IDC资讯中心
一、 概述
squid是一款优秀的open source的代理服务器软件,可以运行于多种系统平台上,但是同其他商业化的产品相比,其缺点也是很明显的,那就是它的命中率和效率相对低下。
本文主要讨论在不改变硬件条件之下,通过以下手段对squid进行性能优化:
1. 编译一个高效的、精简的新内核;
2. 对cache分区采用reiserfs日志文件系统;
3. 重新编译squid;
4. 优化squid配置;
对于优化的效果,我使用大名鼎鼎的cacheflow公司的测试工具——cfmc进行测试比较:
首先用cfmc自带的一个脚本,从squid.conf的access.log中抽出rul,然后以这些rul为依据进行测试。
服务器配置:
型号:hp lh3
cpu:pii450
内存:256mb 100mhz ecc sdram dimm
硬盘:9.1gb hot-swap ultra2 hard disk
网卡:ethernet express pro 100 10/100m x 2
操作系统:redhat 7.1
优化前测试结果:
iteration 0: cumulative statistics; 933 seconds elapsed
total objects: 72599, total object size: 513211102 bytes
average object size: 7069 bytes
average object response time: 2707 milliseconds
objects per second: 77.81
bytes per second: 550065, min: 550065, max: 879873
urls discarded due to socket or connection failures: 6955
redirections: 1017, cookied objects: 1036
pragma no-cache objects: 1656, non-200 http response codes: 2505
优化后测试结果:
iteration 0: cumulative statistics; 688 seconds elapsed
total objects: 72599, total object size: 403833100 bytes
average object size: 5562 bytes
average object response time: 1890 milliseconds
objects per second: 105.52
bytes per second: 586966, min: 586966, max: 995582
urls discarded due to socket or connection failures: 16372
redirections: 1658, cookied objects: 1000
pragma no-cache objects: 1454, non-200 http response codes: 3132
通过对以上测试结果的比较,我们可以看出:
优化后的objects per second增加了35.6%,average object response time减少了43.2%,对整体性能的提升还是比较明显的。
二、 编译新内核
我们采取这样的方式来编译内核:取消内核的模块支持,将服务器所有的硬件驱动编译到内核中,此外还要注意将对reiserfs文件系统的支持也编译到内核中,从而在提供系统性能的同时增加系统安全性。在2.4.10以上的版本中,已经内置了对reiserfs文件系统的支持。
首先从http://www.kernel.org/pub/linux/kernel/v2.4/下载linux-2.4.12.tar.gz,这是当前最新的内核。
然后解开内核文件:
tar xvzf linux-2.4.12.tar.gz
进入新生成的目录并执行:
cd linux
make mrproper
make config
根据我的服务器的配置,我选择这样编译内核:
* code maturity level options
prompt for development and/or incomplete code/drivers (config_experimental) [y/n/?]
* loadable module support
enable loadable module support (config_modules) [n/y/?]
* processor type and features
processor family (386, 486, 586/k5/5×86/6×86/6x86mx, pentium-classic, pentium-mm
x, pentium-pro/celeron/pentium-ii, pentium-iii/celeron(coppermine), pentium-4, k
6/k6-ii/k6-iii, athlon/duron/k7, crusoe, winchip-c6, winchip-2, winchip-2a/winch
ip-3, cyrixiii/c3) [pentium-pro/celeron/pentium-ii]
* general setup
networking support (config_net) [y/n/?]
pci support (config_pci) [y/n/?]
pci access mode (bios, direct, any) [any]
defined config_pci_goany
pci device name database (config_pci_names) [y/n/?]
system v ipc (config_sysvipc) [y/n/?]
sysctl support (config_sysctl) [y/n/?]
kernel core (/proc/kcore) format (elf, a.out) [elf]
defined config_kcore_elf
* plug and play configuration
plug and play support (config_pnp) [y/n/?]
* block devices
normal pc floppy disk support (config_blk_dev_fd) [y/n/?]
* networking options
kernel/user netlink socket (config_netlink) [y/n/?]
routing messages (config_rtnetlink) [y/n/?]
network packet filtering (replaces ipchains) (config_netfilter) [y/n/?]
unix domain sockets (config_unix) [y/n/?]
tcp/ip networking (config_inet) [y/n/?]
ip: advanced router (config_ip_advanced_router) [y/n/?]
ip: policy routing (config_ip_multiple_tables) [y/n/?]
ip: use netfilter mark value as routing key (config_ip_route_fwmark) [y/n/?]
ip: fast network address translation (config_ip_route_nat) [y/n/?]
ip: equal cost multipath (config_ip_route_multipath) [y/n/?]
