On 05/06/2015 07:33 AM, Roger Oberholtzer wrote:
I am helping a coworker get his openSUSE 13.1 system up and running here at work. Mysteriously, when running zypper (or yast), downloading packages screeches to a near standstill. It quickly gets to where it downloads less than 100 bytes / sec. All other network activity seems fine. I tried setting
export ZYPP_ARIA2C=0
but it makes no difference. It really seems that only zypper acts this way on this network. I do not know if the environment variable still works with zypper. It was a while since I had this problem. Maybe it is no longer implemented. Anyone else have a slow zypper?
I might add that it happens on all my openSUSE machines in this office.
I've noticed somewhere down the thread that IronPort was mentioned. It might depend on the type/model of IronPort, but it can be a very nasty box, doing *much* more than just antispam. E.g, the one we have here is capable of creating fake ssl/tls certs and injecting them in user's https session. Basically it's performing a man-in-the-middle attack, but they call it "intelligent decryption". And, yes, it's not needed for antispam, definitelly, but that's another story. I had the same problem and here's what I think could help. It seems that update from main repo via yast or zypper behaves intelligently in such that during update it switches between a number of mirrors - some kind of load ballancing. So, it looks that behind the scenes, during an update your yast/zypper connects not only to various IP addresses but via different protocols as well. Some mirrors are contacted via HTTP some via FTP. Now, if IronPort is set to forbid FTP, you'll have timeouts, hence the delay and slow update. Further on, you might have IP address switch during fetch of a single file (I guess, I'm not sure) which is probably taken as suspicious act by IronPort... My solution was to choose individual fixed mirror repos instead of the main one. I tested the speed by measuring individual downloads and set my repos to point to the fastest one. For my locations the best one was in Germany, don't remember the name. In my case it worked (like two or three years ago). It's worth trying. Hope this helped. Best regards, ~rmš~ -- Radule Šoškić, mr.sci, CISSP, GPEN, GSNA Head of ICT Audit Telekom Srbija a.d. 11000 Beograd, Takovska 2 Serbia Мр Радуле Шошкић, CISSP, GPEN, GSNA Директор Сектора за ревизију технологија и система Телеком Србија а.д. 11000 Београд, Таковска 2 Србија N�����r��y隊Z)z{.�ﮞ˛���m�)z{.��+�: �{Zr�az�'z��j)h���Ǿ� ޮ�^�ˬz��