I have same problem as Apollo. I haven't find out before, because my cache was already filled by previous squid configuration.
If you find any mistake I've done, I will appreciate to let me know about.
So problems with suggested sandwich config are:
1. squid doesn't cache as it should (my cache was previously filled by 2M object in +-5 days. Now with actual cfg based on example I have +- 40k object in 1 day. (I have squid-rrd monitor so I can easily compare speed of cache filling process)
2. If object is finally cached (don't asked me how, I have no glue) it is replied from cache of first squid (please note, that both squid are in fact one instance, which have same in memory cache and same in memory pointer structure to on disk cache, so if "cache" - previously "no_cache" directive is not used and object is already cached it is processed from cache regardless of peer "proxy-only" directive.
3. because of previous problem I have almost NO HITS, and majority of HITS are MEM_HITS.
You can see object live in cache bellow: it take several times before it was cached, but then it was processed directly to client and not from havp peer.
Code:
betelgeuse:/var/log/squid# more access.log | grep adsWrapper.js
1204117693.351 499 10.98.218.30 TCP_MISS/200 11393 GET http://ar.atwola.com/file/adsWrapper.js - DIRECT/205.188.165.121 application/x-javascript
1204117693.358 507 10.98.218.30 TCP_MISS/200 11475 GET http://ar.atwola.com/file/adsWrapper.js - DEFAULT_PARENT/havp application/x-javascript
1204117718.421 494 10.98.238.150 TCP_MISS/200 11393 GET http://ar.atwola.com/file/adsWrapper.js - DIRECT/64.12.174.249 application/x-javascript
1204117718.428 502 10.98.238.150 TCP_MISS/200 11475 GET http://ar.atwola.com/file/adsWrapper.js - DEFAULT_PARENT/havp application/x-javascript
1204146580.259 502 10.98.239.218 TCP_MISS/200 11393 GET http://ar.atwola.com/file/adsWrapper.js - DIRECT/64.12.174.57 application/x-javascript
1204146580.267 510 10.98.239.218 TCP_MISS/200 11475 GET http://ar.atwola.com/file/adsWrapper.js - DEFAULT_PARENT/havp application/x-javascript
1204146644.335 493 10.98.239.218 TCP_MISS/200 11393 GET http://ar.atwola.com/file/adsWrapper.js - DIRECT/205.188.165.249 application/x-javascript
1204146644.343 502 10.98.239.218 TCP_MISS/200 11475 GET http://ar.atwola.com/file/adsWrapper.js - DEFAULT_PARENT/havp application/x-javascript
1204148573.829 0 10.98.239.218 TCP_HIT/200 11396 GET http://ar.atwola.com/file/adsWrapper.js - NONE/- application/x-javascript
1204148598.990 0 10.98.251.146 TCP_HIT/200 11396 GET http://ar.atwola.com/file/adsWrapper.js - NONE/- application/x-javascript
1204148611.238 0 10.98.226.66 TCP_HIT/200 11396 GET http://ar.atwola.com/file/adsWrapper.js - NONE/- application/x-javascript
1204148622.282 8 10.98.251.146 TCP_HIT/200 11396 GET http://ar.atwola.com/file/adsWrapper.js - NONE/- application/x-javascript
1204148659.973 0 10.98.251.146 TCP_HIT/200 11396 GET http://ar.atwola.com/file/adsWrapper.js - NONE/- application/x-javascript
1204148672.429 1 10.98.226.66 TCP_HIT/200 11396 GET http://ar.atwola.com/file/adsWrapper.js - NONE/- application/x-javascript
1204148684.264 0 10.98.251.146 TCP_HIT/200 11396 GET http://ar.atwola.com/file/adsWrapper.js - NONE/- application/x-javascript
1204148728.991 0 10.98.251.146 TCP_HIT/200 11396 GET http://ar.atwola.com/file/adsWrapper.js - NONE/- application/x-javascript
1204148734.238 0 10.98.226.66 TCP_HIT/200 11396 GET http://ar.atwola.com/file/adsWrapper.js - NONE/- application/x-javascript
1204148745.645 0 10.98.251.146 TCP_HIT/200 11396 GET http://ar.atwola.com/file/adsWrapper.js - NONE/- application/x-javascript
1204148753.592 0 10.98.251.146 TCP_HIT/200 11396 GET http://ar.atwola.com/file/adsWrapper.js - NONE/- application/x-javascript
