On Mon, 27 Jun 2011 15:40:10 +0800, ICT Department wrote:
> Hi,
>
>
>
> I am very confused now as to why 99% of https access has 503, even
> yahoo
> which is very fast..
>
> This problem arises when my network is at peak use. This problem
> arises when
> I upgraded my connection from
>
> Copper connection 4mbps to Fiber optic 6mbps. Hope could someone
> point me
> to the right direction. Thank you.
>
503 is "Service Unable". On CONNECT requests for Squid that means the
TCP connection to that IP address could not be opened. The 59 second
duration for those requests indicate a TCP setup timeout is happening.
Next steps I'd look at is PMTU issues between you and that server.
Squid-3.1 does IPv6. So if you have that incorrectly disabled Squid
could be failing to connect to that IPv4-only destination over an IPv6
socket.
NP: (rant warning) if you followed most any online tutorial for
disabling IPv6 in RHEL. Most only go so far as to make the kernel drop
IPv6 packets. Rather than actually turning the OFF kernel control which
would inform the relevant software that it cannot use IPv6 ports. So it
sends a packet, and waits... and waits...
(and yes I know you are connecting to an IPv4 host. Linux "hybrid
stack" which Squid uses can use IPv6 sockets to contact IPv4 space).
>
> Access.log
>
> 1309159630.003 59632 192.168.100.33 TCP_MISS/503 0 CONNECT
> 124.102.69.115:443 - DIRECT/124.102.69.115 -
>
> 1309159630.003 59629 192.168.100.33 TCP_MISS/503 0 CONNECT
> 140.127.205.122:443 - DIRECT/140.127.205.122 -
>
> 1309159632.000 59480 192.168.100.33 TCP_MISS/503 0 CONNECT
> 218.226.219.106:443 - DIRECT/218.226.219.106 -
>
> 1309159632.000 59996 192.168.10.105 TCP_MISS/503 0 CONNECT
> login.yahoo.com:443 - DIRECT/124.108.120.31 -
>
> 1309159636.001 59997 192.168.100.84 TCP_MISS/503 0 CONNECT
> www.facebook.com:443 - DIRECT/69.171.228.11 -
>
> 1309159644.000 59906 192.168.100.58 TCP_MISS/503 0 CONNECT
> us.data.toolbar.yahoo.com:443 - DIRECT/98.137.53.23 -
>
> 1309159656.002 59085 192.168.100.33 TCP_MISS/503 0 CONNECT
> 118.167.16.72:443 - DIRECT/118.167.16.72 -
>
>
>
> My squid is compiled with
>
> Squid Cache: Version 3.1.12
>
> configure options: '--build=i686-redhat-linux-gnu'
> '--host=i686-redhat-linux-gnu' '--target=i386-redhat-linux-gnu'
> '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr'
> '--bindir=/usr/bin'
> '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--includedir=/usr/include'
> '--libdir=/usr/lib' '--libexecdir=/usr/libexec'
> '--sharedstatedir=/usr/com'
> '-mandir=/usr/share/man' '--infodir=/usr/share/info'
> '--exec_prefix=/usr'
> '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid'
> '--localstatedir=/var'
> '--datadir=/usr/share' '--sysconfdir=/etc/squid'
> '--enable-removal-policies=heap,lru'
> '--enable-storeio=aufs,diskd,ufs'
> '--enable-ssl' '--with-openssl=/usr/kerberos' '--enable-delay-pools'
> '--enable-linux-netfilter' '--with-pthreads'
> '--enable-ntlm-auth-helpers=fakeauth'
>
> '--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group'
> '--enable-auth=basic,digest,ntlm,negotiate'
> '--enable-negotiate-auth-helpers=squid_kerb_auth'
> '--enable-digest-auth-helpers=password'
> '--with-winbind-auth-challenge'
> '--enable-useragent-log' '--enable-referer-log'
> '--disable-dependency-tracking'
> '--enable-cachemgr-hostname=localhost'
> '--enable-underscores' '--enable-useragent_log'
>
> '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain
> -NTLM,SASL' '--enable-cache-digests' '--disable-ident-lookups'
> '--with-large-files' '--enable-gnuregex'
> '--disable-follow-x-forwarded-for'
> '--enable-fd-config' '--with-maxfd=16384' '--enable-internal-dns'
> 'build_alias=i686-redhat-linux-gnu'
> 'host_alias=i686-redhat-linux-gnu'
> 'target_alias=i386-redhat-linux-gnu' --with-squid=/root/squid-3.1.12
> --enable-ltdl-convenience
Amos
Received on Mon Jun 27 2011 - 23:46:34 MDT
This archive was generated by hypermail 2.2.0 : Tue Jun 28 2011 - 12:00:02 MDT