[tproxy] TPROXY performance on CentOSv6

KOVACS Krisztian hidden at balabit.hu
Tue Aug 9 15:49:49 CEST 2011


On Mon 08 Aug 2011 06:38:13 PM CEST, Ritter, Nicholas wrote:
> I am testing TPROXY with Squid v3.1.14 on CentOS v6 and noticed several
> TCP-performance related problems were squid is failing due to TCP
> session handling issues. CentOS v6 is  running a 2.6.32-71.29.1 kernel,
> and I saw a TPROXY listserv posting from Nov 10, 2010 about
> TPROXY/Kernel hanging issues and a fix that was merged in and after
> 2.6.37.
> My question is if this issue could be the root cause of the problems I
> am seeing, and if anyone had suggestions for further debugging and
> solutions. Squid is reporting a higher than normal number of 502 BAD
> GATEWAY errors and some websites consistently not working. I have
> testing the squid install without TPROXY and the errors go away, so I
> know it is TPROXY related.
> If upgrading the kernel is the way to go, that gets hairy with CentOS
> and I am not sure which method is the best way to go for upgrading the
> kernel.
> Any thoughts or suggestions?

Well, I'm not quite sure the issues you're experiencing are fixed by 
those commits in 2.6.37, but you could certainly give it a try.

Based on the RedHat Bugzilla I think all those patches have been merged 
into the RHEL 6.1 kernel:

I don't know if CentOS packages are available yet -- Scientific Linux 
already has a version of the kernel which contains the above patches.

KOVACS Krisztian

More information about the tproxy mailing list