On Wed, 30 Mar 2005 13:43:42 +0700, dwi amk <dwi.amk@gmail.com> wrote:
> On Tue, 29 Mar 2005 11:18:15 +0200 (CEST), Henrik Nordstrom
> <hno@squid-cache.org> wrote:
> > On Mon, 28 Mar 2005, dwi amk wrote:
> >
> > > I think I'm in this situation right now, pinging back to normal when I
> > > stop squid, but after several hours ping increasing to the number
> > > let's say more than 10000ms.
> >
> > Then you most likely have some kinds of requests clogging up your
> > bandwidth. By stopping Squid you stop all ongoing requests at the time.
> >
> > This should not be DNS releated at all.
> >
> > You can use the cachemgr vm_objects function to see currently ongoing
> > requests. You should also see them in access.log when you shut down Squid.
> >
> > Regards
> > Henrik
>
>
> What I don't understand that is that it happens recently, I never
> experience like this before. If Henrik said this not DNS related at
> all, then I suspect it's worm or something alike.
Personally, I would set up a sniffer and traffic analysis tool (e.g. ntop) to
track which internal and Internet hosts and ports are the primary users
of bandwidth before/during the slowdown incidents.
> If so how to prevent
> something like this happening, I put in ACL all things around how to
> deny or even tcp_reset worm,spam or alike that i found from searching.
> FYI my Page faults with physical i/o: 0 is always zero or 1.
If the problem directly correlates with squid, then the troublesome traffic
should also be associable with squid. Between checking access_log for
completed requests, and as Henrik suggested, cachemgr vm_objects
for currently active requests, you should see any unusual traffic.
For example, is it possible that somebody on your network is pushing a
very high volume of upload traffic?
For example, I recently noticed a several gigabyte per week spike in
upload traffic out to the Internet; turned out that Limewire can be configured
to be proxy aware and can share files out to the Internet through a proxy
using the SSL "CONNECT" functionality.
Upload congestion will cause latency issues, particularly for satellite users,
and squid doesn't make it easy to track upload bandwidth. You'll need to
use OS-specific tools to isolate and address the problem; I could suggest
approaches for OpenBSD (pf with CBQ and ACK prioritization) but this
isn't really the appropriate forum for such a discussion.
Kevin Kadow
Received on Wed Mar 30 2005 - 00:46:23 MST
This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:03 MST