[wellylug] [nzlug] Re: Squid, wpad.dat auto-configuration and the Air NZ booking service - RESOLVED

David Harrison david.harrison at stress-free.co.nz
Mon Apr 20 13:53:39 NZST 2009


On 20/04/2009, at 12:30 PM, Daniel Pittman wrote:

> Daniel Lawson <daniel at meta.net.nz> writes:
>>
>>> Then work out which of those features actually causes the problem
>>> and, ideally, report that to the technical people at AirNZ who  
>>> have a
>>> broken Internet connection.
>>>
>>
>> I reported ECN brokenness to AirNZ about a year or so ago, and they
>> said they'd look into. It's come up several times before that though.
>>

I have a feeling this is site-specific as the proxy is buried behind a  
few layers of hardware firewall.

My plan is to run the proxy "as is" for another week and if all is  
well start removing these tweaks to identify what the exact solution  
was.
Unfortunately the organisation where this proxy is handles a lot of  
Air NZ travel arrangements, so having the site work is far more  
important than having optimal performance :-)

I've tested the Air NZ site from my office using a similarly  
configured Centos 5.3 VM (sans TCP hacks) and it works fine, so the  
issue is probably between two of the internal firewall devices. I  
can't monitor or manage these devices, so performing debugging or  
making changes at this level is not possible.

The reason I thought it was initially related to the wpad.dat file was  
because of the intermittent nature of the connection issue, Squid's  
handling of persistent connections and the way desktop support tested  
the problem.
e.g. The tester would try to connect with the wpad.dat config and it  
would fail, meanwhile a connection would be established so Squid would  
setup a persistent connection. Unfortunately this would all occur just  
in time for the second (non wpad.dat) attempt by the tester.
The result: "Hey it works when I don't use wpad.dat so that must be  
the problem."

As soon as I disabled persistent connections on Squid and monitored  
network connections with netstat you could see the connection to  
flightbookings.airnewzealand.co.nz lock up with a SYN_SENT status each  
time the "Search" button was pressed on the Air NZ site.
i.e. Very similar to the example in this book:
http://my.safaribooksonline.com/0596001622/squid-CHP-9-SECT-6

I'll post the outcome from my "un-hack TCP till it breaks" session  
next week.


David

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20090420/46f47626/attachment.html 


More information about the wellylug mailing list