Forum @ Linux.Or.Id

[glacio]

Apa benar TCP_MISS merupakan gejala adanya kesalahan pada sytem proxy? berikut access.log nya :

917036967.910 3063 192.168.0.16 TCP_MISS/200 6381 GET images/smilies/pelug_t.png - DIRECT/67.19.121.27 image/png
917036967.910 3063 192.168.0.16 TCP_MISS/200 5304 GET images/smilies/tux.png - DIRECT/67.19.121.27 image/png
917036969.232 4385 192.168.0.16 TCP_MISS/200 5571 GET images/smilies/timetux200x200_t.png - DIRECT/67.19.121.27 image/png

Mohon pencerahan dari rekan2 semua nya cara menigkatkan performa proxy dan apa maksud dari tcp miss/200 ?

[fai]

Silahkan pelajarin...

TCP_HIT A valid copy of the requested object was in the cache.

TCP_MISS The requested object was not in the cache.

TCP_REFRESH_HIT The requested object was cached but STALE. The IMS query for the object resulted in "304 not modified".

TCP_REFRESH_FAIL_HIT The requested object was cached but STALE. The IMS query failed and the stale object was delivered.

TCP_REFRESH_MISS The requested object was cached but STALE. The IMS query returned the new content.

TCP_CLIENT_REFRESH_MISS The client issued a "no-cache" pragma, or some analogous cache control command along with the request. Thus, the cache has to refetch the object.

TCP_IMS_HIT The client issued an IMS request for an object which was in the cache and fresh.

TCP_SWAPFAIL_MISS The object was believed to be in the cache, but could not be accessed.

TCP_NEGATIVE_HIT Request for a negatively cached object, e.g. "404 not found", for which the cache believes to know that it is inaccessible. Also refer to the explainations for negative_ttl in your squid.conf file.

TCP_MEM_HIT A valid copy of the requested object was in the cache and it was in memory, thus avoiding disk accesses.

TCP_DENIED Access was denied for this request.

TCP_OFFLINE_HIT The requested object was retrieved from the cache during offline mode. The offline mode never validates any object, see offline_mode in squid.conf file.

TCP_STALE_HIT The object was cached and served stale. This is usually caused by stale-while-revalidate or stale-if-error.

TCP_ASYNC_HIT A background request (e.g., one started by stale-while-revalidate) resulted in a refresh hit.

TCP_ASYNC_MISS A background request (e.g., one started by stale-while-revalidate) resulted in a miss; i.e., the cached object (if any) was updated).

UDP_HIT A valid copy of the requested object was in the cache.

UDP_MISS The requested object is not in this cache.

UDP_DENIED Access was denied for this request.

UDP_INVALID An invalid request was received.

UDP_MISS_NOFETCH During "-Y" startup, or during frequent failures, a cache in hit only mode will return either UDP_HIT or this code. Neighbours will thus only fetch hits.

NONE Seen with errors and cachemgr requests.

The following codes are no longer available in Squid-2:

ERR_* Errors are now contained in the status code.

TCP_CLIENT_REFRESH See: TCP_CLIENT_REFRESH_MISS.

TCP_SWAPFAIL See: TCP_SWAPFAIL_MISS.

TCP_IMS_MISS Deleted, now replaced with TCP_IMS_HIT.

UDP_HIT_OBJ Refers to an old version that would send cache hits in ICP replies. No longer implemented.

UDP_RELOADING See: UDP_MISS_NOFETCH.

[glacio]

Terimakasih mas fai keterangannya , lalu bagaimana langkah selanjutnya untuk memperbaiki kinerja proxy saya? karena saya merasa koneksi malah lebih lambat jika lewat proxy ini.

[njep]

apa menggunakan parent - sibling untuk konfigurasinya?
klo buat tuning, coba deh liat di thread squid performance

[glacio]

apa menggunakan parent - sibling untuk konfigurasinya?
klo buat tuning, coba deh liat di thread squid performance

Nah masalahnya saya belum tahu bnyak dengan istilah2 diatas mas karena saya baru kenal dengan mahkluk linux ini
saya cek /etc/squid/squid.conf terdapat banyak command not found

