OLD | NEW |
1 # Introduction | 1 # Proxy Auto Config Using WPAD |
2 Most systems support manually configuring a proxy for web access, but this is cu
mbersome and kind of techical, so Chrome also supports [WPAD](http://en.wikipedi
a.org/wiki/Web_Proxy_Autodiscovery_Protocol) for proxy configuration (enabled if
"automatically detect proxy settings" is enabled on Windows). | |
3 | 2 |
4 # Problem | 3 Most systems support manually configuring a proxy for web access, but this is |
5 Currently, WPAD is pretty slow when we're starting up Chrome - we have to query
the local network for WPAD servers using DNS (and maybe NetBIOS), and we wait al
l the way until the resolver timeout before we try sending any HTTP requests if
there's no WPAD server. This is a really crappy user experience, since the brows
er's basically unuseable for a couple of seconds after startup if autoconfig is
turned on and there's no WPAD server. | 4 cumbersome and kind of techical, so Chrome also supports |
| 5 [WPAD](http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol) for proxy |
| 6 configuration (enabled if "automatically detect proxy settings" is enabled on |
| 7 Windows). |
6 | 8 |
7 # Solution | 9 ## Problem |
| 10 |
| 11 Currently, WPAD is pretty slow when we're starting up Chrome - we have to query |
| 12 the local network for WPAD servers using DNS (and maybe NetBIOS), and we wait |
| 13 all the way until the resolver timeout before we try sending any HTTP requests |
| 14 if there's no WPAD server. This is a really crappy user experience, since the |
| 15 browser's basically unuseable for a couple of seconds after startup if |
| 16 autoconfig is turned on and there's no WPAD server. |
| 17 |
| 18 ## Solution |
| 19 |
8 There's a couple of simplifying assumptions we make: | 20 There's a couple of simplifying assumptions we make: |
9 | 21 |
10 * If there is a WPAD server, it is on the same network as us, and hence likely
to respond to lookups far more quickly than a random internet DNS server would. | 22 * If there is a WPAD server, it is on the same network as us, and hence likely |
11 * If we get a lookup success for WPAD, there's overwhelmingly likely to be a l
ive WPAD server. The WPAD script could also be large (!?) whereas the DNS respon
se is necessarily small. | 23 to respond to lookups far more quickly than a random internet DNS server |
| 24 would. |
| 25 * If we get a lookup success for WPAD, there's overwhelmingly likely to be a |
| 26 live WPAD server. The WPAD script could also be large (!?) whereas the DNS |
| 27 response is necessarily small. |
12 | 28 |
13 Therefore our proposed solution is that when we're trying to do WPAD resolution,
we fail very fast if the WPAD server doesn't immediately respond to a lookup (l
ike, 100ms or less). If there's no WPAD server, we'll time the lookup out in 100
ms and get ourselves out of the critical path much faster. We won't time out loo
kups for explicitly-configured WPAD servers (i.e., custom PAC script URLs) in th
is fashion; those will still use the normal DNS timeout. | 29 Therefore our proposed solution is that when we're trying to do WPAD resolution, |
| 30 we fail very fast if the WPAD server doesn't immediately respond to a lookup |
| 31 (like, 100ms or less). If there's no WPAD server, we'll time the lookup out in |
| 32 100ms and get ourselves out of the critical path much faster. We won't time out |
| 33 lookups for explicitly-configured WPAD servers (i.e., custom PAC script URLs) in |
| 34 this fashion; those will still use the normal DNS timeout. |
14 | 35 |
15 **This could have bad effects on networks with slow DNS or WPAD servers**, so we
should be careful to allow users to turn this off, and we should keep statistic
s as to how often lookups succeed after the timeout. | 36 **This could have bad effects on networks with slow DNS or WPAD servers**, so we |
| 37 should be careful to allow users to turn this off, and we should keep statistics |
| 38 as to how often lookups succeed after the timeout. |
16 | 39 |
17 So here's what our WPAD lookup policy looks like **currently** in practice (assu
ming WPAD is enabled throughout): | 40 So here's what our WPAD lookup policy looks like **currently** in practice |
| 41 (assuming WPAD is enabled throughout): |
18 | 42 |
19 * If there's no WPAD server on the network, we try to do a lookup for WPAD, ti
me out after two seconds, and disable WPAD. Until this time, no requests can pro
ceed. | 43 * If there's no WPAD server on the network, we try to do a lookup for WPAD, |
20 * If there's a WPAD server and our lookup for it answers in under two seconds,
we use that WPAD server (fetch and execute its script) and proceed with request
s. | 44 time out after two seconds, and disable WPAD. Until this time, no requests |
21 * If there's a WPAD server and our lookup for it answers after two seconds, we
time out and do not use it (ever) until a network change triggers a WPAD reconf
iguration. | 45 can proceed. |
| 46 * If there's a WPAD server and our lookup for it answers in under two seconds, |
| 47 we use that WPAD server (fetch and execute its script) and proceed with |
| 48 requests. |
| 49 * If there's a WPAD server and our lookup for it answers after two seconds, we |
| 50 time out and do not use it (ever) until a network change triggers a WPAD |
| 51 reconfiguration. |
22 | 52 |
23 Here's what the **proposed** lookup policy looks like in practice: | 53 Here's what the **proposed** lookup policy looks like in practice: |
24 | 54 |
25 * If there's no WPAD server on the network, we try to do a lookup for WPAD, ti
me out after 100ms, and disable WPAD. | 55 * If there's no WPAD server on the network, we try to do a lookup for WPAD, |
26 * If there's a WPAD server and our lookup for it answers in under 100ms or it'
s explicitly configured (via a custom PAC URL), we use that WPAD server. | 56 time out after 100ms, and disable WPAD. |
27 * If there's a WPAD server and our lookup for it answers after 100ms, we time
out and do not use it until a network change. | 57 * If there's a WPAD server and our lookup for it answers in under 100ms or |
| 58 it's explicitly configured (via a custom PAC URL), we use that WPAD server. |
| 59 * If there's a WPAD server and our lookup for it answers after 100ms, we time |
| 60 out and do not use it until a network change. |
OLD | NEW |