Forum Slow

The forums staff are aware the forums are slow. It will be sorted out in due time. Please be patient. I'm also unaware of what the problem is at this time in case anyone wants to ask.
 
XenForo promptly got back to me.
Hello
We only supply the forum software and have no access to the forum or server it is hosted on, so unfortunately we are unable to help.
Regards
Paul
Thank you Paul. At least we know that ZenForo responds promptly on a Sunday evening. I won't forget that.
 
iI fFreebsd to
There you go, mate. Please do not rub it in, the molasses this is crawling trough is spoiling it for everyone.

I just had a tcpdump running to see if some delays are clustered or not, but the contents looks spread out evenly. At least to my untrained eye. Maybe someone with more experience in networking, and also access to the servers, may do more. But maybe it is not the forum itself. Maybe some switch is new and has problems with MTU settings or such. I have no idea, shooting into the dark fog.
 
Crivens, you forgot to fix the bsd to BSD. :)
Oh well, as Sir Terry Pratchett once wrote

Cry Crivens and let loose the clan Mac Feegle

And writing that will either brighten someone's day or just annoy people, but it's aimed to do the former.
 
Crivens, you forgot to fix the bsd to BSD. :)
Oh well, as Sir Terry Pratchett once wrote

Cry Crivens and let loose the clan Mac Feegle

And writing that will either brighten someone's day or just annoy people, but it's aimed to do the former.
I spent time fixing two letters, the rest is left as a home assignment. With the current speed here, that would keep you busy a day ;)

And it is NAC mac feegles, ye ken? All them bigjob scunners, trampling around, tripping misteriously over them tied bootlaces, into the cludgie...

Ye ken.. ahem, You know, I really like them small blue guys. Maybe someone shall tell them that the packets from the server do not contain 'specal sheep liniment' in any form, and that it is of no use to steal them?
 
Well, the first byte sent from the server happens fairly quick. I measure 800ms. But the rest of the page is taking forever to come down the pipe.
 
scottro She is addressing the big man as singular person, right. I suppose there is a comma missing somewhere. But I would need to browse trough my copy to find chapter and verse, but I reckon you are correct there. The Wee Free men are something like the little boy you would have liked to be, and that one allowed to continue his ways into adulthood. Ach waily waily us, we will meet the great one again in the previous world, won't we?
 
Problem 1 - forums.freebsd.org is dual stack with both an IPv4 & IPv6 address, BUT the IPv6 address doesn't even open on port 443 for me (it does connect on port 80 though). That said, it's still slow even when I connect from another box that is IPv4 only, so not the real problem.

Possible problem 2? - maybe it's always been like this, but according to ssllabs.com it looks to me like the SSL/TLS ciphers are severely limited - only 12 ciphers, whereas on my servers I've got 25 to 30 (and I still get an A+ from ssllabs).

Just informational - I too get a decent IPv4 ping response (~ 32ms), but IPv6 does not respond (I assume intentional).
When I telnet to port 80 (IPv4), the redirect response is fast (sorry, subjective with no metric). Likewise when I telnet to IPv4 port 443 (telnet, not openssl) the error page is also fast.

When I try to connect with openssl from my Mac (which slowly does bring the site up in Firefox and where I'm posting from right now), I get:
# openssl s_client -connect forums.freebsd.org:443
CONNECTED(00000003)
95313:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/ssl/s23_lib.c:185:
* I also tried using the IPv4 IP instead of the domain name to rule out the IPv6 443 not responding.

However when I do the same openssl command from my FreeBSD 10.2-R system, I quickly get the full SSL handshake... but oddly enough I can't access the website at all right now from that box though Firefox? (both my Mac & FreeBSD workstations are dual stacked on the same network).
 
Crivens, yes, I believe she is. On my Nook copy, (on a phone) it's page 198. I don't want to give all the circumstances as it could be considered a spoiler, but yes, it's in reply to Rob Anybody telling her, "The scunners are breaking through, Mistress Tiffany. It's stairted!"
"So cry 'Crivens' and let loose the clan Mac Feegle!" Tiffany commanded (rest of sentence).

Not clan, Mac Feegle. Anyway, I suppose I should stop taking this offtopic, and I apologize to others trying to keep up with progress on fixing the slowness issue.
 
