Web Pages Load Slow when RFC1323 is Enabled on the ProxySG

<< Back to Knowledge Search



Some web pages load slowly or a blank page loads when going through a ProxySG configured with RFC 1323 support enabled.


Performance issues can occur when RFC 1323 is enabled on the ProxySG but not all devices on the network support this standard.  Because RFC 1323 is not universally supported (or may not be enabled), there may be instances where performance actually suffers to some sites or URLs because RFC 1323 is enabled on the proxy and not remotely.  The end result can be slow performance or blank pages.


There are a couple of ways to work around the issue.  They are as follows:

Solution #1: 

If you are in a transparent deployment, you can bypass the site that is giving you problems.  When sites are bypassed, the high performance TCP extensions on the proxy are not used.  (NOTE:  If you are in an explicit environment, you cannot bypass the proxy using the static bypass list.  If you are using a PAC file, then you can make an exception in your PAC file.)  Please do the following to bypass a site.

a.)  Determine the IP address or IP address range of the site that is giving you a problem.
b.)  Go into the Management Console (https://<ip.address.of.proxysg>:8082/) on the ProxySG.  Click on the Configuration tab > Services > Proxy Services > Static Bypass List tab.
c.)  Click on the New button.  For Server address, click on the radio button next to "Server host or subnet" and enter the IP address and accompanying subnet.  Click on the OK button to save your changes.  Next, click on Apply.
d.)  Test and make sure bypassing the site resolves the issue.  If not, you may need to validate the IP addresses that are in your exception list.  If you continue to have problems, you can try Solution #2 below.

Advantages of using solution #1:  This allows the proxy to use RFC 1323 for all sites except for those that are bypassed.

Disadvantages of using solution #1:  IP addresses may change over time.  New sites may showup that may also need to be bypassed.  The bypassed sites will not be recorded in the access logs.  Policy will not be applied to bypassed sites.


Solution #2:

You can disable RFC 1323 support globally on the ProxySG.  At this writing, it is not possible to disable RFC 1323 support on a per IP or URL basis, so when RFC 1323 is disabled, it is disabled globally on the ProxySG.  Here are the steps necessary to disable RFC 1323:

a.)  SSH or connect to the serial console of the proxy.
b.)  Run the following commands from the command line interface:

Enable Password:
ProxySG#config t
Enter configuration commands, one per line.  End with CTRL-Z.
ProxySG#(config)show tcp-ip
  RFC-1323 support:             enabled
ProxySG#(config)tcp-ip rfc-1323 disable

c.)  Test and make sure the problem is resolved when RFC 1323 is disabled.  NOTE:  If disabling RFC 1323 does not help, then please re-enable it so you can receive the performance benefits from having it enabled.

Advantages of using solution #2:  It is quick and easy to implement.  It may prevent future compatibility issues with other sites that are incompatible with RFC 1323.

Disadvantages of using solution #2:  This is an all or nothing solution.  Any performance increases that can be obtained by using RFC 1323 with sites that support the TCP enhancement will not be available.

To re-enable RFC 1323 support, please do the following:

Enable Password:
ProxySG#config t
Enter configuration commands, one per line.  End with CTRL-Z.
ProxySG#(config)show tcp-ip
  RFC-1323 support:             disabled
ProxySG#(config)tcp-ip rfc-1323 enable

Additional Information
Starting in SGOS 5.2.x, Blue Coat implemented RFC 1323 which is the RFC for "TCP Extensions for High Performance".  Prior to RFC 1323, the largest TCP window size is 65,536 bytes (or 2^16). 

As networks have increased in speed, Internet latency has also become a factor with how much data can be passed.  Even though the speed increases, there is only so much throughput that can occur due to latency and window size.  Part of the high performance extensions of TCP is the windows scale.  Essentially you can scale your TCP window to a factor, such as two times 65536 or six times 65536. 

Starting with SGOS 5.3 the default window scaling is now six or 6 x 65536 bytes or 393216 bytes.  What this ends up doing is allowing more information to be in transit before an ACK is required to be sent back, thereby increasing performance.  This is a very simplistic explanation and is not meant to be comprehensive.  Please see RFC 1323 for full technical details details.
Bug Number
InQuira Doc IdKB3754

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      12/02/2016
Last Published      12/02/2016
Article Audience
Product      ProxySG
Software      SGOS 5, SGOS 6
Topic      Networking, Performance, Usability
Article Number      000013651
Summary      Web Pages Load Slow when RFC1323 is Enabled on the ProxySG
Was this helpful?
Previous MonthNext Month