squid代理与供应商的云视频语音控制台问题处理
1、背景2020疫情特殊事情,公司向集团17家单位用户推送语音视频会议,内部控制台需要与供应商的云端进行交互,通过DMZ区的squid代理进行;
2、现象内部向外部推送数据时,早晨9:45-9:50出现短暂的中断,时间段为远程办公的高发期,对端部署在阿里云上
3、 squid运行在普通代理模式;
4、接同事报账后查看access.log日志请求,统计信息如下
cat /usr/share/squid/var/logs/access.log |gawk '{print $4}'|sort|uniq -c|sort -nr
39977 TCP_TUNNEL/200
5450 TAG_NONE/400
1886 TCP_DENIED/403
287 TAG_NONE/503
108 TCP_REFRESH_UNMODIFIED/304
52 TCP_MISS/200
25 TCP_REFRESH_UNMODIFIED/200
24 TCP_MISS/304
12 TCP_MEM_HIT/200
8 TCP_MISS/503
1 TCP_DENIED_ABORTED/403
1581299092.052 21 10.99.0.137 TAG_NONE/503 0 CONNECT api.XXXcloud.com:443 - HIER_NONE/- -
1581299092.065 39 10.99.0.135 TAG_NONE/503 0 CONNECT api.XXXcloud.com:443 - HIER_NONE/- -
1581299092.068 39 10.99.0.136 TAG_NONE/503 0 CONNECT api.XXXcloud.com:443 - HIER_NONE/- -
1581299092.072 39 10.99.0.137 TAG_NONE/503 0 CONNECT api.XXXcloud.com:443 - HIER_NONE/- -
1581299092.079 39 10.99.0.135 TAG_NONE/503 0 CONNECT api.XXXcloud.com:443 - HIER_NONE/- -
1581299092.081 48 10.99.0.135 TAG_NONE/503 0 CONNECT api.XXXcloud.com:443 - HIER_NONE/- -
1581299092.642 20093 10.99.0.137 TCP_TUNNEL/200 4418 CONNECT api.XXXcloud.com:443 - HIER_DIRECT/120.78.20.65 -
1581299092.759 20088 10.99.0.136 TCP_TUNNEL/200 4418 CONNECT api.XXXcloud.com:443 - HIER_DIRECT/120.78.20.65 -
1581299093.732 20095 10.99.0.137 TCP_TUNNEL/200 4418 CONNECT api.XXXcloud.com:443 - HIER_DIRECT/120.78.20.65 -
1581299094.546 20136 10.99.0.136 TCP_TUNNEL/200 4418 CONNECT api.XXXcloud.com:443 - HIER_DIRECT/120.78.20.65 -
1581299095.856 20075 10.99.0.135 TCP_TUNNEL/200 4418 CONNECT api.XXXcloud.com:443 - HIER_DIRECT/120.78.20.65 -
1581299096.057 32 10.99.0.136 TAG_NONE/503 0 CONNECT api.XXXcloud.com:443 - HIER_NONE/- -
1581299096.620 40 10.99.0.136 TAG_NONE/503 0 CONNECT api.XXXcloud.com:443 - HIER_NONE/- -
UNIX时间戳1581299092转换为10进制接近2020-02-10 09:45:00
初步怀疑中断现象与TAG_NONE/503这个相关
检查squid的配置文件和主机limits的配置,都没有参数方面的限制,日志中也无明显资源紧张的异常提示,
有文章提示负载和并发
https://askubuntu.com/questions/955694/squid-tag-none-503-0-connect-when-high-load
浙公网安备 33010602011771号