/etc/squid/squid.conf: line 2: http_port: command not found
/etc/squid/squid.conf: line 3: icp_port: command not found
/etc/squid/squid.conf: line 4: acl: command not found
/etc/squid/squid.conf: line 5: no_cache: command not found
/etc/squid/squid.conf: line 7: cache_mem: command not found
/etc/squid/squid.conf: line 8: cache_swap_low: command not found
/etc/squid/squid.conf: line 9: cache_swap_high: command not found
/etc/squid/squid.conf: line 10: maximum_object_size: command not found
/etc/squid/squid.conf: line 11: ipcache_size: command not found
/etc/squid/squid.conf: line 12: ipcache_low: command not found
/etc/squid/squid.conf: line 13: ipcache_high: command not found
/etc/squid/squid.conf: line 14: fqdncache_size: command not found
/etc/squid/squid.conf: line 17: httpd_accel_host: command not found
/etc/squid/squid.conf: line 18: httpd_accel_port: command not found
/etc/squid/squid.conf: line 19: httpd_accel_with_proxy: command not found
/etc/squid/squid.conf: line 20: httpd_accel_uses_host_header: command not found
/etc/squid/squid.conf: line 23: cache_dir: command not found
/etc/squid/squid.conf: line 25: redirect_rewrites_host_header: command not found
/etc/squid/squid.conf: line 27: cache_replacement_policy: command not found
/etc/squid/squid.conf: line 29: cache_access_log: command not found
/etc/squid/squid.conf: line 30: cache_log: command not found
/etc/squid/squid.conf: line 31: cache_store_log: command not found
/etc/squid/squid.conf: line 34: cache_store_log: command not found
/etc/squid/squid.conf: line 37: emulate_httpd_log: command not found
/etc/squid/squid.conf: line 39: log_mime_hdrs: command not found
/etc/squid/squid.conf: line 40: pid_filename: command not found
/etc/squid/squid.conf: line 41: debug_options: command not found
/etc/squid/squid.conf: line 42: log_fqdn: command not found
/etc/squid/squid.conf: line 43: ftp_user: command not found
/etc/squid/squid.conf: line 44: refresh_pattern: command not found
/etc/squid/squid.conf: line 45: refresh_pattern: command not found
/etc/squid/squid.conf: line 46: syntax error near unexpected token `('
/etc/squid/squid.conf: line 46: `refresh_pattern -i \.(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire'

Sedangkan isi cat /etc/squid/squid.conf

http_port 8080
icp_port 3130
acl QUERY urlpath_regex cgi-bin \?
no_cache allow QUERY

cache_mem 128 MB
cache_swap_low 80
cache_swap_high 100
maximum_object_size 1024 KB
ipcache_size 2048
ipcache_low 70
ipcache_high 75
fqdncache_size 1024

# --- for transparent proxy purposes
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

# --- cachedir jadi 8000MB (8 gigs)
cache_dir ufs /cache 13000 64 256

redirect_rewrites_host_header off
#icon_directory /usr/lib/squid/icons
cache_replacement_policy GDSF

cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
#cache_log /var/log/cache.log
#cache_access_log /var/log/access.log
cache_store_log none


emulate_httpd_log off
#mime_table /etc/squid/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn off
ftp_user anonymous@somewhere
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i \.(class|css|js|gif|jpg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(jpe|jpeg|png|bmp|tif)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(tiff|mov|avi|qt|mpeg)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(mpg|mpe|wav|au|mid)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(zip|gz|arj|lha|lzh)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(rar|tgz|tar|exe|bin)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(hqx|pdf|rtf|doc|swf)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(inc|cab|ad|txt|dll)$ 10080 100% 43200 override-expire
refresh_pattern -i \.(asp|acgi|pl|shtml|php3|php)$ 2 20% 4320 reload-into-ims
refresh_pattern . 0 20% 4320
#reference_age 1.5 days

quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minutes
range_offset_limit 0 KB
connect_timeout 120 seconds
#siteselect_timeout 4 seconds
read_timeout 15 minutes
request_timeout 6666660 seconds
client_lifetime 1 day
half_closed_clients off
pconn_timeout 120 seconds
shutdown_lifetime 60 seconds

#cache_peer xxx.xxx.xxx.xxx parent 3128 3130 no-query
prefer_direct off


#acl tolak urlpath_regex -i
acl tolak urlpath_regex -i \.mpg$ \.iso$ \.gz$ \.wmv$ \.gsz$ \.mpe$ \.yim$ \.avi$ \.mpeg$

acl all src 0.0.0.0/0.0.0.0
acl user src 192.168.0.0/255.255.255.0
acl mailyhoo url_regex mail.yahoo.com
no_cache deny mailyhoo

acl gropyhoo url_regex groups.yahoo.com
no_cache deny gropyhoo
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443
acl Safe_ports port 23 210 70 80 563 443 445 800 8383 8900-65535
acl CONNECT method CONNECT
#acl pert src 202.155.114.0/24

