[squid-users] Solaris tuning

From: Daniel Baldoni <dbaldoni@dont-contact.us>
Date: Sun, 09 Dec 2001 18:48:48 +0800

G'day folks,

I have recently rebuilt a couple of Squid (2.4STABLE2) servers on Solaris 8
boxes for a client. Each of the systems has 1GB RAM (cache_mem is set to
256MB or 300MB), driving about 45GB of cache directories (using aufs on
3x18GB drives) and has had rlim_fd_max set to 8192 (in /etc/system). Each
proxy serves several hundred (thousand(?)) users with almost no control on
what passes through it (i.e. fetched objects can be any size). The systems
are in a sibling relationship with each other (with 12Mb/s links between
them) and 100Mb/s on their respective "LANs". They are also sibling
relationships with a number of other organisations here in Perth - other
than that, they are not in any formal cache hierarchy.

Since they were setup, I came across a rather good document about tuning
TCP/IP stacks (http://www.enteract.com/~robt/Docs/Articles/ip-stack-tuning.html)
and I'd be interested in any feedback on the following.

The variables mentioned, along with the suggested and default (for Solaris 8)
values are (I queried a "typical" system running Solaris 8 4/01 for the
defaults):

    Variable Name Suggested Default
    =============================================================
    tcp_xmit_hiwat 32768 16384
    tcp_recv_hiwat 32768 24576
    tcp_conn_req_max_q 1024 128
    tcp_conn_req_max_q0 2048 1024
    tcp_time_wait_interval 60000 240000
    arp_cleanup_interval 60000 300000
    ip_ignore_redirect 1 0
    ip_send_redirects 0 1
    ip_forward_src_routed 0 1
    ip_respond_to_echo_broadcast 0 1
    ip_respond_to_address_mask_broadcast 0 0
    ip_respond_to_timestamp_broadcast 0 1

From my reading of the Solaris Tunables Paramaters Reference Manual
(http://docs.sun.com/ab2/coll.736.1/SOLTUNEPARAMREF), I'm very confident
that the first two in particular would have an impact on Squid's potential
throughput. Having said that, I notice that Squid calls setsockopt() with
SO_RCVBUF (cancelling out any use of tcp_recv_hiwat) but I can't find any
use of SO_SNDBUF - is it worth adjusting tcp_xmit_hiwat?

I believe the suggested values for the latter three tcp_* variables are good
ones but I admit to not being anywhere near an expert in this area. Again,
any suggestions would be much appreciated.

The majority of the ip_* variables are more security related (the original
document was about protecting UNIX servers from network attacks) - but I
don't know enough about Squid's "internal" networking (e.g. between servers)
to determine if any of these settings may in fact break some aspect of Squid.
Any hints?

And, to further complicate things, YASSP's suggested values include:
        tcp_fin_wait_2_flush_interval 67500
        tcp_ip_abort_cinterval 60000
        tcp_ip_abort_interval 600000
        tcp_keepalive_interval 3600000
        tcp_rexmit_interval_initial 3000
        tcp_rexmit_interval_max 60000
        tcp_rexmit_interval_min 2000
        tcp_slow_start_after_idle 2
        tcp_slow_start_initial 2
        tcp_smallest_anon_port 8192
        tcp_time_wait_interval 60000
        udp_smallest_anon_port 8192
        ip_icmp_err_interval 0
        ip_ire_pathmtu_interval 600000
        ip_forward_directed_broadcasts 0
        ip_respond_to_timestamp 0
        ip_ire_flush_interval 120000
        ip_ire_arp_interval 120000
        udp_xmit_hiwat 32768
        udp_recv_hiwat 32768

I'm very unsure about the potential impact some of the above timeouts might
have on the proxies' respective performance levels.

Now, let's complicate things even further. Once I got stuck into the
Tunables Manual, I kept on reading (always a bad thing <grin>). I am now
wondering about the potential benefits (or pitfalls?) of reducing maxusers
down to say, 64 (or maybe even lower).

So, if anybody has had experience with these tidbits, any comments would be
much appreciated. Thanks in advance.

-------------------------------------------------------+---------------------
Daniel Baldoni BAppSc, PGradDipCompSci | Technical Director
require 'std/disclaimer.pl' | LcdS Pty. Ltd.
-------------------------------------------------------+ 856B Canning Hwy
Phone/FAX: +61-8-9364-8171 | Applecross
Mobile: 041-888-9794 | WA 6153
URL: http://www.lcds.com.au/ | Australia
-------------------------------------------------------+---------------------
"Any time there's something so ridiculous that no rational systems programmer
 would even consider trying it, they send for me."; paraphrased from "King Of
 The Murgos" by David Eddings. (I'm not good, just crazy)
Received on Sun Dec 09 2001 - 03:44:50 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:17 MST