When I try to connect with openssl from my Mac (which slowly does bring the site up in Firefox and where I'm posting from right now), I get:
# openssl s_client -connect forums.freebsd.org:443
CONNECTED(00000003)
95313:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/ssl/s23_lib.c:185:
* I also tried using the IPv4 IP instead of the domain name to rule out the IPv6 443 not responding.

However when I do the same openssl command from my FreeBSD 10.2-R system, I quickly get the full SSL handshake... but oddly enough I can't access the website at all right now from that box though Firefox? (both my Mac & FreeBSD workstations are dual stacked on the same network).

The same is here comparing Mac and FrreBSD. However, although FreeBSD 11-CURRENT shows the SSL handshake, it does report error too:
Code:
34380673912:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_lib.c:177
 
The same is here comparing Mac and FrreBSD. However, although FreeBSD 11-CURRENT shows the SSL handshake, it does report error too:
Code:
34380673912:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_lib.c:177

I get no error using curl:
Code:
TLSv1.2 (OUT), TLS handshake, Client hello (1):
TLSv1.2 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS handshake, Server key exchange (12):
TLSv1.2 (IN), TLS handshake, Server finished (14):
TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
TLSv1.2 (OUT), TLS change cipher, Client hello (1):
TLSv1.2 (OUT), TLS handshake, Finished (20):
TLSv1.2 (IN), TLS change cipher, Client hello (1):
TLSv1.2 (IN), TLS handshake, Finished (20):
SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
Server certificate:
*        subject: OU=Domain Control Validated; OU=Gandi Standard SSL; CN=forums.freebsd.org
*        start date: 2015-05-12 00:00:00 GMT
*        expire date: 2016-05-17 23:59:59 GMT
*        subjectAltName: forums.freebsd.org matched
*        issuer: C=FR; ST=Paris; L=Paris; O=Gandi; CN=Gandi Standard SSL CA 2
*        SSL certificate verify ok.
GET / HTTP/1.1
Host: forums.freebsd.org
User-Agent: curl/7.44.0
Accept: */*
HTTP/1.1 200 OK

But, the first page source is funky looking, with lots of extra line feeds here and there ...
 
I tried to tcpdump the forum loading with two networks now (work and home). The data trickles in at one packet per second, it seems. Pretty regular intervals. Traceroute does tell me that I would hate playing quake on that connection, but nothing more (about 130ms). When this is resolved, we might hear from the administrators what it was. But I am at the end of my line here.
 
Here is my FreeBSD box curl(1) output (Mac's is shorter, but the same, both do not open Forums):
Code:
$ curl -vv https://forums.freebsd.org
* Rebuilt URL to: https://forums.freebsd.org/
*  Trying 204.109.59.195...
* Connected to forums.freebsd.org (204.109.59.195) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*  CAfile: /usr/local/share/certs/ca-root-nss.crt
  CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* Unknown SSL protocol error in connection to forums.freebsd.org:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to forums.freebsd.org:443
And below is the output of curl in my workplace Linux box (which does open Forums slowly):
Code:
$ curl -vv https://forums.freebsd.org
* Rebuilt URL to: https://forums.freebsd.org/
* Hostname was NOT found in DNS cache
  % Total  % Received % Xferd  Average Speed  Time  Time  Time  Current
  Dload  Upload  Total  Spent  Left  Speed
  0  0  0  0  0  0  0  0 --:--:-- --:--:-- --:--:--  0*  Trying 204.109.59.195...
* Connected to forums.freebsd.org (204.109.59.195) port 443 (#0)
* successfully set certificate verify locations:
*  CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Server hello (2):
{ [data not shown]
* SSLv3, TLS handshake, CERT (11):
{ [data not shown]
* SSLv3, TLS handshake, Server key exchange (12):
{ [data not shown]
* SSLv3, TLS handshake, Server finished (14):
{ [data not shown]
* SSLv3, TLS handshake, Client key exchange (16):
} [data not shown]
* SSLv3, TLS change cipher, Client hello (1):
} [data not shown]
* SSLv3, TLS handshake, Finished (20):
} [data not shown]
  0  0  0  0  0  0  0  0 --:--:--  0:00:01 --:--:--  0* SSLv3, TLS change cipher, Client hello (1):
{ [data not shown]
* SSLv3, TLS handshake, Finished (20):
{ [data not shown]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* Server certificate:
*     subject: OU=Domain Control Validated; OU=Gandi Standard SSL; CN=forums.freebsd.org
*     start date: 2015-05-12 00:00:00 GMT
*     expire date: 2016-05-17 23:59:59 GMT
*     subjectAltName: forums.freebsd.org matched
*     issuer: C=FR; ST=Paris; L=Paris; O=Gandi; CN=Gandi Standard SSL CA 2
*     SSL certificate verify ok.
> GET / HTTP/1.1
.....
 
