[squid-users] Squid returns NONE_ABORTED/000 and high response time but the internet access itself looks okay
Ahmad, Sarfaraz
Sarfaraz.Ahmad at deshaw.com
Tue Aug 7 14:14:56 UTC 2018
I cannot reproduce this. This is intermittent. In Chrome's dev tools, it appeared to take over 20 secs to setup the TCP connection.
I am SSL bumping all TLS connections unless they match certain ACLs. So it is safe to assume that the vast majority of the traffic was bumped.
I don't see any TLS handshake failure messages in cache.log. I think the access.log messages I posted earlier are fake CONNECT requests created using TCP-level info (the response time logged there is directly proportionate to what I see in Chrome's dev tools). Guessing that Squid would send TCP SYN-ACK only after it receives SYN-ACK from remote/origin server.
I don’t think ICAP(reqmod) would come into the picture yet either (assuming that even the TCP connections have not been set up yet) so that is safe to rule out. Am I right here ?
Also restarting squid service fixed this. I had a python script running in the background that was able to GET a webpage using requests module(timeout set to 30) but Squid apparently couldn't even set up a TCP connection.
- Sarfaraz
-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
Sent: Tuesday, August 7, 2018 6:04 PM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] Squid returns NONE_ABORTED/000 and high response time but the internet access itself looks okay
On 07/08/18 21:55, Ahmad, Sarfaraz wrote:
> Hi,
>
>
>
> I am WCCPv2 for redirecting traffic to Squid.
>
Squid version?
> Intermittently I see these messages in access.log and the internet for
> clients goes away.
>
>
>
> 1533612202.312 79102 <ip> NONE_ABORTED/000 0 CONNECT
> 198.22.156.64:443
> - HIER_NONE/- -
>
> 1533612202.312 82632 <ip> NONE_ABORTED/000 0 CONNECT
> 173.194.142.186:443 - HIER_NONE/- -
>
> 1533612202.312 16030 <ip> NONE_ABORTED/000 0 CONNECT
> 172.217.15.67:443
> - HIER_NONE/- -
>
> 1533612202.312 78477 <ip> NONE_ABORTED/000 0 CONNECT
> 173.194.142.186:443 - HIER_NONE/- -
>
>
>
> But I can access internet on the host running squid itself just fine
> yet Squid reports those messages with high response times (the second column).
>
...>
>
> We use an ICAP service. Could that play a role here ?
A lot of things *might* play a role there.
>
> Any thoughts ?
Trace the traffic.
What did the client actually send to Squid?
It's probably not a port-80 style CONNECT request.
What does Squid send back to the client?
Does Squid complete the TLS handshake?
What are your SSL-Bump settings?
Amos
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list