SquidGuard increases latency and reduces bandwidth
-
Hi;
AFAIK I've read all posts similar to this issue but nothing helped so far. The culprit seems to be squidGuard. When I enable the service I incur an increase from 31ms latency (without squidGuard) to 275ms latency (squidGuard enabled) and a reduction in bandwidth from 5Mbps to anywhere between 1Mbps to 4.5Mbps. Deactivating the squidguard returns things to normal in a consistant manner.
The current only configurations used on squidGuard are:
- Enable blacklist with Shallalist (default allow all with only juicy material blocked)
- Do not allow IP
I did play a lot with configuration I had previously no experience with. I tried removing and re-installing squidGuard to no avail.
I have experimented various Squid options but none had any effect. It is now configured as explicit proxy with slightly increased cache sizes though I like said playing with these had no effect. Only the squidGuard service seems to cause issue.
I currently am only testing with a single user.
I use 2.2.3-RELEASE (amd64) based on FreeBSD 10.1-RELEASE-p13 though it was upgraded from 2.1 -> 2.2 and now 2.2.3 all the while doing a fair amount of configuration experimentation. Other things in use on this firewall is FreeRADIUS2 with LDAP connection working great, captive portal with RADIUS auth working great, ntopng working fine, lightsquid seems to report ok. Firewall only default rules with opened SSH to one server. DHCP basic setup with WPAD. DNS forwarder just has a bunch entries and DNS seems to work flawlessly.
The machine as a total of 2GB of RAM with 512 dedicated to Squid and no signs of resource stretching from output of top. The CPU is a Intel(R) Celeron(R) 1037U @ 1.80GHz and does not seem to break a sweat. It runs in a KVM virtual machine o Debian which otherwise runs beautifully.
Is this a necessary cost when doing filtering? it seem very excessive especially for a single user.
I am about the trash everything and re-do all my config from scratch on a new installation but would like to hear if any one has some insight on this issue.
Thank you.
-
When you say a latency increase, do you mean an ICMP ping increase?
What's your harddrive activity like? What's your virtual memory usage?
-
Yes. As measured by speedtest.net. I assume they simply conduct a ICMP ping to nearest server.
Virtual Memory (if you mean swap) is configured at 4G but none of it used whether or no squidGuard is enabled.
Hard disk is a healthy 256GB SSD which otherwise is fast and causes no problems. iostat reports the following little activity.
# iostat tty md0 ada0 cd0 cpu tin tout KB/t tps MB/s KB/t tps MB/s KB/t tps MB/s us ni sy in id 0 3 0.00 1 0.00 28.23 25 0.68 1.18 0 0.00 2 1 4 0 93iostat reports the same whether I work with or without squidGuard enabled.
-
I re-installed and re-configured everything from scratch almost identically and now it is working on the fresh setup. I no longer see the drastic latency increase and bandwidth decrease with squidGuard. I believe I had a completely broken setup. I was using Captive Portal along side Squid which is known to be broken last I check. No idea if this was the issue and no idea how I even got it to work at all. Anyway, the original problem of this post is gone and I have since disabled captive portal and replaced it with squid3 / RADIUS authentication / squidGuard. Works nicely.