Overview
Last week, one of my client reported that their users were experiencing slow internet access even on non peak hours. For them, this is because there was a problem on our proxy solution provided (McAfee Web Gateway). I don't buy that. So what I did is to gather info first (like what a good IT guy would do) and then analyze each.After some hour analyzing the result, it turns out that the culprit was their internal DNS! It seems their internal DNS is very slow in resolving each request sent by our proxy solution. This make user browsing experience very sloowwww. :(
To simulate this in a controlled environment, its pretty easy!
What you need are the following:
1. Your own proxy server
2. Script to simulate internet access
3. Internal DNS server
Your own proxy server
This is pretty much the most important here. You can use any proxy, i.e. Squid proxy, or if you have an enterprise proxy (like what I have is McAfee Web Gateway) will do also. Go setup that server and for the sake of testing purpose, just create basic filtering. If you want authentication, you may do so but make sure your script can handle authentication.Script to simulate internet access
This one is what you need in order to generate web traffic. Ofcourse it will be pain in the ass when you're the one doing random internet access. Also by doing it via script, you can have access to many possible sites you can log on your proxy.The following below are the script I use, it's written on Python 2.6 so you need one if you haven't yet. (Read More About Python Here)
import urllib2, string, randomdef random_site():host_name = [line.strip() for line in open('sites.txt', 'r')]protocol = ['http://www.','http://mail.']domain = ['.com','.net','.org','.biz','.xxx','.ph','.sg','.com.ph','.co.uk']website = random.choice(protocol) + random.choice(host_name) + random.choice(domain)return websitedef main():
If you would notice, you need another file name sites.txt, that file simply contains random word per line. Those words will be use as a random website the script will be accessing.proxy = "107.168.64.201:9090"proxies = {"http":"http://%s" % proxy}headers={'User-agent' : 'Mozilla/5.0'}proxy_support = urllib2.ProxyHandler(proxies)opener = urllib2.build_opener(proxy_support, urllib2.HTTPHandler(debuglevel=1))urllib2.install_opener(opener)while True:try:url = random_site()print urlreq = urllib2.Request(url, None, headers)urllib2.urlopen(req).read()#print htmlexcept urllib2.HTTPError, error:print "ERROR: ", error.read()if __name__ == '__main__':main()
Aside from that script, I created another two which behaves differently. The second script was modified to generate literally random website by have the commands below (this script acts like if there are botnet infection inside your company)
def random_site(y):return ''.join(random.choice(string.ascii_lowercase) for x in range(y))
Where "y" is the value passed from main function. I set mine to 5 so it would return something like this "uixck"
when returned, I concatenate it with "http://www." + returned_value + ".com"
Ofcourse you may modify that part to do it all inside the random_site() function.
The third script is simply cotaining a real valid websites (i.e. Google, Facebook, Twitter, Yahoo) since the first two are just generating random sites.
Internal DNS server
To simulate this correctly, what you need is either setup a new machine to act as DNS server, use your own desktop as the DNS server or just use your router (which I think least effective since it might have configure already to use a fast DNS server)The Result
So after testing everything, I ended up a result such as this
If you would notice, there are numbers on the left side. It indicates how long it took each request to resolve (in millisecond) the proper DNS record. As you can see the right one is above 30,000 ms (30s) which is pretty bad for users. Typically, DNS resolution should only be ~50ms and below.
You may use DNS benchmarking tool such as namebench (here) to see what is the recommended DNS you can use.
So I change my proxy setting to use the fastest DNS (Google public DNS 8.8.8.8) and the result was impressive,
So to summarize, if you experience slow internet access, try to check first your DNS. :-)
No comments:
Post a Comment
Kindly respect the author website and its reader.