G'day folks,
I have recently rebuilt a couple of Squid (2.4STABLE2) servers on Solaris 8
boxes for a client. Each of the systems has 1GB RAM (cache_mem is set to
256MB or 300MB), driving about 45GB of cache directories (using aufs on
3x18GB drives) and has had rlim_fd_max set to 8192 (in /etc/system). Each
proxy serves several hundred (thousand(?)) users with almost no control on
what passes through it (i.e. fetched objects can be any size). The systems
are in a sibling relationship with each other (with 12Mb/s links between
them) and 100Mb/s on their respective "LANs". They are also sibling
relationships with a number of other organisations here in Perth - other
than that, they are not in any formal cache hierarchy.
Since they were setup, I came across a rather good document about tuning
TCP/IP stacks (http://www.enteract.com/~robt/Docs/Articles/ip-stack-tuning.html)
and I'd be interested in any feedback on the following.
The variables mentioned, along with the suggested and default (for Solaris 8)
values are (I queried a "typical" system running Solaris 8 4/01 for the
defaults):
Variable Name Suggested Default
=============================================================
tcp_xmit_hiwat 32768 16384
tcp_recv_hiwat 32768 24576
tcp_conn_req_max_q 1024 128
tcp_conn_req_max_q0 2048 1024
tcp_time_wait_interval 60000 240000
arp_cleanup_interval 60000 300000
ip_ignore_redirect 1 0
ip_send_redirects 0 1
ip_forward_src_routed 0 1
ip_respond_to_echo_broadcast 0 1
ip_respond_to_address_mask_broadcast 0 0
ip_respond_to_timestamp_broadcast 0 1
From my reading of the Solaris Tunables Paramaters Reference Manual
(http://docs.sun.com/ab2/coll.736.1/SOLTUNEPARAMREF), I'm very confident
that the first two in particular would have an impact on Squid's potential
throughput. Having said that, I notice that Squid calls setsockopt() with
SO_RCVBUF (cancelling out any use of tcp_recv_hiwat) but I can't find any
use of SO_SNDBUF - is it worth adjusting tcp_xmit_hiwat?
I believe the suggested values for the latter three tcp_* variables are good
ones but I admit to not being anywhere near an expert in this area. Again,
any suggestions would be much appreciated.
The majority of the ip_* variables are more security related (the original
document was about protecting UNIX servers from network attacks) - but I
don't know enough about Squid's "internal" networking (e.g. between servers)
to determine if any of these settings may in fact break some aspect of Squid.
Any hints?
And, to further complicate things, YASSP's suggested values include:
tcp_fin_wait_2_flush_interval 67500
tcp_ip_abort_cinterval 60000
tcp_ip_abort_interval 600000
tcp_keepalive_interval 3600000
tcp_rexmit_interval_initial 3000
tcp_rexmit_interval_max 60000
tcp_rexmit_interval_min 2000
tcp_slow_start_after_idle 2
tcp_slow_start_initial 2
tcp_smallest_anon_port 8192
tcp_time_wait_interval 60000
udp_smallest_anon_port 8192
ip_icmp_err_interval 0
ip_ire_pathmtu_interval 600000
ip_forward_directed_broadcasts 0
ip_respond_to_timestamp 0
ip_ire_flush_interval 120000
ip_ire_arp_interval 120000
udp_xmit_hiwat 32768
udp_recv_hiwat 32768
I'm very unsure about the potential impact some of the above timeouts might
have on the proxies' respective performance levels.
Now, let's complicate things even further. Once I got stuck into the
Tunables Manual, I kept on reading (always a bad thing <grin>). I am now
wondering about the potential benefits (or pitfalls?) of reducing maxusers
down to say, 64 (or maybe even lower).
So, if anybody has had experience with these tidbits, any comments would be
much appreciated. Thanks in advance.
-------------------------------------------------------+---------------------
Daniel Baldoni BAppSc, PGradDipCompSci | Technical Director
require 'std/disclaimer.pl' | LcdS Pty. Ltd.
-------------------------------------------------------+ 856B Canning Hwy
Phone/FAX: +61-8-9364-8171 | Applecross
Mobile: 041-888-9794 | WA 6153
URL: http://www.lcds.com.au/ | Australia
-------------------------------------------------------+---------------------
"Any time there's something so ridiculous that no rational systems programmer
would even consider trying it, they send for me."; paraphrased from "King Of
The Murgos" by David Eddings. (I'm not good, just crazy)
Received on Sun Dec 09 2001 - 03:44:50 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:17 MST