::Gak Perlu Ragu Pake RC1 64bit untuk Mesin [Proxy] Anda::

serangku

start awal di cache dir 30 gb - 50 gb saja dulu
om aja cuma 2 x 40 gb untuk ram pisik 4 gb
cache mem start awal di 16 atau 32 mb saja dulu
max memory object start dari 16 atau 32 kb
maximum object size start diangka 32 MB

untuk settingan lainnya default dari luscanya om chudy sendiri
pengalaman om, menggunakan board server lebih terasa dibanding board desktop entry
semakin besar ram pisik semakin menggigit
pattern yg terlalu agresif tidak menambah hebat kalau disk/board gak kuat nampung request I/O yg besar

poscom

Number of clients accessing cache: 350
ini berapa user om 1000 yah
gileee :)

yg sy belum dicoba di mesin produksi om msh malu ee ternyata ok jg dibanding yg RC132

asepyulisman

om aku udah coba sesuai tutorial http://forum.pfsense.org/index.php/topic,34348.0.html di processor amd
tapi SWAP usage & Disk usage 0%

apakah berhasil atau tidak  ???bandwidth di deso aq cuman 2bm dari isp spiidy

om gambar yg di atas load balancing+squidnya ???

maaf agak sedikit cerewet jangan marah ya om ;D ;D


serangku

disk object masih 800 an …
nanti terasa ketika object sudah mencapai 1 jutaan object
toh ini mesin proxy baru up khan ...

dipantau saja dahulu
kalau sudah ada swap yg berlebihan, bisa dipastikan mesin proxy megap2

om gak pake LB, yg diatas pake koneksi astinet 2 mbps
sudah tuntutan karena pengguna semakin berjibun dan hobinya downloader semua :D

ur welcome

asepyulisman

oh gitu, makasih ya om :D

serangku

mendekati titik klimaks dan tetap responsive …
masih survive ... ;D ;D
sengaja skrinsut diambil disaat jam sibuk ...
cache sudah max ...
tambah disk dan ram sepertinya lebih mantep lagi, semoga kesampean ...

Connection information for squid:
	Number of clients accessing cache:	412
	Number of HTTP requests received:	3806444
	Number of ICP messages received:	0
	Number of ICP messages sent:	0
	Number of queued ICP replies:	0
	Request failure ratio:	 0.00
	Average HTTP requests per minute since start:	887.5
	Average ICP messages per minute since start:	0.0
	Select loop called: 143378140 times, 1.795 ms avg
Cache information for squid:
	Request Hit Ratios:	5min: 48.2%, 60min: 41.4%
	Byte Hit Ratios:	5min: 32.5%, 60min: 25.1%
	Request Memory Hit Ratios:	5min: 1.0%, 60min: 1.0%
	Request Disk Hit Ratios:	5min: 64.5%, 60min: 63.3%
	Storage Swap size:	147500796 KB
	Storage Mem size:	32724 KB
	Mean Object Size:	51.02 KB
	Requests given to unlinkd:	0
Median Service Times (seconds)  5 min    60 min:
	HTTP Requests (All):   0.08265  0.10281
	Cache Misses:          0.55240  0.49576
	Cache Hits:            0.00562  0.00678
	Near Hits:             0.15888  0.11465
	Not-Modified Replies:  0.00179  0.00179
	DNS Lookups:           0.05559  0.05078
	ICP Queries:           0.00000  0.00000
Resource usage for squid:
	UP Time:	257326.003 seconds
	CPU Time:	21571.175 seconds
	CPU Usage:	8.38%
	CPU Usage, 5 minute avg:	18.50%
	CPU Usage, 60 minute avg:	18.66%
	Process Data Segment Size via sbrk(): 0 KB
	Maximum Resident Size: 604932 KB
	Page faults with physical i/o: 21
Memory accounted for:
	Total accounted:       341894 KB
	memPoolAlloc calls: 627277319
	memPoolFree calls: 621329827
File descriptor usage for squid:
	Maximum number of file descriptors:   11095
	Largest file desc currently in use:   1497
	Number of file desc currently in use: 1425
	Files queued for open:                   0
	Available number of file descriptors: 9670
	Reserved number of file descriptors:   100
	Store Disk files open:                  12
	IO loop method:                     kqueue
Internal Data Structures:
	2897624 StoreEntries
	  7719 StoreEntries with MemObjects
	  7572 Hot Object Cache Items
	2890938 on-disk objects

