A problem I have come across repeatedly in large enterprises is poor web browsing performance due to over engineered PAC file. One of the most common causes of issues I’ve found is poor DNS resolution performance in conjunction with extensive DNS queries through the PAC file.
In this example the PAC file had 100+ IsInNet calls that resulted in very slow performance browsing. The affected site also suffered very poor DNS resolution performance. However removing the PAC file resulted in vastly improved browsing performance.
Some good guidelines for PAC files are here http://www.websense.com/content/support/library/web/v76/pac_file_best_practices/PAC_best_pract.aspx
Also a tool I built here PacDbg for analysing /debugging logic in PAC file https://chentiangemalc.wordpress.com/2013/09/30/pacdbg-custom-proxy-browser-set-proxy-cmd-line-tool/
Using Fiddler and the statistics it collects also is useful in analysing PAC performance issues http://www.telerik.com/fiddler
In this case we took two WireShark traces browsing a set of websites:
- Test #1 – PAC file
- Test #2 – Proxy set by IP address
These were repeated several times and results were consistent. ipconfig /flushdns run before each test.
Graphs generated using WireShark’s Statistics – I/O Graph menu option.
Test #1 – PAC File – Slow
Display Filter: dns.time
- Y AXIS: LOAD(Y field)
- Y field: dns.time
DNS query response time ranged from 0.1 – 2.4 seconds
The frequency of DNS queries also analysed:
- Display Filter: dns.flag.response eq 0
- Y AXIS: Packet/s
Test #2 – Fast – Proxy set by IP address
DNS query response still slow, but much less frequent.