[lug] Wireless ISP - Sprint Broadband

John Hernandez John.Hernandez at noaa.gov
Mon May 14 09:00:39 MDT 2001 

Aside from the obvious chokepoint and single point of failure problem, I would also be concerned about privacy.  Proxy logs typically record very detailed information.  I would ask them very nicely to write a rule that exempts you and further recommend that they make the proxy an 'opt-in' (non-transparent) service.  If they put up a fight, you could say you need to reach non-HTTP services on port 80/tcp and their proxy is in your way.

-John

Ryan Kirkpatrick wrote:
> 
> On Thu, 10 May 2001, Nate Duehr wrote:
> 
> > On Mon, May 07, 2001 at 08:00:20PM -0600, Ryan Kirkpatrick wrote:
> > >     Glad to know that I was not the only one who noticed that! I
> > > was going crazy trying to find the problem with my systems, especially
> > > when ssh and ftp were still working. Also, usually on Sunday afternoons I
> > > often see long delays between connecting to web sites and any data being
> > > sent back. Appears they still have a little work do on their high load
> > > handling. :)
> >
> > Are they transparently proxying HTTP traffic?  Perhaps that would explain
> > the HTTP outage and the high response times on HTTP stuff on weekends
> > during heavy load.
> 
>         My gut reaction would be no, but I double checked anyway... Hit my
> offsite website from my home boxes, and then looked in the access logs.
> Guess what? Yep, transparent HTTP proxy is in place on Sprint's BBD
> service. My web logs showed connections from codvedca01.co.sprintbbd.net
> (24.221.208.16) when my home boxes hit the web server. That indeed
> explains the outages on heavy load, the proxy acts a bottle neck killing
> the connection. :(
>         Though, to their credit, I do have to say that save for high load
> situations, it is a very well configured web proxy. I have used
> transparent and non-transparent web proxies in the past, and it was always
> dead obvious that I was using them (slow load times, out of date pages,
> general weirdness, etc...). Until I tested as above, I did not even
> suspect that they were running a proxy.
>         During high load times though, my SSH connections run fine, so I
> think a VPN tunnel to my web server might be in order for avoiding high
> load outages. :)
> 
> ---------------------------------------------------------------------------
> |   "For to me to live is Christ, and to die is gain."                    |
> |                                            --- Philippians 1:21 (KJV)   |
> ---------------------------------------------------------------------------
> |   Ryan Kirkpatrick  |  Boulder, Colorado  |  http://www.rkirkpat.net/   |
> ---------------------------------------------------------------------------
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug

More information about the LUG mailing list