https://bugzilla.wikimedia.org/show_bug.cgi?id=48208
Web browser: ---
Bug ID: 48208
Summary: esams cluster unreachable using SSL
Product: Wikimedia
Version: wmf-deployment
Hardware: All
OS: All
Status: UNCONFIRMED
Severity: normal
Priority: Unprioritized
Component: SSL related
Assignee: wikibugs-l@lists.wikimedia.org
Reporter: mediazi...@gl00on.net
Classification: Unclassified
Mobile Platform: ---
Hi folks,
since last night, I've been unable to access any Wikimedia site using https
(plain http works just fine). I'm in Germany, and I'm getting served by the
esams cluster.
I've tried a variety of sites, including https://en.wikipedia.org ,
https://en.wikinews.org , https://www.mediawiki.org and
https://meta.wikimedia.org ; none have worked. (https://mediawiki.org , which
is getting served by the pmtpa cluster, works.)
When attempting to connect to any site served by the esams cluster, according
to Wireshark, there is never a reply of any kind to the inital SYN packet.
Given the TCP traceroutes below, I'm inclined to believe that the problem lies
somewhere in Wikimedia's cluster.
I already asked about this in #wikimedia-tech last night and spoke to Leslie
Carr and Ryan Lane, but they didn't find any obvious problems. It was noted
that another user had already asked about https access issues earlier that
night.
Since it's still not working today, I'm filing this bug so it won't be
forgotten. Thanks for looking into this - please let me know if you need more
information or if there's anything I can do to help.
--- Sample curl output ---
$ curl -I -v https://en.wikipedia.org
* About to connect() to en.wikipedia.org port 443 (#0)
* Trying 91.198.174.225...
* 0x8001f2b0 is at send pipe head!
* STATE: CONNECT => WAITCONNECT handle 0x80057550; line 1032 (connection #0)
* After 149981ms connect time, move on!
* Trying 2620:0:862:ed1a::1...
* After 74978ms connect time, move on!
* Failed connect to en.wikipedia.org:443; Operation now in progress
* Closing connection 0
* The cache now contains 0 members
curl: (7) Failed connect to en.wikipedia.org:443; Operation now in progress
$
--- Sample tcp tracerote on port 443 ---
$ tracetcp en.wikipedia.org:443
Tracing route to 91.198.174.225 [wikipedia-lb.esams.wikimedia.org] on port 443
Over a maximum of 30 hops.
[local hops]
3 12 ms 13 ms 13 ms 145.254.10.201
4 23 ms 27 ms 31 ms 92.79.213.138
5 19 ms 18 ms 19 ms 195.69.145.176
[xe-1-1-0.cr2-knams.wikimedia.or
g]
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
[...]
$
--- Sample tcp traceroute on port 80 (for comparison) ---
$ tracetcp en.wikipedia.org:80
Tracing route to 91.198.174.225 [wikipedia-lb.esams.wikimedia.org] on port 80
Over a maximum of 30 hops.
[local hops]
3 10 ms 10 ms 12 ms 145.254.10.201
4 31 ms 23 ms 27 ms 92.79.213.138
5 19 ms 18 ms 19 ms 195.69.145.176
[xe-1-1-0.cr2-knams.wikimedia.or
g]
6 Destination Reached in 20 ms. Connection established to 91.198.174.225
Trace Complete.
$
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
