	Hits as % of bytes sent:	5min: 2.6%, 60min: 0.5%
	Memory hits as % of hit requests:	5min: 0.0%, 60min: 0.0%
	Disk hits as % of hit requests:	5min: 100.0%, 60min: 100.0%
	Storage Swap size:	92158 KB
	Storage Swap capacity:	90.0% used, 10.0% free
	Storage Mem size:	252 KB
	Storage Mem capacity:	 3.1% used, 96.9% free
	Mean Object Size:	23.65 KB
	Requests given to unlinkd:	0
Median Service Times (seconds)  5 min    60 min:
	HTTP Requests (All):   0.09219  0.09219
	Cache Misses:          0.08729  0.08729
	Cache Hits:            6.62870  6.62870
	Near Hits:             0.00000  0.00000
	Not-Modified Replies:  0.00000  0.00000
	DNS Lookups:          10.14244 10.14244
	ICP Queries:           0.00000  0.00000
Resource usage for squid:
	UP Time:	712.384 seconds
	CPU Time:	1.631 seconds
	CPU Usage:	0.23%
	CPU Usage, 5 minute avg:	0.22%
	CPU Usage, 60 minute avg:	0.24%
	Process Data Segment Size via sbrk(): 0 KB
	Maximum Resident Size: 15544 KB
	Page faults with physical i/o: 0
Memory accounted for:
	Total accounted:         1713 KB
	memPoolAlloc calls:     92638
	memPoolFree calls:      94125
File descriptor usage for squid:
	Maximum number of file descriptors:   11095
	Largest file desc currently in use:     31
	Number of file desc currently in use:   18
	Files queued for open:                   0
	Available number of file descriptors: 11077
	Reserved number of file descriptors:   100
	Store Disk files open:                   0
Internal Data Structures:
	  3924 StoreEntries
	    63 StoreEntries with MemObjects
	    61 Hot Object Cache Items
	  3896 on-disk objects

KOM

Your DNS lookup times are terrible. Just put your usual DNS server in the Use alternate DNS-servers for the proxy-server box.  Save and try to use Squid again.

BlazeStar

I added the DNS from my ISP to alternate DNS list.

This improved the speed dramatically and instantly.

I've been running SQUID with these settings for a few hours and : so far so good!

I think that was my problem!

Thanks guys for your answers!

BlazeStar

Been running it for a few days now and that was it!

Added the alternate DNS and now it's lightning fast!

Thanks again @sowen and @KOM