On 09/09/2011, at 4:37 PM, Amos Jeffries wrote: > On 09/09/11 18:15, Michael Hendrie wrote: >> >> On 09/09/2011, at 12:34 PM, John Kenyon wrote: >> >>> Hi All, >>> >>> I am experiencing a slow down on one particular site: >>> https://www.my.commbank.com.au/netbank/Logon/Logon.aspx >>> >>> I can access this web site fine however it takes approx. 30 seconds >>> to load, and if I bypass squid it takes 1 second. >>> >>> Currently running version 3.1.15, can someone point me in the right >>> direct to further troubleshoot this one? >>> >>> Cheers, >>> >>> JLK >> >> I had the exact same problem with with 3.1.10. In my case it was an >> IPv6 problem so I compiled squid with --disable-ipv6 as I didn't need >> it. There are a number of other ways to overcome the problem if you >> look through the mail archives >> (http://www.squid-cache.org/mail-archive/squid-users/201101/0344.html) >> or google. >> > > Well, considering this is .AU *do* need it, and soonish. > > Michael; > If disabling IPv6 entirely solves your problem, then the problem is in the IPv6 setup. When its one particular site like this its probably at or close to their end. Hanging/Pausing connections could be: > - DNS lag from resolvers failing to respond the same for A and AAAA, > - ICMP loss from ISP who still think its safe to drop them, or tunnels with too-big MTU configuration. > - PMTUD failures from lost ICMP messages. I understand and wasn't pointing the finger at squid as being the cause of the problem, simply offering a place to start looking based on my experience with this same site. In my environment it was much easier to recompile squid with --disable-ipv6 as there is no need for it (at this point in time) and a lot quicker than tracking down where else in the network, which is beyond my control, the problem is occurring. > That said, I checked from here across the ditch and its seems to be an IPv4-only site. So none of that applies. > > > John; > being https:// Squids only involvement is limited to being told an IP/domain to connect to and start forwarding packets there. > I'm more inclined to suspect the bank is doing some extra validation in the background when it detects the end user is not at the IP the request is coming from. > > Amos > -- > Please be using > Current Stable Squid 2.7.STABLE9 or 3.1.15 > Beta testers wanted for 3.2.0.11
<<attachment: smime.p7s>>