[wellylug] [nzlug] Re: Squid, wpad.dat auto-configuration and the Air NZ booking service - RESOLVED
David Harrison
david.harrison at stress-free.co.nz
Mon Apr 20 13:53:39 NZST 2009
On 20/04/2009, at 12:30 PM, Daniel Pittman wrote:
> Daniel Lawson <daniel at meta.net.nz> writes:
>>
>>> Then work out which of those features actually causes the problem
>>> and, ideally, report that to the technical people at AirNZ who
>>> have a
>>> broken Internet connection.
>>>
>>
>> I reported ECN brokenness to AirNZ about a year or so ago, and they
>> said they'd look into. It's come up several times before that though.
>>
I have a feeling this is site-specific as the proxy is buried behind a
few layers of hardware firewall.
My plan is to run the proxy "as is" for another week and if all is
well start removing these tweaks to identify what the exact solution
was.
Unfortunately the organisation where this proxy is handles a lot of
Air NZ travel arrangements, so having the site work is far more
important than having optimal performance :-)
I've tested the Air NZ site from my office using a similarly
configured Centos 5.3 VM (sans TCP hacks) and it works fine, so the
issue is probably between two of the internal firewall devices. I
can't monitor or manage these devices, so performing debugging or
making changes at this level is not possible.
The reason I thought it was initially related to the wpad.dat file was
because of the intermittent nature of the connection issue, Squid's
handling of persistent connections and the way desktop support tested
the problem.
e.g. The tester would try to connect with the wpad.dat config and it
would fail, meanwhile a connection would be established so Squid would
setup a persistent connection. Unfortunately this would all occur just
in time for the second (non wpad.dat) attempt by the tester.
The result: "Hey it works when I don't use wpad.dat so that must be
the problem."
As soon as I disabled persistent connections on Squid and monitored
network connections with netstat you could see the connection to
flightbookings.airnewzealand.co.nz lock up with a SYN_SENT status each
time the "Search" button was pressed on the Air NZ site.
i.e. Very similar to the example in this book:
http://my.safaribooksonline.com/0596001622/squid-CHP-9-SECT-6
I'll post the outcome from my "un-hack TCP till it breaks" session
next week.
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20090420/46f47626/attachment.html
More information about the wellylug
mailing list