Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SquidGuard increases latency and reduces bandwidth

    Scheduled Pinned Locked Moved Cache/Proxy
    4 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      ghachey
      last edited by

      Hi;

      AFAIK I've read all posts similar to this issue but nothing helped so far. The culprit seems to be squidGuard. When I enable the service I incur an increase from 31ms latency (without squidGuard) to 275ms latency (squidGuard enabled) and a reduction in bandwidth from 5Mbps to anywhere between 1Mbps to 4.5Mbps. Deactivating the squidguard returns things to normal in a consistant manner.

      The current only configurations used on squidGuard are:

      • Enable blacklist with Shallalist (default allow all with only juicy material blocked)
      • Do not allow IP

      I did play a lot with configuration I had previously no experience with. I tried removing and re-installing squidGuard to no avail.

      I have experimented various Squid options but none had any effect. It is now configured as explicit proxy with slightly increased cache sizes though I like said playing with these had no effect. Only the squidGuard service seems to cause issue.

      I currently am only testing with a single user.

      I use 2.2.3-RELEASE (amd64) based on FreeBSD 10.1-RELEASE-p13 though it was upgraded from 2.1 -> 2.2 and now 2.2.3 all the while doing a fair amount of configuration experimentation. Other things in use on this firewall is FreeRADIUS2 with LDAP connection working great, captive portal with RADIUS auth working great, ntopng working fine, lightsquid seems to report ok. Firewall only default rules with opened SSH to one server. DHCP basic setup with WPAD. DNS forwarder just has a bunch entries and DNS seems to work flawlessly.

      The machine as a total of 2GB of RAM with 512 dedicated to Squid and no signs of resource stretching from output of top. The CPU is a Intel(R) Celeron(R) 1037U @ 1.80GHz and does not seem to break a sweat. It runs in a KVM virtual machine o Debian which otherwise runs beautifully.

      Is this a necessary cost when doing filtering? it seem very excessive especially for a single user.

      I am about the trash everything and re-do all my config from scratch on a new installation but would like to hear if any one has some insight on this issue.

      Thank you.

      1 Reply Last reply Reply Quote 0
      • H
        Harvy66
        last edited by

        When you say a latency increase, do you mean an ICMP ping increase?

        What's your harddrive activity like? What's your virtual memory usage?

        1 Reply Last reply Reply Quote 0
        • G
          ghachey
          last edited by

          Yes. As measured by speedtest.net. I assume they simply conduct a ICMP ping to nearest server.

          Virtual Memory (if you mean swap) is configured at 4G but none of it used whether or no squidGuard is enabled.

          Hard disk is a healthy 256GB SSD which otherwise is fast and causes no problems. iostat reports the following little activity.

          # iostat
                 tty             md0             ada0              cd0             cpu
           tin  tout  KB/t tps  MB/s   KB/t tps  MB/s   KB/t tps  MB/s  us ni sy in id
             0     3  0.00   1  0.00  28.23  25  0.68   1.18   0  0.00   2  1  4  0 93
          

          iostat reports the same whether I work with or without squidGuard enabled.

          1 Reply Last reply Reply Quote 0
          • G
            ghachey
            last edited by

            I re-installed and re-configured everything from scratch almost identically and now it is working on the fresh setup. I no longer see the drastic latency increase and bandwidth decrease with squidGuard. I believe I had a completely broken setup. I was using Captive Portal along side Squid which is known to be broken last I check. No idea if this was the issue and no idea how I even got it to work at all. Anyway, the original problem of this post is gone and I have since disabled captive portal and replaced it with squid3 / RADIUS authentication / squidGuard. Works nicely.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.