Use of DNS hostnames or DNS groups in IPS configurations (can trigger IPS restarts, delaying all traffic).
Jack, I have an Intrusion Protection exception for a DNS host (a Web Bank site that generates false positives). So it can slow down the web surfing? [:O]
We need to figure out what is unique in the setup that causes this- your experience is not universal.
I have seen occasional issues, and some sites simply timeout when they do not proxy well (often without any clues of you use the HTTPS proxy). But universal timeouts indicate something we can fix.
Without digging through all of your forum posts, the most common causes of slow proxies I have seen in support cases have been:
Slow or misconfigured DNS.
Host or network definitions bound to interfaces.
Use of DNS hostnames or DNS groups in IPS configurations (can trigger IPS restarts, delaying all traffic).
Upstream proxies interfering with the traffic.
One thing which may be informative is to run a frequent series of traceroutes to the CFF servers (with name resolution disabled to speed things up and remove outside influences). This will give you an idea of baseline performance for each hop, and help identifiy exactly where the issues lie.
Have you contacted support on this?
I apologize if you've covered all of this before.
yes...however it's far from non-universal i'm just one of the few making noises about it. I've hit it on BOTH installs i had going. It's not a regular e3vent..and I have documented pings and tracerts that show connectivity is fine until i get to the cff servers in previous threads.
And, I'm sure everyone is tired of me asking this- but are you using the best DNS servers possible, and do you have multiple forwarders defined? That rarely means your ISP's DNS, nor are common public ones like Google's or OpenVPN's usually the fastest anymore.
GRC's DNS benchmark tool is pretty handy for finding fast and reliable DNS.
it's not dns. I've troubleshot everything and found all of the above to not be the issue..look in my previous threads. I run DNS internally with forwards to opendns. i've also tried other servers. The issue isn't dns or connectivity at my sites..it's the cff servers slowing down. It's moot now...i've moved to another product that doesn't kill web performance randomly until Astaro fixes this.
