On 30/08/2013 4:47 a.m., Matthew Ceroni wrote:
> Hi:
>
> I am seeing a peculiar symptom of slow responses times for certain websites.
>
> On my production proxy server (which has a large on disk cache and in
> memory cache) if I navigate to www.wellsfargo.com and click on
> Comericial and then login, the login page takes upwards of 60 seconds
> to display. Tailing the access logs shows this as the total response
> time is 60k ms.
>
> As I was using CentOS and it only has 3.1 in the official repositories
> I spun up a test proxy and upgraded to the latest squid 3.8.1. I then
> tested going to the same website. Everything appeared great. The
> WellsFargo site loaded up instantly.
>
> Therefore I upgraded my physical production proxy to 3.8.1 and hoped
> to see the same thing. Unfortunately that did not happen. I still saw
> 60 seconds response times.
>
> I then went back to my test proxy and tried to test again. While point
> to the test proxy the page loaded just fine. However the peculiar
> thing is in the access log I wasn't see a log message logged right
> away. Then after 60 seconds or so I would see
>
> 29/Aug/2013:09:39:22 -0700 41553 192.168.2.123 TCP_MISS/200 23273
> CONNECT wellsoffice.wellsfargo.com:443
> HIER_DIRECT/wellsoffice.wellsfargo.com -
>
> So while the page loaded instantly (I even cleared the browser cache,
> restarted squid so the memory cache was cleared, there is no disk
> cache on my test proxy) squid reported that it took 41 seconds to
> service.
This is a CONNECT. It is *not* a single object load like other requests
types.
What CONNECT actually contains is a SSL handshake/setup then an entire
series of multiple HTTP / Websockets / SPDY transactions inside it. With
delays between each request-response pair same as in normal traffic. If
you have users with accounts in Facebook or GoogleTalk you probably see
some of these CONNECT requests taking hours or even days to complete.
What you are seeing is that this *entire* multiple transaction process
is taking 41.553 seconds. Whether that is good or bad depends on the how
many transactions are taking place inside the tunnel. Squid has nothing
to do with it beyond setting up the TCP connection requested.
Amos
Received on Fri Aug 30 2013 - 06:20:42 MDT
This archive was generated by hypermail 2.2.0 : Fri Aug 30 2013 - 12:00:16 MDT