search cancel

"The site you have attempted to access was unreachable" error going to baidu.com in China, or slow performance accessing the same site.

book

Article ID: 257069

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Users accessing Cloud SWG resources in China using WSS Agents.

Users connecting to Shanghai can access baidu.com and subdomains without any issues, but if the same user connects to the Beijing data center, then users may see Communication errors as shown below, or the baidu.com pages can become very slow to load/render.

Bypassing baidu.com domain from Cloud SWG works around the issue.

 

Environment

WSS Agent

Cloud SWG China data centers

Cause

Local DNS servers, accessed by the Cloud SWG Proxy, were resolving baidu.com hosts to Hong Kong IP addresses, where drops were more visible due to the fact that traffic going through China firewalls.

Resolution

Addressed DNS issues within the Beijing data center environment, so that baidu.com resolved to local in country IP addresses.

No DNS changes needed on the customer side.

Additional Information

HAR file appear to show the performance issues were queuing and connectivity related.

PCAPs confirmed this where we could see large numbers of retransmitted requests, with long delays. Te destination IP addresses resolved to Hong Kong servers.

 

Attachments

Powered by Wolken Software