Store Directory Statistics:
Store Entries          : 2896457
Maximum Swap Size      : 163840000 KB
Current Store Swap Size: 147448042 KB
Current Capacity       : 90% used, 10% free

poscom

:-* top om

serangku

fakta berbicara …
gambar menjelaskan ...

yg terakhir membuat mesin megap2 minta tolong …  ;D ;D
om aja bingung, ini beneran segitu banyak atau cuma log doang atau mkn bug di report RRD nya
emang om pikirkan ...  ;D yg penting tancap terus sampe klimaks

semoga bermanfaat, gambar2 tsb utk referensi, "sedikiiiit" power dari pfsense

kambeeng

@serangku:

start awal di cache dir 30 gb - 50 gb saja dulu
om aja cuma 2 x 40 gb untuk ram pisik 4 gb
cache mem start awal di 16 atau 32 mb saja dulu
max memory object start dari 16 atau 32 kb
maximum object size start diangka 32 MB

untuk settingan lainnya default dari luscanya om chudy sendiri
pengalaman om, menggunakan board server lebih terasa dibanding board desktop entry
semakin besar ram pisik semakin menggigit
pattern yg terlalu agresif tidak menambah hebat kalau disk/board gak kuat nampung request I/O yg besar

Wah mau coba pake IBM SERVER yang PAKE QUAD CORE AHH siapa tau lebih Josss

asepyulisman

om apa perintah untuk menampilkan pesan seperti ini??

TOTALS
ICP : 0 Queries, 0 Hits (  0%)
HTTP: 2069808 Requests, 887340 Hits ( 43%)

oh iya om, kalau boleh tau paket apa saja yg om install? soalnya bandwidth om 6 mb ngak putus :D

serangku

itu bagian dari cachemanager …
kebetulan punya koneksi up to 16 mbps
di cut di max 6 mbps ... policy dari atas

utk paket, hanya lusca + sg saja

asepyulisman

om serangku  ;D

bandwidth aq mungkin terlimit sama captive portal,

soalnya tiap komputer di warnet aq kasih 350kbps, pas aq cuba buka youtube dan aq ptar yg ke dua kalinya

traficnya ngak naik, lalu aq coba kasih bandwidth di cp 5000 baru naik trafic bandwidthnya… ???

aq udah baca dari forum http://forum.pfsense.org/index.php/topic,26122.0.html tapi ngak ngerti damana mau di taroh file yg mau di edit itu??

mohon bantuannya om?? :'(

/*
    $Id$
    part of m0n0wall (http://m0n0.ch/wall)

    Copyrigth (C) 2009	    Ermal Luçi
    Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
    All rights reserved.

    Redistribution and use in source and binary forms, with or without
    modification, are permitted provided that the following conditions are met:

    1\. Redistributions of source code must retain the above copyright notice,
       this list of conditions and the following disclaimer.

    2\. Redistributions in binary form must reproduce the above copyright
       notice, this list of conditions and the following disclaimer in the
       documentation and/or other materials provided with the distribution.

    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    POSSIBILITY OF SUCH DAMAGE.
*/
/*
	pfSense_BUILDER_BINARIES:	/sbin/ipfw	
	pfSense_MODULE:	captiveportal
*/

require_once("auth.inc");
require_once("functions.inc");
require_once("captiveportal.inc");

$errormsg = "Invalid credentials specified.";

header("Expires: 0");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header("Connection: close");

$orig_host = $_ENV['HTTP_HOST'];
$orig_request = $_REQUEST['redirurl'];
$clientip = $_SERVER['REMOTE_ADDR'];

if (!$clientip) {
	/* not good - bail out */
	log_error("Captive portal could not determine client's IP address.");
	$error_message = "An error occurred.  Please check the system logs for more information.";
	portal_reply_page($redirurl, "error", $errormsg);
	exit;
}

if (isset($config['captiveportal']['httpslogin']))
    $ourhostname = $config['captiveportal']['httpsname'] . ":8001";
else {
    $ifip = portal_ip_from_client_ip($clientip);
    if (!$ifip)
    	$ourhostname = $config['system']['hostname'] . ":8000";
    else
    	$ourhostname = "{$ifip}:8000";
}

if ($orig_host != $ourhostname) {
    /* the client thinks it's connected to the desired web server, but instead
       it's connected to us. Issue a redirect... */

    if (isset($config['captiveportal']['httpslogin']))
        header("Location: https://{$ourhostname}/index.php?redirurl=" . urlencode("http://{$orig_host}{$orig_request}"));
    else
        header("Location: http://{$ourhostname}/index.php?redirurl=" . urlencode("http://{$orig_host}{$orig_request}"));

    exit;
}
if (preg_match("/redirurl=(.*)/", $orig_request, $matches))
    $redirurl = urldecode($matches[1]);
if ($_POST['redirurl'])
    $redirurl = $_POST['redirurl'];
if (!empty($config['captiveportal']['redirurl']))
	$redirurl = $config['captiveportal']['redirurl'];