1204148795.255 1 10.98.226.66 TCP_HIT/200 11396 GET http://ar.atwola.com/file/adsWrapper.js - NONE/- application/x-javascript
1204148797.970 0 10.98.251.146 TCP_HIT/200 11396 GET http://ar.atwola.com/file/adsWrapper.js - NONE/- application/x-javascript
1204148815.714 2 10.98.251.146 TCP_HIT/200 11396 GET http://ar.atwola.com/file/adsWrapper.js - NONE/- application/x-javascript
1204148859.261 1 10.98.226.66 TCP_HIT/200 11396 GET http://ar.atwola.com/file/adsWrapper.js - NONE/- application/x-javascript
1204148920.325 1 10.98.226.66 TCP_HIT/200 11396 GET http://ar.atwola.com/file/adsWrapper.js - NONE/- application/x-javascript
Code:
Squid Object Cache: Version 2.6.STABLE18
Start Time: Tue, 26 Feb 2008 21:18:37 GMT
Current Time: Wed, 27 Feb 2008 22:02:47 GMT
Connection information for squid:
Number of clients accessing cache: 143
Number of HTTP requests received: 8824158
Number of ICP messages received: 0
Number of ICP messages sent: 0
Number of queued ICP replies: 0
Request failure ratio: 0.00
Average HTTP requests per minute since start: 5945.5
Average ICP messages per minute since start: 0.0
Select loop called: 209924902 times, 0.424 ms avg
Cache information for squid:
Request Hit Ratios: 5min: 0.2%, 60min: 0.4%
Byte Hit Ratios: 5min: 1.5%, 60min: 1.3%
Request Memory Hit Ratios: 5min: 28.3%, 60min: 53.2%
Request Disk Hit Ratios: 5min: 3.8%, 60min: 8.9%
Storage Swap size: 381608 KB
Storage Mem size: 185320 KB
Mean Object Size: 9.68 KB
Requests given to unlinkd: 0
Median Service Times (seconds) 5 min 60 min:
HTTP Requests (All): 0.01847 0.01745
Cache Misses: 0.03241 0.02592
Cache Hits: 0.00000 0.00000
Near Hits: 0.04277 0.01469
Not-Modified Replies: 0.02190 0.00000
DNS Lookups: 0.05078 0.03374
ICP Queries: 0.00000 0.00000
Resource usage for squid:
UP Time: 89050.901 seconds
CPU Time: 4029.060 seconds
CPU Usage: 4.52%
CPU Usage, 5 minute avg: 5.57%
CPU Usage, 60 minute avg: 6.85%
Process Data Segment Size via sbrk(): 313128 KB
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
Memory usage for squid via mallinfo():
Total space in arena: 311848 KB
Ordinary blocks: 308544 KB 0 blks
Small blocks: 0 KB 0 blks
Holding blocks: 0 KB 0 blks
Free Small blocks: 2771 KB
Free Ordinary blocks: 532 KB
Total in use: 308544 KB 99%
Total free: 3303 KB 1%
Total size: 311848 KB
Memory accounted for:
Total accounted: 238049 KB
memPoolAlloc calls: 1315268252
memPoolFree calls: 1314518086
File descriptor usage for squid:
Maximum number of file descriptors: 4096
Largest file desc currently in use: 1622
Number of file desc currently in use: 880
Files queued for open: 0
Available number of file descriptors: 3216
Reserved number of file descriptors: 100
Store Disk files open: 2
IO loop method: epoll
Internal Data Structures:
43120 StoreEntries
42223 StoreEntries with MemObjects
42134 Hot Object Cache Items
39408 on-disk objects
Code:
#host
visible_hostname XXXXXX
#port
http_port 3128 transparent
http_port 127.0.0.1:3129
icp_port 0
#DNS
dns_nameservers 10.98.231.130 10.98.231.66
hosts_file /etc/hosts
#cache
cache_mem 200 MB
maximum_object_size 40 MB
maximum_object_size_in_memory 64 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_dir aufs /var/spool/squid/cache1 30000 32 256
cache_dir aufs /var/spool/squid/cache2 30000 32 256
cache_dir aufs /var/spool/squid/cache3 30000 32 256
cache_swap_low 98
cache_swap_high 99
refresh_pattern ^ftp: 20160 50% 43200
refresh_pattern -i \.(jpe?g|gif|png|ico|tif?f|bmp)$ 43200 100% 43200
refresh_pattern -i \.(zip|gz|bz2|rar|arj|cab|exe)$ 43200 100% 43200
refresh_pattern -i \.(mp3|mpe?g|avi|wmv|wma|vqf|ogg|mov|qt|wav)$ 43200 100% 43200
refresh_pattern -i \.(pdf|ps)$ 43200 100% 43200
refresh_pattern windowsupdate.com/.*\.(cab|exe)$ 43200 100% 43200
refresh_pattern download.microsoft.com/.*\.(cab|exe)$ 43200 100% 43200
