Squid negative speed increase

lamle

I have a squid box running as intercept mode for internet access.
The problem is the HIT percent quite low and Speed increase is negative.
Here is the statistic:

Graph Domain: 24 hours (86400 seconds)
Total Accesses: 1288357
Average Accesses: 53681.54 per hour
Total Cache Hits: 181614
Average Cache Hits: 7567.25 per hour
% Cache Hits: 14.09 %
Total Cache IMS Hits: 27451
Average Cache IMS Hits: 1143.79 per hour
Total Cache Misses: 1043577
Average Cache Misses: 43482.37 per hour
% Cache Misses: 81 %

Calamaris statistics Summary

Report period: 22.Jul 18 03:06:09 - 28.Jul 18 00:10:38

lines parsed: lines 7733940
invalid lines: lines 8487
parse time: sec 697
parse speed: lines/sec 11108

Proxy statistics

Total amount: requests 7733940
unique hosts/users: hosts 4990
Total Bandwidth: Byte 693G
Proxy efficiency (HIT [kB/sec] / DIRECT [kB/sec]): factor 0.65
Average speed increase: % -2.72
TCP response time of 95.54%% requests (requests > 2000 msec skipped): msec 193

Cache statistics

Total amount cached: requests 1023714
Request hit rate: % 13.24
Bandwidth savings: Byte 36322M
Bandwidth savings in Percent (Byte hit rate): % 5.12
Average cached object size: Byte 37204
Average direct object size: Byte 105183
Average object size: Byte 96185

Top
Tasks: 146 total, 1 running, 145 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.5%us, 0.1%sy, 0.0%ni, 98.7%id, 0.3%wa, 0.0%hi, 0.4%si, 0.0%st
Mem: 20481692k total, 18421712k used, 2059980k free, 1470836k buffers
Swap: 37502968k total, 10764k used, 37492204k free, 11425116k cached

Squid configuration
cache_mem 18024 MB
acl manager proto cache_object
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 192.168.200.0/24 # RFC1918 possible internal network
acl localnet src 172.17.0.0/16 # RFC1918 possible internal network
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
cachemgr_passwd s3cr3tP4sS all
http_access allow manager localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny manager
http_access deny all
http_port 3128 transparent
positive_dns_ttl 8 hours
negative_dns_ttl 30 seconds
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_log /var/log/squid/cache.log
access_log /var/log/squid/access.log
client_lifetime 24 hours
connect_timeout 1 minutes
forward_timeout 4 minutes
pconn_timeout 1 minutes
persistent_request_timeout 2 minutes
read_timeout 15 minutes
request_timeout 5 minutes
shutdown_lifetime 30 seconds
half_closed_clients on
check_hostnames on
allow_underscore on
dns_retransmit_interval 5 seconds
dns_timeout 5 seconds
dns_defnames off
dns_nameservers none
hosts_file /etc/hosts
ipcache_size 10000
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy lru
memory_replacement_policy lru
maximum_object_size 4 MB
maximum_object_size_in_memory 512 KB # 8KB for high load
cache_dir aufs /media/nvme 200000 601 256

Is there any solution to improve the SQUID ?

periko

How many users are crossing the proxy?
Did u use auth?
Did u check cache.log? any error message?
Your dns is working properly?