$macfilter = !isset($config['captiveportal']['nomacfilter']);
$passthrumac = isset($config['captiveportal']['passthrumacadd']);

/* find MAC address for client */
$clientmac = arp_get_mac_by_ip($clientip);
if (!$clientmac && ($macfilter || $passthrumac)) {
    /* unable to find MAC address - shouldn't happen! - bail out */
    captiveportal_logportalauth("unauthenticated","noclientmac",$clientip,"ERROR");
    echo "An error occurred.  Please check the system logs for more information.";
    log_error("Captive portal could not determine client's MAC address.  Disable MAC address filtering in captive portal if you do not need this functionality.");
    exit;
}

/* find out if we need RADIUS + RADIUSMAC or not */
if (file_exists("{$g['vardb_path']}/captiveportal_radius.db")) {
    $radius_enable = TRUE;
    if (isset($config['captiveportal']['radmac_enable']))
        $radmac_enable = TRUE;
}

if ($_POST['logout_id']) {
	echo << <eod<br><title>Disconnecting...</title>

 **You have been disconnected.** 

EOD;
	captiveportal_disconnect_client($_POST['logout_id']);
	exit;
} else if ($clientmac && $radmac_enable && portal_mac_radius($clientmac,$clientip)) {
    /* radius functions handle everything so we exit here since we're done */
    exit;

} else if (portal_consume_passthrough_credit($clientmac)) {
    /* allow the client through if it had a pass-through credit for its MAC */
    captiveportal_logportalauth("unauthenticated",$clientmac,$clientip,"ACCEPT");
    portal_allow($clientip, $clientmac, "unauthenticated");

} else if ($_POST['accept'] && $_POST['auth_voucher']) {

    $voucher = trim($_POST['auth_voucher']);
    $timecredit = voucher_auth($voucher);
    // $timecredit contains either a credit in minutes or an error message
    if ($timecredit > 0) {  // voucher is valid. Remaining minutes returned
        // if multiple vouchers given, use the first as username
        $a_vouchers = split("[\t\n\r ]+",$voucher);
        $voucher = $a_vouchers[0];
        $attr = array( 'voucher' => 1,
                'session_timeout' => $timecredit*60,
                'session_terminate_time' => 0);
        if (portal_allow($clientip, $clientmac,$voucher,null,$attr)) {

            // YES: user is good for $timecredit minutes.
            captiveportal_logportalauth($voucher,$clientmac,$clientip,"Voucher login good for $timecredit min.");
        } else {
            portal_reply_page($redirurl, "error", $config['voucher']['msgexpired'] ? $config['voucher']['msgexpired']: $errormsg);
        }
    } else if (-1 == $timecredit) {  // valid but expired
        captiveportal_logportalauth($voucher,$clientmac,$clientip,"FAILURE","voucher expired");
        portal_reply_page($redirurl, "error", $config['voucher']['msgexpired'] ? $config['voucher']['msgexpired']: $errormsg);
    } else {
        captiveportal_logportalauth($voucher,$clientmac,$clientip,"FAILURE");
        portal_reply_page($redirurl, "error", $config['voucher']['msgnoaccess'] ? $config['voucher']['msgnoaccess'] : $errormsg);
    }

} else if ($_POST['accept'] && $radius_enable) {

    if ($_POST['auth_user'] && $_POST['auth_pass']) {
        $auth_list = radius($_POST['auth_user'],$_POST['auth_pass'],$clientip,$clientmac,"USER LOGIN");
	$type = "error";
	if (!empty($auth_list['url_redirection'])) {
		$redirurl = $auth_list['url_redirection'];
		$type = "redir";
	}

        if ($auth_list['auth_val'] == 1) {
            captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR",$auth_list['error']);
 	    portal_reply_page($redirurl, $type, $auth_list['error'] ? $auth_list['error'] : $errormsg);
        }
        else if ($auth_list['auth_val'] == 3) {
            captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE",$auth_list['reply_message']);
            portal_reply_page($redirurl, $type, $auth_list['reply_message'] ? $auth_list['reply_message'] : $errormsg);
        }
    } else {
        captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"ERROR");
        portal_reply_page($redirurl, "error", $errormsg);
    }

