Websites which can’t handle TCP window scaling

June 27, 2007 in tech, university by Seb

I’ve run into a dead end in a process of debugging a website. Here’s the low-down.

  1. A particular university website is needed for my (and my sister’s) study.
  2. I have a 2 desktops and 1 laptop, all running kubuntu fiesty, on the same network, same dmz etc
  3. Only the laptop loads the website
  4. The website will load under windows on both of the desktops
  5. Turns out, that the desktops will load the website, but very, very slowly (about 5 minute delay)

I have absolutely, no clue about how to continue debugging and hopefully fixing the problem. Does anybody have any suggestions that I could use to try and get this up and running again?

nb: it doesn’t seem to be ipv6 causing the problems.

Update:
A big big thanks to Jonathan Brugge and LukyLuke who have already solved my problem. Turns out that my university couldn’t be arsed hiring decent software developers (or paying for a decent system). The website simply doesn’t handle scaled TCP windows properly. There are two solutions:

echo "0" > /proc/sys/net/ipv4/tcp_window_scaling
Caveat: this causes no window scaling to be applied on all sites, so the better method is to apply on a per ip basis:

ip route add IP.ADD.RE.SS/32 via <your default gateway> window 65535

(found on the openSUSE wiki)

8 Comments

  1. Random
    Posted June 27, 2007 at 8:47 pm | Permalink

    Java — check your java settings .

  2. Anon Ymous
    Posted June 27, 2007 at 9:01 pm | Permalink

    Maybe a bit obvious, but have you tried tcpdump?

  3. Jonathan Brugge
    Posted June 27, 2007 at 9:11 pm | Permalink

    I’ve seen a similar problem which took me quite some time to solve. In that case, there was a faulty router somewhere between me and the website. It didn’t work well with TCP scaling and combined with some specific kernel versions which made the situation worse, lead to the problem you describe. Does ‘echo 0 > /proc/sys/net/ipv4/tcp_window_scaling’ solve it?

  4. Darkstar
    Posted June 27, 2007 at 9:34 pm | Permalink

    Check the MTU of your network card(s). I had similar problems with PCs behind a router. Try setting the MTU down to 1450 for example.

  5. Paul Eggleton
    Posted June 27, 2007 at 9:37 pm | Permalink

    FWIW, I get the same issue here with Konq 3.5.7 on Gentoo here in NZ. Jonothan Brugge’s remedy above seems to fix it though, so hopefully it will for you as well :)

  6. Chris
    Posted June 27, 2007 at 9:41 pm | Permalink

    Hi. That website wouldn’t load here either. Wireshark showed that I could connect and send the http request alright, but the server didn’t respond to that.

    Jonathan’s solution made it work for me. Weird kind of problem…

  7. LukyLuke
    Posted June 27, 2007 at 10:08 pm | Permalink

    Based on the information/solution from Jonathan I found an other, in my point of view a much better, solution.
    Instead to scale down the whole net to a 64 KByte buffer for sending and receiving, you can add custom routes for hosts/nets where this occurres:
    ip route add IP.ADD.RE.SS/32 via YourDefaultGateway window 65535

    For your given site for example something like this:
    ip route add 149.171.95.20 via YourDefaultGateway window 65535
    (Just replace “YourDefaultGateway” with it)

    NB: I found this solution (in german) on http://de.opensuse.org/SDB:Problem_mit_der_Herstellung_einer_TCP/IP_Verbindung_in_openSUSE_10.2

  8. Seb
    Posted June 27, 2007 at 10:18 pm | Permalink

    Thanks you all so much, you have solved my seemingly unfixable problem.