Brett, I had a similar experience when we moved some Squid instances behind a Cisco CSS for load balancing. The problem turned out to be a combination of gigabit ethernet, new cards, and some tweaks to /etc/sysctl.conf on our Debian Linux boxes.
Apparently, the Cisco CSS were not configured to allow large TCP windows. Our squid and Apple's web server negotiated the connection to allow large frames, but when their web server tried sending one, it got stuck at our Cisco CSS. The transfer would predictably fail about 6K into the transfer. If you think this has any application for you, our settings are: # egrep "^[a-zA-Z]" /etc/sysctl.conf net/ipv4/icmp_echo_ignore_broadcasts=1 net/ipv4/tcp_syncookies=1 net.ipv4.tcp_no_metrics_save = 1 net.core.netdev_max_backlog = 2500 net.core.rmem_max = 105472 net.core.wmem_max = 105472 net.ipv4.tcp_rmem = 4096 87380 174760 net.ipv4.tcp_wmem = 4096 16384 131072 vm/min_free_kbytes = 65536 # uname -a Linux httpproxy1 2.6.15-1-686-smp #2 SMP Mon Mar 6 15:34:50 UTC 2006 i686 GNU/Linux # cat /etc/debian_version testing/unstable Good luck, -John Reddy
A user just complained to me that he could not download the latest Apple security update. On a hunch, I bypassed the transparent Squid proxy and the update installed properly. The Squid developers may want to investigate why this problem occurred. The version of Squid that's running is 2.5STABLE5. --Brett Glass, LARIAT.NET
