Henrik
I'm now tracing outside the firewall (eliminating corruption coming from
internal routers etc), and getting the same result:
Haven't managed to get an Ethereal/tcpdump box up yet - that might identify
any fields being missed by Sniffer
Of course this doesn't eliminate ISP hardware...
Phil DG
-----Original Message-----
From: Squid Support (Henrik Nordstrom) [mailto:hno@marasystems.com]
Sent: 21 May 2002 22:13
To: Damian-Grint, Philip; Squid-Users (E-mail)
Subject: Re: [squid-users] 110 Timeouts
Hmm.. I always have PAWS enabled (timestamp option, and the use of
it). Never experience any problems from it except for once some years
ago due to a malfunctioning Radware load balancer who corrupted the
timestamp option if both server and client supported timestamps.
Have no problem accessing any of the listed sites with timestamps
enabled.
Could there be something between you and the sites causing your
problems? Such as a malfunctioning load balancer, firewall,
incorrectly configured transparent proxy or anything similar?
btw: www.marasystems.com is running on Linux-2.4.X, Squid-2.5 and
Apache. And yes, PAWS is enabled but not ECN.
Regards
Henrik Nordström
MARA Systems AB <http://www.marasystems.com/>
On Tuesday 21 May 2002 16:41, Damian-Grint, Philip wrote:
> I thought I would share my experience of the seemingly obscure
> cause of this symptom.... as I can't believe that I am the only
> person who has had this problem...
>
> After comparing packet traces just using the bare telnet client
> from Linux to working and non-working sites, I found that the
> problem seemed to be linked to tcp_timestamps support:
>
> It seems that (my installation of) Linux 7.x has tcp_timestamps
> enabled and present in the outgoing SYN. Those sites which were
> having problems were responding with tcp_timestamps also present in
> the SYN/ACK TCP options, but there was must have been something
> about these which caused Linux to immediately send RST and start
> over again. Responding sites which didn't include tcp_timestamps in
> the options completed handshaking and continued as normal.
>
> When I set net.ipv4.tcp_timestamps = 0, the problem went
> away...(while I was there, and after it was working, I switched off
> tcp_window_scaling and tcp_sack just in case)
>
> I understand nothing, but it works now.
>
> If anyone can shed some light on what might be going on here, I
> would read with interest...
>
> Regards
>
> Phil DG
>
> -----Original Message-----
> From: Damian-Grint, Philip [mailto:pdamian-grint@collierscre.co.uk]
> Sent: 20 May 2002 23:59
> To: Squid-Users (E-mail)
> Subject: [squid-users] 110 Timeouts
>
>
> Hello,
>
> Perhaps this is one of those obvious newbie things that everyone
> gets when they start with Squid, but it seems that however I build
> my Squid server, I consistently get a number of (the same) sites
> which are unaccessible (response 110 timed out connection), but
> come up ok when I go direct... most sites are not a problem.
> Occasionally, one or two of these might come up after a long
> wait...
>
> Here are some examples of inaccessible urls:
> http://uk.greetings.yahoo.com
> http://www.baa.co.uk
> http://www.canon.co.uk
> http://www.gnupg.org
> http://www.marasystems.com
>
> yet for each of these there are many sites which have no problem at
> all... sometimes (apparently) even part of the same site for which
> I have problems in other parts of the site... e.g.
> www.bbc.co.uk/weather is fine, but www.bbc.co.uk/news or
> www.bbc.co.uk/sport will always time out (I think they both
> redirect to news.bbc.co.uk)
>
> Linux 7.2, Latest STABLE6 tarball, behind a transparent (Guardian)
> firewall with all outbound ports open for the squid server
>
> Is there something about the way these sites behave that I'm not
> handling properly... is there some specific information which would
> help further?
>
> Thankyou
>
> Phil DG
>
>
> ___________________________________________________________________
>_____ This e-mail has been scanned for all viruses by Star Internet.
> The service is powered by MessageLabs. For more information on a
> proactive anti-virus service working around the clock, around the
> globe, visit: http://www.star.net.uk
> ___________________________________________________________________
>_____
>
> ___________________________________________________________________
>_____ This e-mail has been scanned for all viruses by Star Internet.
> The service is powered by MessageLabs. For more information on a
> proactive anti-virus service working around the clock, around the
> globe, visit: http://www.star.net.uk
> ___________________________________________________________________
>_____
-- MARA Systems AB, Giving you basic free Squid support Your source of advanced web reverse proxying solutions http://www.marasystems.com/products/ ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________ ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:08:11 MST