TCP_TUNNEL_ABORTED/200 with spliced windows updates

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

TCP_TUNNEL_ABORTED/200 with spliced windows updates

Ahmad, Sarfaraz

Hi Folks,

 

I am using WCCP and redirecting traffic to Squid for both HTTP/HTTPS interception.

In this setup, I have spliced most of the Windows updates's services using SNI in squid's acls. Yet even with TCP tunnel, I am getting failures with these messages in the accesslog. 

Why could that response time be so high and is that causing the client to close the connection ? When I take the proxy out of the picture(no redirection through WCCP) the updates run just fine.

 

1526277713.535 119962 10.240.167.24 TCP_TUNNEL_ABORTED/200 3898 CONNECT sls.update.microsoft.com:443 - ORIGINAL_DST/13.78.168.230 -

1526277833.538 119735 10.240.167.24 TCP_TUNNEL_ABORTED/200 3898 CONNECT sls.update.microsoft.com:443 - ORIGINAL_DST/52.229.171.202 -

1526277953.501 119808 10.240.167.24 TCP_TUNNEL_ABORTED/200 3898 CONNECT sls.update.microsoft.com:443 - ORIGINAL_DST/52.229.171.202 -

 

Any inputs are welcome.

 

Regards,

Sarfaraz

 


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: TCP_TUNNEL_ABORTED/200 with spliced windows updates

Amos Jeffries
Administrator
On 14/05/18 20:59, Ahmad, Sarfaraz wrote:

> Hi Folks,
>
> I am using WCCP and redirecting traffic to Squid for both HTTP/HTTPS
> interception.
>
> In this setup, I have spliced most of the Windows updates's services
> using SNI in squid's acls. Yet even with TCP tunnel, I am getting
> failures with these messages in the accesslog. 
>
> Why could that response time be so high and is that causing the client
> to close the connection ? When I take the proxy out of the picture(no
> redirection through WCCP) the updates run just fine.
>

1) A client may disconnect at any time, for any reason.

2) WCCP is not doing the interception part. It is routing packets to the
Squid box. The intercept should ONLY be done there.

3) Maybe those 3898 bytes that very consistently get delivered to the
client contain a hint.

  and/or, try the intercept part without WCCP if you can. Simplify the
network path and test each part independently to find the point of breakage.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users