Looking at the code, the forum admins (or whoever) were probably just moving things around and left some whitespace gaps (I hope). I'm usually OC about stuff like that, so it's likely nothing out of ordinary.

curl: (35) Unknown SSL protocol error in connection to forums.freebsd.org:443

That's usually the curl indicator that the server doesn't like your cipher suite suggestions.
 
I did a whois, drill a/x, geoip, etc on the address, and it's in Cary, NC. That's pretty strange, because that's where I AM! I suppose I could drive over there and ask them what is going on! (But - I suppose it could be an OS or forum software config issue, and not host machine related).

So distance is definitely not the problem!
 
In my case, the forum is completely inaccessible from my home connection, whereas it is usable but slow from my workplace. I'm currently at home using a SOCKS proxy via SSH to my office just to be able to access the forums.
The HTTP 301 redirect works just fine from both places, the problem is only with the HTTPS connection.

My home provider (TDC) routes the connection from Denmark to the United States via Zayo Group, whereas my work provider (Zen Systems) uses Level 3 - although I don't know if the transit provider is to blame.
Both locations use the same DNS server, resolving forums.freebsd.org to 204.109.59.195. No proxies or anything, just a FreeBSD router with PF at home and a Linux router with iptables at work.

I have never had problems like this before. I think it began on Thursday or Friday, up until then the site was fully usable and quickly responding from both locations.
 
In my case, the forum is completely inaccessible from my home connection, whereas it is usable but slow from my workplace. I'm currently at home using a SOCKS proxy via SSH to my office just to be able to access the forums.
The HTTP 301 redirect works just fine from both places, the problem is only with the HTTPS connection.

My home provider (TDC) routes the connection from Denmark to the United States via Zayo Group, whereas my work provider (Zen Systems) uses Level 3 - although I don't know if the transit provider is to blame.
Both locations use the same DNS server, resolving forums.freebsd.org to 204.109.59.195. No proxies or anything, just a FreeBSD router with PF at home and a Linux router with iptables at work.

I have never had problems like this before. I think it began on Thursday or Friday, up until then the site was fully usable and quickly responding from both locations.

Just pinged the server:

Code:
PING 204.109.59.195 (204.109.59.195): 56 data bytes
64 bytes from 204.109.59.195: icmp_seq=0 ttl=53 time=42.731 ms
64 bytes from 204.109.59.195: icmp_seq=1 ttl=53 time=41.944 ms
64 bytes from 204.109.59.195: icmp_seq=2 ttl=53 time=41.000 ms
64 bytes from 204.109.59.195: icmp_seq=3 ttl=53 time=40.698 ms
64 bytes from 204.109.59.195: icmp_seq=4 ttl=53 time=40.717 ms

What's weird is that my speed is less than what gkhontos had. We're all fiber optics here in Cary.

I see the FreeBSD forum switched providers about three months ago, from ICS. That explains why I didn't recognize the 204.x.x.x in my initial post. Like I said, Cary runs fiber optics to the hilt, so it should be a good place to host stuff. I'm sure it's an unusual situation, and like I said in the last post, it's more likely an OS network config or SQL or forum software config thing rather than host hardware ...
 
Fixed it, eh? My memory is starting to work again, slowly. Every so often they bump the forum over to another machine, and do their maintenance thing. I'm beginning to remember the futile prognostications that we entertained the moderators with that other time too ... aliens, hacker saboteurs, Mulder, Scully, and the Cigarette man too. An older backup machine explains the ciphersuite mismatches too.

Fixed my foot.
 
Back
Top