Re: [squid-users] Loads of TCP_MISS on files that should be hit

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 09 Jan 2013 23:22:23 +1300

On 9/01/2013 9:43 p.m., Victor wrote:
> Hello
>
> After spending hours configuring squid 3.2.5, I only get TCP_MISS. To
> narrow the problem, I will focus on one PNG file that I want cached, but
> note that I get TCP_MISS for 99% of my requests, not only PNG files.
> Refreshing doesn’t help, it never gets a TCP_HIT.
>
> 1357671721.566 127 127.0.0.1 TCP_MISS/200 618 GET
> http://flags.tatoeba.org/img/flags/epo.png - HIER_DIRECT/86.65.39.22
> image/png
>
> in cache.log, I get:
<snip>
> 2013/01/09 09:27:04.757 kid1| http.cc(732) processReplyHeader:
> HTTP Server local=192.168.1.13:56799 remote=86.65.39.22:80 FD 13
> flags=1
> 2013/01/09 09:27:04.757 kid1| http.cc(733) processReplyHeader:
> HTTP Server REPLY:
> ---------
> HTTP/1.1 200 OK
> Date: Wed, 09 Jan 2013 08:27:24 GMT
> Server: Apache/2.2.16 (Debian)
> Accept-Ranges: bytes
> Content-Length: 219
> Vary: User-Agent
> Expires: Fri, 10 Jan 2014 00:00:00 GMT
> Cache-Control: public, no-transform
> Content-Type: image/png
> Via: 1.1 tatoeba.fsffrance.org
> Keep-Alive: timeout=15, max=100
> Connection: Keep-Alive
>
> �PNG
> 
>

This particular object is likely a MISS because it says Vary:User-Agent.
This is a rather unfriendly action for a site to take, it means that
even a single byte of diffference in two clients User-Agent header cause
a MISS and replaces the cached content with new data (which will likely
MISS on the next client too).

> And this is my config file:
>
> cache_effective_user squid
> cache_effective_group squid
> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
> acl localnet src 172.16.0.0/12 # RFC1918 possible internal
> network
> acl localnet src 192.168.0.0/16 # RFC1918 possible internal
> network
> acl localnet src fc00::/7 # RFC 4193 local private network range
> acl localnet src fe80::/10 # RFC 4291 link-local (directly
> plugged) machines
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 901 # SWAT
> acl CONNECT method CONNECT
> http_access allow localhost manager
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> debug_options ALL,1 11,3 31,3 65,3
> http_access allow localnet
> http_access allow localhost
> http_access deny all
> http_port 3303
> cache_dir ufs /var/cache/squid 600 16 256
> cache_mem 256 MB
> coredump_dir /var/cache/squid
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern -i \.(gif|png|jpg|jpeg|ico|bmp)$ 260000 90%
> 260009 override-expire ignore-no-cache ignore-no-store
> ignore-private

In 3.2 "ignore-no-cache" is now ignored. The Cache-Control:no-cache
header *actually* tells Squid to revalidate the object before sending
(this MAY result in a MISS if the object has changed, or in a REFRESH /
304 status if the server object has not).

override-expires tells Squid to ignore the Expires header, in the object
in your log above Expires is the only thing provided to Squid indicating
that the objet is storable. Ignoring it may lead to MISS for objects
without Cache-Control which rely on it for storage timing (like the PNG
above does).

ignore-private - this is a very dangerous thing to do. Even things like
images may have drastic unwanted side effects. Think about security
Captcha systems ... what happens when you force serving the client a
cached image there? Just about every file type has some problem when you
generalize it across the entire Internet. If you have to use this
directive at all make the pattern as specific as possible to the problem
case.

> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
>
> Note that I doubled check that my cache directories belonged to
> squid:squid and their size slowly grows when I am using squid, yet I get
> a TON of tcp_miss, even on cacheable sites (such aswww.lci.fr)
> Any idea?
>

Okay. So the objects are being cached, but not served from there.
In 3.2.5 debug_options 22,3 should give you the stale.fresh outcomes
from the cache check.

Amos
Received on Wed Jan 09 2013 - 10:22:31 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 09 2013 - 12:00:07 MST