hey there Eli(i think i know you)
any ssl interception will make the connection slower but it can be tricky.
gmail is one big example of a site that has problems while working on
plain http and on https will work better also will solve many problems
because most ISP's wont do ssl interception.
it also depends on your ISP interception machines.
if they have a lot of users and less powerfull machines it will cause
slowdowns!
if you want to make sure it's not from your side connect a server in you
infrastructure and use apache tools to test the connection to load on
the server just to understand the differences of squid.
also you can try to use iptables rules to bypass squid for tests.
that way you can clearly see if your infrastructure is the cause for the
slowdowns.
Regards
Eliezer
On 17/02/2012 01:11, E.S. Rosenberg wrote:
> 2012/2/16 Luis Daniel Lucio Quiroz<luis.daniel.lucio_at_gmail.com>:
>> Comments, behind...
>>
>> Le 12 janvier 2012 06:53, E.S. Rosenberg<esr_at_g.jct.ac.il> a écrit :
>>> 2012/1/11 jeffrey j donovan<donovan_at_beth.k12.pa.us>:
>>>>
>>>> On Jan 10, 2012, at 7:45 AM, E.S. Rosenberg wrote:
>>>>
>>>>> Hi,
>>>>> We run a setup where our users are passing through 0-2 proxies before
>>>>> reaching the Internet:
>>>>> - https 0
>>>>> - http transparent 1 (soon also 2)
>>>>> - http authenticated 2
>>>>>
>>>>> Lately we are experiencing some (extreme) slowness even-though the
>>>>> load on the line is only about half the available bandwidth, we know
>>>>> that on the ISP side our traffic is also passing through all kinds of
>>>>> proxies/filters etc.
>> So , your ISP does extra filtering? (just to state clear)
> Yes.
>>
>>>>> I would like to somehow be able to see where the slowdowns are
>>>>> happening to rule out that it's not our side at fault, but I don't
>>>>> really know what tool/tools I could use to see what is going on here.
>> Have you identify what kind of traffic is slow and what it is not?
>> This is very important.
> Most of the traffic is regular http.
>>
>>>>>
>>>>> We suspect that the slowness may be related to the ISP doing
>>>>> Man-in-the-Middle on non-banking SSL traffic (as per request of
>>>>> management), but I really want to rule our side out first....
>> This statement is almost impossible, if they were all your HTTPS
>> conexion will comply about certificate issues. Is that happens?
> It does, the stations that we control have the ISPs CA installed so
> they actually don't get warned but wireless clients do.
>
> For now we turned of the https filtering and it seems that at least
> some of the slowness complaints may have been due to unrelated
> infrastructure problems.
> But I still would like to know where I can look, we have cacti
> graphing our throughput so I have an idea of the load on the line
> itself, we have cachemgr installed on all the proxies but I'm afraid I
> am not so good at reading& understanding all of it's output.
>
> Regards and thanks,
> Eli
>>>>>
>>>>> Thanks,
>>>>> Eli
>>>>
>>>>
>>>> Hi eli, are you caching ? or going direct.
>>>
>>> Hi, sorry for the slow reply.
>>> We are doing some caching, so far we have not optimized it, Calamaris
>>> reports our efficiency between 6-10% on different proxies...
>> Too low, a good proxy shall give you 30% aprox.
>>
>>> Thanks,
>>> Eliyahu - אליהו
>>
>> LD
Received on Fri Feb 17 2012 - 00:44:01 MST
This archive was generated by hypermail 2.2.0 : Fri Feb 17 2012 - 12:00:03 MST