strange gap results

dalore · February 1, 2016, 8:25am

We are seeing some very strange results with WPT. For example http://www.webpagetest.org/result/160201_T2_BFC/1/details/

It will connect, get the html page, process google analytics and then make no connection for 40+ seconds and then start retrieving the assets.

I noticed the other thread mentioning ssl gaps but that shouldn’t be the case here. It’s already connected and reuses the same connection to download the assets since it’s the same cert, ip but just a different server name.

pmeenan · February 1, 2016, 12:54pm

Looking at the bandwidth line below the waterfall, it looks like something BIG is downloading using a consistent 2.5Mbps or so during the gap. Whatever it is isn’t showing up in the waterfall though so it’s something that the WPT code doesn’t know how to decode (or isn’t reported by dev tools).

Do you see it from other locations or with different pages on the same location?

dalore · February 1, 2016, 1:59pm

Tried another location (Manchester this time, previously was London), and also a different url and got similar results: http://www.webpagetest.org/result/160201_DB_N68/

Doing a test with tcpdump turned on:

it seems to fetch dns records for the ocsp.digicert.com even though the oscp should be stapled (as confirmed with ssllabs)
The client (wpt) seems to keep sending a RST/ACK and making new connections over and over (which is probably where the 2.5Mbps downloads comes from). Until something (?) and then it decides to accept the certificate?

dalore · February 1, 2016, 3:35pm

wireshark of one of the connections during the strange period

Background of our setup:

We have 3 hostnames now all the same ip (although some dns resolves are still propagating it seems to some of the WPT hosts, but the capture had the right ip), www.pitchup.com, m.pitchup.com and media.pitchup.co.uk

Configured using nginx, spdy, ocsp stapling, ev certs. We recently got one cert with the 3 hostnames all as alternative names. We did this to have a media domain but not to incur an extra ssl connect when using it. If the ip address and the certificate is the same the client doesn’t need to create make a new ssl connection.

Now we aren’t seeing the issue when accessing pages on www.pitchup.com but we see the issue when accessing m.pitchup.com. The issue arises when it tries to connect to media.pitchup.co.uk.

Not seeing this locally but that doesn’t prove it isn’t happening.

pmeenan · February 5, 2016, 10:11pm

It’s worth noting that OCSP stapling will only work for the leaf certificate. Any intermediaries will still need to be checked if they aren’t already trusted roots.

unixy · February 8, 2016, 9:05pm

Does disabling pagespeed help improve test readability?

pmeenan · February 10, 2016, 4:02pm

mod_pagespeed on the server? Not sure I understand but no flavor of PageSpeed I can think of should have a negative impact on reliability or consistency. Only possible interaction I can think of is for new content mod_pagespeed may take a few page loads before the server has optimized all of the resources.

unixy · February 16, 2016, 2:08pm

In some instances, a misconfigured mod_pagespeed can go bezerk in a loop. So just a hunch after seeing such high processing of pagespeed happening in the WPT details of the site.

dalore · February 16, 2016, 2:09pm

tried without mod_pagespeed (ModPagespeed=off) and got the same results. Looking at the tcpdump seems to be the ssl negotiation keeps retrying until it succeeds

Topic		Replies	Views
SSL Gaps Support	10	149	January 12, 2016
Gaps in Waterfall Support	0	226	August 1, 2017
Gap in TLS connection/handshake Discuss Test Results	2	138	March 15, 2016
Stretched download? Discuss Test Results	3	177	May 20, 2019
Gaps in waterfall specifically in IE Private Instances	13	169	October 26, 2014

strange gap results

Related topics