refresh_pattern -i \.(cgi|asp|php|fcgi)$ 0 20% 60
refresh_pattern (cgi-bin|\?) 0 0% 0
#refresh_pattern . 20160 50% 43200
refresh_pattern . 0 20% 4320
#redirect_program /usr/local/bin/squidguard
#do not use follow_x_forwarded_for IP,
#used IP of last requestor instead
acl_uses_indirect_client off
acl LOCALNET src 10.0.0.0/8
acl ALL src 0.0.0.0/0.0.0.0
acl MANAGER proto cache_object
acl MONITOR src 10.98.231.86/31
acl LOCALHOST src 127.0.0.1/32 10.98.231.142/32
acl SSL_ports port 443 563 10000
acl SAFE_ports port 80 21 443 563 1025-65535
acl CONNECT method CONNECT
acl HTTP_proto proto HTTP
acl HTTPS_proto proto HTTPS
acl SQUID2 myport 3129
acl NOSCAN1 urlpath_regex -i \.(jpe?g|gif|png|ico|tif?f|bmp)$
acl NOSCAN2 dstdomain .play.cz
acl NOSCAN2 dstdomain .stream.aol.com
acl NOSCAN2 dstdomain .youtube.com
acl NOCACHE1 dstdomain .dsl.cz
acl NOCACHE1 dstdomain .speedmeter.internetprovsechny.cz
http_access allow MANAGER LOCALHOST
http_access allow MANAGER MONITOR
http_access deny MANAGER
http_access deny !SAFE_ports
http_access deny CONNECT !SSL_ports
http_access allow LOCALHOST
http_access allow LOCALNET
http_access deny ALL
icp_access deny ALL
#default, not realy needed
http_reply_access allow ALL
#only requests to squid2 can be satisfied
#from cache and cached if needed
#cache allow SQUID2
#cache deny !SQUID2
#havp proxy
cache_peer 127.0.0.1 parent 8080 0 name=havp no-query no-digest no-netdb-exchange proxy-only default
#second squid - caching
cache_peer 127.0.0.1 parent 3129 0 name=squid2 no-query no-digest no-netdb-exchange proxy-only
#default so not really needed
prefer_direct off
#not needed if always|never_direct is used
nonhierarchical_direct off
#allow squid2 to connect directly to server
#always_direct allow SQUID2
#there is no need to cache or scan https
always_direct allow HTTPS_proto
#anything not to be scanned AND cached can be listed bellow
always_direct allow CONNECT
always_direct allow NOCACHE1
#nothing else can be proccessed directly
never_direct allow !SQUID2
#havp should not be used by squid2
cache_peer_access havp deny SQUID2
#havp should not be used for https
cache_peer_access havp deny HTTPS_proto
#we have something not to be scanned
cache_peer_access havp deny NOSCAN1
cache_peer_access havp deny NOSCAN2
#anything other can be scanned
cache_peer_access havp allow ALL
#squid2 should not be used by itself
cache_peer_access squid2 deny SQUID2
cache_peer_access squid2 allow ALL
#redirector_access deny SQUID2
#redirector_access allow ALL
acl APACHE rep_header Server ^Apache
broken_vary_encoding allow APACHE
#hierarchy proccess directly and not by peers
#overrided by: nonhierarchical_direct off
hierarchy_stoplist cgi-bin ?
#anonymous proxy
header_access Via deny ALL
header_access X-Forwarded-For deny SQUID2
#allow to see orig client IP in logs
forwarded_for on
follow_x_forwarded_for allow LOCALHOST
quick_abort_min 0 KB
quick_abort_max 0 KB
half_closed_clients off
client_db off
pipeline_prefetch on
ipcache_size 16384
fqdncache_size 16384
#needed HAVP can procces max 20KB headers
request_header_max_size 20 KB
ie_refresh on
shutdown_lifetime 5 seconds
cache_effective_user squid
hosts_file /etc/hosts
coredump_dir /var/spool/squid
pid_filename /var/run/squid.pid
error_directory /usr/local/share/squid/errors/Czech
icon_directory /usr/local/share/squid/icons
#warnings
high_response_time_warning 200
high_page_fault_warning 10
high_memory_warning 2 GB
#logs
access_log none
#access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
logfile_rotate 10
strip_query_terms off
buffered_logs on
log_uses_indirect_client on
log_icp_queries off
Cache is dualcore 3GHZ CPU, 8GB RAM, 3x WD Raptor HDD for cache and 2x HDD in mirror for system. Under load of max 200 request/s CPU is about 10%