Solutions

Some web page load slowly, or a blank page loads when going through the proxy (RFC 1323)

Solutions ID:    KB3754
Version:    6.0
Status:    Published
Published date:    03/31/2010
Updated:    09/10/2010
 

Problem Description

Some web page load slowly, or a blank page loads when going through the proxy (RFC 1323)
Some web pages are slow to load
Some web pages do not load
Recently upgraded to SGOS 5.2.x, 5.3.x, 5.4.x, or 5.5.x
Generally the deployment is inline, but this can occur in an explicit deployment as well.
URL does not load
URL is slow to load
Web page is slow to load
 

Resolution

Starting in SGOS 5.2.x, Blue Coat implemented RFC 1323 which is the RFC for "TCP Extensions for High Performance".  Prior to RFC 1323, the largest TCP window size is 65,536 bytes (or 2^16).  As networks have increased in speed, Internet latency has also become a factor with how much data can be passed.  Even though the speed increases, there is only so much throughput that can occur due to latency and window size.  Part of the high performance extensions of TCP is the windows scale.  Essentially you can scale your TCP window to a factor, such as two times 65536 or six times 65536.  Starting with SGOS 5.3 the default window scaling is now six or 6 x 65536 bytes or 393216 bytes.  What this ends up doing is allowing more information to be in transit before an ACK is required to be sent back, thereby increasing performance.  This is a very simplistic explanation and is not meant to be comprehensive.  Please see RFC 1323 for full technical details details.

The problem is that not all devices on the Internet (or network) support RFC 1323.  Because RFC 1323 is not universally supported (or may not be enabled), there may be instances where performance actually suffers to some sites or URLs because RFC 1323 is enabled on the proxy and not remotely.  The end result can be slow performance or blank pages.

NOTE:  RFC 1323 may not be the cause of all page loading issues.  There are other potential causes with their accompanying solution.  Please see the OTHER SOLUTIONS section at the bottom of the article for other potential solutions to this problem.

WORKAROUNDS:

There are a couple of ways to work around the issue.  They are as follows:

Solution #1: 

If you are in a transparent deployment, you can bypass the site that is giving you problems.  When sites are bypassed, the high performance TCP extensions on the proxy are not used.  (NOTE:  If you are in an explicit environment, you cannot bypass the proxy using the static bypass list.  If you are using a PAC file, then you can make an exception in your PAC file.)  Please do the following to bypass a site.

a.)  Determine the IP address or IP address range of the site that is giving you a problem.
b.)  Go into the Management Console (https://<ip.address.of.proxysg>:8082/) on the ProxySG.  Click on the Configuration tab > Services > Proxy Services > Static Bypass List tab.
c.)  Click on the New button.  For Server address, click on the radio button next to "Server host or subnet" and enter the IP address and accompanying subnet.  Click on the OK button to save your changes.  Next, click on Apply.
d.)  Test and make sure bypassing the site resolves the issue.  If not, you may need to validate the IP addresses that are in your exception list.  If you continue to have problems, you can try Solution #2 below.

Advantages of using solution #1:  This allows the proxy to use RFC 1323 for all sites except for those that are bypassed.

Disadvantages of using solution #1:  IP addresses may change over time.  New sites may showup that may also need to be bypassed.  The bypassed sites will not be recorded in the access logs.  Policy will not be applied to bypassed sites.

 

Solution #2:

You can disable RFC 1323 support globally on the ProxySG.  At this writing, it is not possible to disable RFC 1323 support on a per IP or URL basis, so when RFC 1323 is disabled, it is disabled globally on the ProxySG.  Here are the steps necessary to disable RFC 1323:

a.)  SSH or connect to the serial console of the proxy.
b.)  Run the following commands from the command line interface:

ProxySG>enable
Enable Password:
ProxySG#config t
Enter configuration commands, one per line.  End with CTRL-Z.
ProxySG#(config)show tcp-ip
  RFC-1323 support:             enabled
ProxySG#(config)tcp-ip rfc-1323 disable
  ok
ProxySG#(config)exit
ProxySG#

c.)  Test and make sure the problem is resolved when RFC 1323 is disabled.  NOTE:  If disabling RFC 1323 does not help, then please re-enable it so you can receive the performance benefits from having it enabled.

Advantages of using solution #2:  It is quick and easy to implement.  It may prevent future compatibility issues with other sites that are incompatible with RFC 1323.

Disadvantages of using solution #2:  This is an all or nothing solution.  Any performance increases that can be obtained by using RFC 1323 with sites that support the TCP enhancement will not be available.

To re-enable RFC 1323 support, please do the following:

ProxySG>enable
Enable Password:
ProxySG#config t
Enter configuration commands, one per line.  End with CTRL-Z.
ProxySG#(config)show tcp-ip
  RFC-1323 support:             disabled
ProxySG#(config)tcp-ip rfc-1323 enable
  ok
ProxySG#(config)exit
ProxySG#

 

SOLUTION FEEDBACK:

Please use the feedback below with comments to indicate which solution you used (solution #1 or solution #2) and if the solution resolved your issue.

 

OTHER SOLUTION(S)

KB3528 - www.google-analytics.com is causing web pages to load slowly or sometimes not load at all 

 

ADDITIONAL INFORMATION:

For additional information regarding RFC 1323 on the ProxySG, please see FAQ1006.  For additional information regarding RFC 1323 and PacketShaper, please see FAQ1005.

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question