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow SSL_ports
http_access allow localhost
http_access allow user
http_access deny tolak

#http_access allow pert
cache_mgr moel@indosatm2.com
cache_effective_user squid
cache_effective_group squid
http_access deny all
icp_access allow all
miss_access allow all

# Delay Pools (Bandwidth Throttling)
##### DELAY POOLS ######
acl download url_regex -i ftp \.exe$ \.mp3$ \.vqf$ \.tar.gz$ \.wmv$ \.tar.bz$ \.tar.bz2$ \.gz$ \.rpm$ \.zip$
acl download url_regex -i \.rar$ \.avi$ \.mpeg$ \.mpe$ \.mpg$ \.qt$ \.ram$ \.rm$ \.iso$ \.raw$ \.wav$ \.tar$ \.doc$
acl download url_regex -i \.ppt$ \.z$ \.wmf$ \.mov$ \.arj$ \.lzh$ \.gzip$ \.bin$ \.wma$

##### MASTER #####
delay_pools 2
delay_class 1 2
delay_parameters 1 8000/8000 6000/8000
delay_access 1 allow download
delay_access 1 deny all

delay_class 2 2
delay_parameters 2 25000/25000 10000/16000 #200kb/200kb 80Kb/128Kb
delay_access 2 allow user
delay_access 2 deny all


#We don't want to limit downloads on our local network
acl iclient url_regex -i 192.100

apakah ada yng tidak beres dengan setingan squid saya sehingga akses via squid terasa sangat lamabat? mohon masukan dari rekan2 semua.....

[fai]

kamu pakai squid versi berapa? mesin nya apa?
itu mode transparentnya sudah tidak berlaku kalau di versi squid yag baru
# --- for transparent proxy purposes
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
hilangkan saja ganti dengan
http_port 8080 transparent
cache_dir ufs /cache 13000 64 256---? coba liat lagi...squid performance dan rumus L1 nya
cache_replacement_policy GDSF --- kok cuma ini??

kayanya saya liat banyak setingan yg harus di sederhanakan..coba disusun lagi...copy paste squid.conf di topic ini yg sudah jalan kemudian di sesuaikan dengan kondisi mesin kamu dan firewall kamu...

salam
fai
squid maniac

[glacio]

Squid Version 2.5.STABLE1 , mesin P3 551 apakah setingan squid.conf yang ada di tread ini viewtopic.php?f=16&t=16910&p=102630&hilit=squid.conf#p102630 bisa lansung saya copas atau gimana mas?

[fai]

ndak bisa...itu ada option zph...
lah config squidnya mesti di sesuakan dengan partisi.....setingan firewall nya...kamu pakai iptables ndak ?

ini saya buatin squid.conf untuk mesin kamu...sangat simple ...kalau kamu tambahin nanti tambahkan pelan2 sesuai dengan apa yang kamu mau...sementara coba ini dulu...


http_port 8080
hierarchy_stoplist cgi-bin ? .js .jsp
acl QUERY urlpath_regex cgi-bin \? .js .jsp

cache_mem 6 MB
cache_swap_low 98
cache_swap_high 99

maximum_object_size 4 MB
maximum_object_size_in_memory 8 KB
minimum_object_size 0 KB

cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

cache_dir ufs /cache 7000 16 256

redirect_rewrites_host_header off

cache_access_log none
cache_log /dev/null
cache_store_log none


refresh_pattern ^ftp: 10080 95% 241920 reload-into-ims override-lastmod
refresh_pattern . 180 95% 129600 reload-into-ims override-lastmod

quick_abort_min 0
quick_abort_max 0
quick_abort_pct 100%

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl LAN src 192.168.1.0/255.255.255.0
acl PURGE method PURGE
acl SSL_ports port 443
acl Safe_ports port 80 81 82 21 443 563 70 210 280 488 591 777 1025-65535

header_access Accept-Encoding deny all

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow LAN
http_access allow localhost
http_access allow PURGE localhost
http_access deny PURGE
http_access deny all

