hey there Eli(i think i know you)
any ssl interception will make the connection slower but it can be tricky.
gmail is one big example of a site that has problems while working on
plain http and on https will work better also will solve many problems
because most ISP's wont do ssl interception.
it also depends on your ISP interception machines.
if they have a lot of users and less powerfull machines it will cause
slowdowns!
if you want to make sure it's not from your side connect a server in you
infrastructure and use apache tools to test the connection to load on
the server just to understand the differences of squid.
also you can try to use iptables rules to bypass squid for tests.
that way you can clearly see if your infrastructure is the cause for the
slowdowns.
Regards
Eliezer
On 17/02/2012 01:11, E.S. Rosenberg wrote:
2012/2/16 Luis Daniel Lucio Quiroz<luis.daniel.lucio@xxxxxxxxx>:
Comments, behind...
Le 12 janvier 2012 06:53, E.S. Rosenberg<esr@xxxxxxxxxxx> a écrit :
2012/1/11 jeffrey j donovan<donovan@xxxxxxxxxxxxxx>:
On Jan 10, 2012, at 7:45 AM, E.S. Rosenberg wrote:
Hi,
We run a setup where our users are passing through 0-2 proxies before
reaching the Internet:
- https 0
- http transparent 1 (soon also 2)
- http authenticated 2
Lately we are experiencing some (extreme) slowness even-though the
load on the line is only about half the available bandwidth, we know
that on the ISP side our traffic is also passing through all kinds of
proxies/filters etc.
So , your ISP does extra filtering? (just to state clear)
Yes.
I would like to somehow be able to see where the slowdowns are
happening to rule out that it's not our side at fault, but I don't
really know what tool/tools I could use to see what is going on here.
Have you identify what kind of traffic is slow and what it is not?
This is very important.
Most of the traffic is regular http.
We suspect that the slowness may be related to the ISP doing
Man-in-the-Middle on non-banking SSL traffic (as per request of
management), but I really want to rule our side out first....
This statement is almost impossible, if they were all your HTTPS
conexion will comply about certificate issues. Is that happens?
It does, the stations that we control have the ISPs CA installed so
they actually don't get warned but wireless clients do.
For now we turned of the https filtering and it seems that at least
some of the slowness complaints may have been due to unrelated
infrastructure problems.
But I still would like to know where I can look, we have cacti
graphing our throughput so I have an idea of the load on the line
itself, we have cachemgr installed on all the proxies but I'm afraid I
am not so good at reading& understanding all of it's output.
Regards and thanks,
Eli
Thanks,
Eli
Hi eli, are you caching ? or going direct.
Hi, sorry for the slow reply.
We are doing some caching, so far we have not optimized it, Calamaris
reports our efficiency between 6-10% on different proxies...
Too low, a good proxy shall give you 30% aprox.
Thanks,
Eliyahu - אליהו
LD