* ip: netfilter configuration
connection tracking (required for masq/nat) (config_ip_nf_conntrack) [y/n/?]
ftp protocol support (config_ip_nf_ftp) [y/n/?]
ip tables support (required for filtering/masq/nat) (config_ip_nf_iptables) [y/n/?]
limit match support (config_ip_nf_match_limit) [y/n/?]
multiple port match support (config_ip_nf_match_multiport) [y/n/?]
connection state match support (config_ip_nf_match_state) [y/n/?]
packet filtering (config_ip_nf_filter) [y/n/?]
full nat (config_ip_nf_nat) [y/n/?]
redirect target support (config_ip_nf_target_redirect) [y/n/?]
log target support (config_ip_nf_target_log) [y/n/?]
ata/ide/mfm/rll support (config_ide) [y/n/?]
* ide, ata and atapi block devices
enhanced ide/mfm/rll disk/cdrom/tape/floppy support (config_blk_dev_ide) [y/n/?]
include ide/ata-2 disk support (config_blk_dev_idedisk) [y/n/?]
use multi-mode by default (config_idedisk_multi_mode) [y/n/?]
include ide/atapi cdrom support (config_blk_dev_idecd) [y/n/?]
* scsi support
scsi support (config_scsi) [y/n/?]
* scsi support type (disk, tape, cd-rom)
scsi disk support (config_blk_dev_sd) [y/n/?]
maximum number of scsi disks that can be loaded as modules (config_sd_extra_devs) [8]
* some scsi devices (e.g. cd jukebox) support multiple luns
enable extra checks in new queueing code (config_scsi_debug_queues) [y/n/?]
* scsi low-level drivers
ami megaraid support (config_scsi_megaraid) [y/n/?]
sym53c8xx scsi support (config_scsi_sym53c8xx) [y/n/?]
default tagged command queue depth (config_scsi_ncr53c8xx_default_tags) [4]
maximum number of queued commands (config_scsi_ncr53c8xx_max_tags) [32]
synchronous transfers frequency in mhz (config_scsi_ncr53c8xx_sync) [80]
* network device support
network device support (config_netdevices) [y/n/?]
* ethernet (10 or 100mbit)
ethernet (10 or 100mbit) (config_net_ethernet) [y/n/?]
eisa, vlb, pci and on board controllers (config_net_pci) [y/n/?]
etherexpresspro/100 support (config_eepro100) [y/n/?]
* input core support
input core support (config_input) [y/n/?]
keyboard support (config_input_keybdev) [y/n/?]
* character devices
virtual terminal (config_vt) [y/n/?]
support for console on virtual terminal (config_vt_console) [y/n/?]
standard/generic (8250/16550 and compatible uarts) serial support (config_serial) [y/n/?]
unix98 pty support (config_unix98_ptys) [y/n/?]
maximum number of unix98 ptys in use (0-2048) (config_unix98_pty_count) [8]
* file systems
reiserfs support (config_reiserfs_fs) [y/n/?]
iso 9660 cdrom file system support (config_iso9660_fs) [y/n/?]
/proc file system support (config_proc_fs) [y/n/?]
/dev/pts file system for unix98 ptys (config_devpts_fs) [y/n/?]
* console drivers
vga text console (config_vga_console) [y/n/?]
这里需要说明的是:如果要使用透明代理模式,要仔细选择netfilter,因为我们还得用iptables来重定向tcp包,以满足透明代理的要求。
假如您的服务器配置与我的不同,只需要更改相应的硬件配置参数即可,比如cpu类型、网卡、scsi硬盘等。
接着:
make bzimage
完成后,将 arch/i386/boot/目录下的新内核bzimage拷贝到/boot/目录下,并更名为opt:
cp arch/i386/boot/bzimage /boot/
mv /boot/bzimage /boot/opt
然后编辑lilo.conf如下所示:
boot=/dev/sda
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
message=/boot/message
default=opt
image=/boot/vmlinuz-2.4.2-2
label=linux
initrd=/boot/initrd-2.4.2-2.img
read-only
root=/dev/sda1
image=/boot/opt
label=opt
read-only
root=/dev/sda1
最后执行:
# lilo
added linux
added opt *
好了,这样我们就可以用新内核启动了,您可以发现,这样自己编译的内核要小的多,也快得多。
