[FX.php List] Using a web app over a VPN

[Leo R. Lundgren]

24 mar 2010 kl. 20.58 skrev Bob Patin:

>
> On Mar 24, 2010, at 2:22 PM, Leo R. Lundgren wrote:
>
>> Usually it has to do with lack of experience or knowledge, sad but  
>> true. But most of the sysadmins that are like this try to do a good  
>> job, usually just don't have the resources to keep themselves  
>> updated.
>>
>> Anyway, a long shot, since you are saying that you DO have  
>> connectivity, just very slow, is that there is something DNS- 
>> related, as ggt mentioned as well. An unrelated example is when you  
>> try to login via SSH to a server that doesn't have working DNS and  
>> "UseDNS" isn't set to no in sshd_config, one might see a one-two  
>> minute delay after entering the password, before getting a prompt.  
>> This is because the server tries to lookup the client's hostname,  
>> but can't, and times out on that. When it it's done timing out on  
>> the DNS queries, it lets you in anyway.
>>
>> As I said, a long shot, but weird slowdowns is often related to bad  
>> DNS configuration. If this could be the problem in your case I do  
>> not know, because I don't know what parts are involved in your  
>> solution and how/if they use DNS in their work. But for example,  
>> the server you connected to could unsuccessfully try to lookup the  
>> hostname of the connecting client and fail, and then cause a delay.  
>> The question in that case is; Are the delays you are experiencing  
>> of the same length, pretty consistently? If they are not, then it  
>> might be something else. But if you see a pattern, like this or in  
>> any other way, that's a good thing.
>
> A good theory, but in this case, I'm specifying an IP (a local IP)  
> in my FX web app prefs, so I wouldn't think DNS would affect it,  
> would it? Also, the site itself works fine and the domain name  
> resolves fine--but perhaps you're thinking of something different  
> than that.

As in the example with SSH, there can be other factors involving DNS  
into the picture, so the fact that you are connecting specifically  
with an IP address does not eliminate the theoretical possibility, no.  
But I think the network guys should come up with some kind of opinion  
on exactly *what* part of the communication it is that is not flowing  
as it should. There are many parts to it and "phases" during the  
communication, and by analyzing the traffic one should be able to  
conclude where in this process things are stalling.

>>
>> What type of VPN is it, how is it set up/configured?
>
> I don't have a clue; this is an IT company up in Missouri that is  
> providing services to them (at highly-inflated rates); they have a  
> staff of over 20, so they're a fairly decent-sized company, but I  
> have no idea about their VPN setup--I'm not at all familiar with  
> setting up VPNs.
>
>> How come you cannot analyze the network traffic? If any of the two  
>> machines (web server and database server) are OS X, UNIX or Linux
>
> No, both are running Windoze. I don't even have access to the web  
> server anyway, other than to FTP my pages to it.

I see :-) I thought (admittedly by not having followed the entire  
story from the beginning) that you were in control of one of the  
hosts. I see now what you are saying.

> The tech today said they did some traffic analysis and said almost  
> nothing was going between the 2 machines.. I'm not surprised since  
> it keeps timing out. One woman tried to order tickets 7 times, ended  
> up with 2 card transactions... it's a big mess. They're going to try  
> something tonight after hours, but I'm not sure what...

We'll see what they come back with then :-/ Some kind of diagnosis  
would be great. Not necessarily the final cause of it, but something  
concrete :)

-|