re: [squid-users] problem: remote site times out, provider blames squid proxy

From: Howard Cock <H.Cock_at_latrobe.edu.au>
Date: Tue, 17 Nov 2009 08:56:43 +1100

Sorry Simon & Alex, I didn't notice that my replies didn't go to the
mailing list.

See below.

cheers

-----Original Message-----
From: Howard Cock
Sent: Monday, 16 November 2009 12:20 PM
To: 'Simon Holcombe'
Subject: RE: [squid-users] problem: remote site times out, provider
blames squid proxy

Hi Simon,

My workstation has an exception to the gateway ACLs.
So I can opt to get out to the net without going via the proxies.

When I do that there is no issue, browsing from a machine with a direct
connection, but as soon as the proxy is used, "sometimes" there are
time-outs. Only with that site mind you - if our proxies did this for
every site I wouldn't have a job anymore ;)

Alex, thanks for testing that for me!

Cheers Howard

-----Original Message-----
From: Simon Holcombe [mailto:sholcombe_at_ultradata.com.au]
Sent: Monday, 16 November 2009 12:15 PM
To: Howard Cock
Subject: RE: [squid-users] problem: remote site times out, provider
blames squid proxy

Hi howard,

When you say you can get to rightnow directly what exactly do you mean?

Do you mean that when the issue occurs, if you browse from the _squid_
boxes (using say lynx or wget), you can get to them?
Or are you browsing from a different node altogether and simply
bypassing the proxy?

cheers

-----Original Message-----
From: Howard Cock [mailto:H.Cock_at_latrobe.edu.au]
Sent: Monday, 16 November 2009 10:21 AM
To: squid-users_at_squid-cache.org
Subject: [squid-users] problem: remote site times out, provider blames
squid proxy

Hello,

I'm the proxy administrator for a university. We're running squid
2.6-stable 21 on RHEL.

Earlier this year one of the departments purchased a "customer help"
service from RightNow ( www.rightnow.com ) who then created a site for
our university. It is at the same IP address as many other RightNow
sites, I believe they use a virtual IP with a load balancer and a heap
of sites behind it. The IP address for our site has over 200 other
customer sites associated with it.

http://latrobe.custhelp.com

The problem we have is that this site often fails to load via our squid
proxies, clicking on links on the front page - specifically different
"answers" - one can wait a long time for a response. The site does load
fine if going direct. After much too-ing and fro-ing the tech support at
RightNow maintain that our proxy server is displaying aberrant behavior.
This is puzzling as we are not a small university and our 35,000 users
of the web don't have this problem with any site except the RightNow
site. Our proxy systems handle millions of requests just fine.

Most other RightNow sites at the same IP address do load correctly. Ours
often times out. This is an intermittent problem, there are rare days
when the site always loads fine. I have taken many TCPdumps of
connections from proxy requests to the site in question. I interpret the
dumps as showing that during time-outs after 60 seconds (the timeout
value I have set the proxy to) the proxy gives up, re-sets the
connection and tries again. Sometimes this is repeated until the proxy
gives the user the usual "site is down or busy" error message, sometimes
eventually the site loads OK.

RightNow claim that data starts coming back from their server but then
the proxy starts sending other packets to their server, which their
server responds to but our proxy server does not.

Normally I would just add a line to proxy.pac specifying all connections
to the site in question should go direct but our gateways have port 80
blocked, only the proxies can go out on port 80.

We have experienced identical behavior now with no less than 7 of our
proxy servers. I have tried with a test proxy server with the bare
minimum of configuration also, practically the default config. What is
difficult to understand is how one site in particular has this issue,
most other RightNow customer sites always load fine although I have
found one or two at the same IP address that have the same issue as us.

In over 10 years of squid use we've never had such a long standing or
intractable issue. The RightNow techs are adamant the problem is our
proxies. Is this a unique error, have they created a site that has
discovered a bug in squid I didn't know about? Has anyone else seen a
problem like this? Any tips or ideas of what I should look into?

cheers

Howard Cock

Senior Unix Engineer
Information and Communications Technology La Trobe University, 3086

Disclaimer Notice

This message contains privileged and confidential information intended
only for the use of the addressee named above. If you are not the
intended recipient of this message you are hereby notified that you must
not disseminate, copy or take any action or place any reliance on it. If
you have received this message in error please notify Ultradata
immediately on +61 3 9291 1600. Any views expressed in this message are
those of the individual sender, except where the sender specifically
states them to be the views of Ultradata Australia Pty. Ltd.

To unsubscribe from receiving commercial electronic messages from
Ultradata Australia please email unsubscribe_at_ultradata.com.au with the
subject heading "Unsubscribe".
Received on Mon Nov 16 2009 - 21:56:59 MST

This archive was generated by hypermail 2.2.0 : Tue Nov 17 2009 - 12:00:04 MST