} else if ($_POST['accept'] && $config['captiveportal']['auth_method'] == "local") {

	//check against local user manager
	$loginok = local_backed($_POST['auth_user'], $_POST['auth_pass']);
    if ($loginok){
        captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"LOGIN");
        portal_allow($clientip, $clientmac,$_POST['auth_user']);
    } else {
        captiveportal_logportalauth($_POST['auth_user'],$clientmac,$clientip,"FAILURE");
        portal_reply_page($redirurl, "error", $errormsg);
    }
} else if ($_POST['accept'] && $clientip) {
    captiveportal_logportalauth("unauthenticated",$clientmac,$clientip,"ACCEPT");
    portal_allow($clientip, $clientmac, "unauthenticated");
} else {
    /* display captive portal page */
    portal_reply_page($redirurl, "login",null,$clientmac,$clientip);
}

exit;

?></eod<br></mk@neon1.net> 

serangku

om belum berani terapkan QoS pk CP …
kadung sudah up dan produksi
juga sudah terlalu banyak beban yg ditampung server
dari vlan, cp, otentikasi, dan beberapa package lainnya
khawatir megap2 itu server ...  ;D
jadi om belum bisa memberikan pendapat lain
mungkin bisa ditanyakan langsung di thread tsb.

asepyulisman

kalau solusi lainnya gimana om?

ada cara lain ngak om, buat management bandwidth selain di CP?

jangan marah ya om ;D

serangku

masih digodok …  ;)
banyak jalan menuju roma

utk step awal bisa dilihat thread ttg QoS yg ada ...

asepyulisman

seep om,

QoS itu apa yah om??

biar aq cari jalan tikus untuk menuju ke roma.. ;D ;D

serangku

QoS = Quality of Service
dengan kata lain gak beda jauh dengan Traffic Shaping

emang menyebalkan nyari settingan yg pas buat QoS
bukan berarti tidak bisa …
hanya belum ketemu yang pas ...  :)

poscom

semakin senang maen 64bit om kyknya ok banget lebih repson dengan lusca nya.
tos zph jg ok, server manteng trussssssss  :-*

fker50

om kok punya saya kok yutube nya gak mau nyimpen ya? masih seperti biasa gk pake lusca..bufer..
kalo pake yg pfsense 2.0-RC3 (i386) built on Tue Jun 21 16:50:25 EDT 2011 keren om.. bisa hit 70% an.. di trafik lan ampe 70 Mb

apa spek HW nya kurang memadai y om?

queues

@fker50:

om kok punya saya kok yutube nya gak mau nyimpen ya? masih seperti biasa gk pake lusca..bufer..
kalo pake yg pfsense 2.0-RC3 (i386) built on Tue Jun 21 16:50:25 EDT 2011 keren om.. bisa hit 70% an.. di trafik lan ampe 70 Mb

apa spek HW nya kurang memadai y om?

alo bro apa kabar? wah makin mantaap nih ngubek-ngubek PfSensenya, kalau boleh kasih komen HW segitu mah lebih dari memadai, udah coba pakai HDD 2 buah? Saya lagi mengikuti saran dari Om Serang dan Anto_DIGIT (thanks ya om anto atas link cara Install 2 HDD di PfSense), 1 HDD untuk System dan 1 lagi untuk Cache. Mesin MB ECS BS, AMD Athlon II X2 250 Processor, memory 2giga, 2 x HDD 80g Maxtor. PfSense 2.0 RC3 masih berjalan di warnet saya udh 1 bulan. cm masih terasa lebih nyaman pas pakai 1 HDD.

@ om anto_Digit dan Serangku
setelah saya coba pakai 2 HDD dengan HW seperti yg saya sebutkan diatas, lebih nyaman sewaktu pakai 1 HDD, knp ya? apa gara2 saya buat cache Managemntnya menjadi Coss di HDD pertama dicampur dengan sytem, 1 HDD lagi aufs hanya utk cache. Mohon Diterawang om :D