cache_mgr squidkenceng
cachemgr_passwd yourpassword all
cache_effective_user squid
cache_effective_group squid
logfile_rotate 0
memory_pools off
buffered_logs off
log_fqdn off
log_icp_queries off
forwarded_for off

client_db on
netdb_low 900
netdb_high 1000
netdb_ping_period 5 minutes

query_icmp off
reload_into_ims on
pipeline_prefetch on
vary_ignore_expire on
ie_refresh off

error_directory /etc/squid/errors/
visible_hostname MyProxy

catatan : ip LAN kamu 192.168.1.*
timpah file squid.conf....dengan squid.conf ini
matikan service squid...
ketik . squid -z
trus coba browsing di IE client pakai proxy ip server: 8080 ...kenceng gak ?
semoga sukses...

salam
fai
squid maniac

[glacio]

Akan saya coba dulu mas. IP Getway 192.168.0.1 dan IP client dimulai dari 192.168.0.2 -dst. Lantas apakah IP pada acl LAN src 192.168.1.0 harus saya sesuaikan dengan IP Getway? Maaf masih newbi mas

[fai]

tinggal ganti saja acl LAN 192.168.0.0/255.255.255.0

[glacio]

Bagaimana cara cepat untuk nulis file squit.conf dan menimpanya tanpa mesti saya edit manual dengan perintah #vi pada file squid nya? Maklum mas fai, ini pertama kalinya saya kenal dan menjalankan command linux jadinya ya masih kikuk banget......

[glacio]

File squid.conf sudah saya timpa dan ganti dengan yang mas fai berikan, namun katika saya saya jalankan squid dengan perintah #squid -z saya mndapatkan eror seperti ini :

1999/01/23 13:08:50| squid.conf line 46: http_access deny CONNECT !SSL_ports
1999/01/23 13:08:50| aclParseAccessLine: ACL name 'CONNECT' not found.
1999/01/23 13:08:50| Squid is already running! Process ID 1845

Setelah saya set browser client ke ip server:8080 malah ngak isa akses web.

Internet Explorer cannot display the webpage

Selanjutnya saya start squid dengan perintah : #/etc/rc.d/init.d/squid start malah eror :

Starting squid: [FAILED]

dan juga tidak bisa akses web.
Akhirnya file squid saya kembalikan seperti semula dan kembali normal namun koneksi tetap lemot kembali kek siput
Lalu bagaimana solusinya mas fai? atupun rekan2 forum yang lain mohon bantuannya

[glacio]

Saya coba berasumsi sendiri dengan menambahkan "acl CONNECT method CONNECT" dalam barisan

acl gropyhoo url_regex groups.yahoo.com
no_cache deny gropyhoo
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443
acl Safe_ports port 23 210 70 80 563 443 445 800 8383 8900-65535
#acl pert src 202.155.114.0/24

tersebut dan squid saya restar lagi. Nah sekarang sudah bisa akses web nya
Waktu saya coba mengarahkan browser client ke ipserver:8080 dan membandingkan dengan setingan browser secara default ternyata ini lebih cepat akses nya. Namun akses tersebut masih lebih lamabat jika saya bypass tanpa proxy walaupun sekarang koneksi terasa lumayan baik jika dibandingkan sebelum squid nya saya edit sesuai petunjuk mas fai . Terimaksih bnyk mas fai atas support nya. Tapi apakah masih bisa squid ini dibuat lebih agresif lagi?

[fai]

sorry kemaren lupa tambahin acl connect nya .. hehehe maklum kemaren buru2...
squid.conf yg saya rancang kemaren saya sesuaikan dengan spec mesinnya kalau gak salah Squid Version 2.5.STABLE1 , mesin P3 551 , cuma ram nya saya nggak tau berapa, kalau memang ram nya besar beberapa option masih bisa di tuning, dan cache_dirnya agak di perkecil dahulu...jadi pelan2 saja...liat sampe di mana mesin nya kuat...karena kadang2 kalau request tinggi tetapi HDD gak bisa meladeni nya..malah bisa terjadi bottleneck yang akhirnya malah membuat koneksi jadi lambat....coba kamu baca lagi topic squid performance....biar lebih mantap

[glacio]

Setelah semuanya berjalan lalu saya coba restart mesin nya dan mengarahkan ip proxy pada setiap client ke ip proxy. Tapi malah ngak bisa chat via YM dan parahnya untuk browsing malah lebih lambat dari sebelum nya. Trus gimana solusinya ?