Puzzled over slow site issue

Cat5Cat5 Member Posts: 297 ■■■□□□□□□□
I've been troubleshooting an issue with a branch office complaining of slow Internet. They say it's with all the users, not just one. I logged in to one of the servers there and verified that the Internet is crawling along. However, I can ping without packet loss from my computer to their router, from their router to the server (and a local host computer), and from the server to the router that their Internet is backhauled to (coming back to us). I don't see any saturation on their circuit, and since we use Bluecoat to monitor sites visited, I bypassed it also - to no effect.

Suggestions welcome.

Comments

  • lsud00dlsud00d Member Posts: 1,571
    Yell at the ISP?
  • Bl8ckr0uterBl8ckr0uter Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
    Have you checked all of your core switches? Maybe it's on the lan side and not the isp side.
  • Jack2Jack2 Member Posts: 153
    Are they having local DNS resolution problems? This can present it self as slow internet access.
    WGU Courses Completed at WGU: CPW3, EWB2, WFV1, TEV1, TTV1, AKV1, TNV1| TSV1, LET1, ORC1, MGC1, TPV1, TWA1, CVV1, DHV1, DIV1, DJV1, TXP1, TYP1, CUV1, TXC1, TYC1, CJV1
    Classes Transferred: BAC1, BBC1, LAE1, LAT1, LUT1 ,1LC1, 1MC1, QLT1, IWC1, IWT1, INC1, INT1, SSC1, SST1, CLC1
    WGU Graduate - BSIT 2014
  • wrwarwickwrwarwick Member Posts: 104
    Any update on this. I would be interested to see what is going on.
  • vinbuckvinbuck Member Posts: 785 ■■■■□□□□□□
    Cat5 wrote: »
    I've been troubleshooting an issue with a branch office complaining of slow Internet. They say it's with all the users, not just one. I logged in to one of the servers there and verified that the Internet is crawling along. However, I can ping without packet loss from my computer to their router, from their router to the server (and a local host computer), and from the server to the router that their Internet is backhauled to (coming back to us). I don't see any saturation on their circuit, and since we use Bluecoat to monitor sites visited, I bypassed it also - to no effect.

    Suggestions welcome.

    Have you tried using iperf? It is an invaluable FREE tool that can be used on Windows and Linux to measure throughput on any network. It is very accurate and you can start looking at LAN congestion points if the WAN turns out to be ok. If it is the WAN, you've isolated the issue and you can copy the data from the test so you have something quantifiable to show your bosses so you can get more speed or take steps to mitigate the congestion on the existing link.
    Cisco was my first networking love, but my "other" router is a Mikrotik...
  • keenonkeenon Member Posts: 1,922 ■■■■□□□□□□
    i get that call at least 2 times a week. first off make sure there's nothing within the client lan side that may be causing an issue. jabbering device nics ( pc, phones, printers), rouge hubs and switches. if nothing then look at the wan side.

    traceroute the router wan interface from your site depending on the ISP they may show you the hops some do some don't through the mpls network

    check the router's interfaces lan and wan, look for any errors and then take the ping challenge.

    normal ping is 32bytes from the command prompt . ping (router wan interface) -t -l 1500 this sets a constant ping at 1500bytes which should be no problem for a solid circuit. then do this is the opposite direction from the router ping x.x.x.x size 1500 repeat 1000

    if it drops any amount of packets then the isp is to blame. question is are there any intermediate hand-offs in the path of the circuit? odds are yes. have fun watching them point fingers
    Become the stainless steel sharp knife in a drawer full of rusty spoons
  • vinbuckvinbuck Member Posts: 785 ■■■■□□□□□□
    keenon wrote: »

    if it drops any amount of packets then the isp is to blame. question is are there any intermediate hand-offs in the path of the circuit? odds are yes. have fun watching them point fingers

    I don't know that I totally agree with this statement. I work on the ISP/SP side and i've seen a lot of stuff that causes packet loss that ends up not being the WAN.

    To name a few....

    -High CPU Usage on the router.
    -Physical layer cabling.
    -Failing physical interface.
    -speed/duplex mismatch or incorrectly confgured autonegotiation
    -routing loops
    -switching loops
    -Internal/External DOS attack

    I'm sure we could compile a long list between all of us, but the WAN needs to be isolated and tested to confirm throughput first and foremost.
    Cisco was my first networking love, but my "other" router is a Mikrotik...
  • keenonkeenon Member Posts: 1,922 ■■■■□□□□□□
    true, can't exclude meet points for the major carriers, LECs, cable pairs, bad doublers, NIU/smartjacks and MUXs. all of which i have experienced in troubleshooting slowness without seeing issues within my remote site.
    Become the stainless steel sharp knife in a drawer full of rusty spoons
  • sieffsieff Member Posts: 276
    have you looked into a DNS issue? i've seen this a few times. try changing the DNS pri/sec on a PC to 4.2.2.2 and 8.8.8.8 to see if that makes a difference.
    "The heights by great men reached and kept were not attained by sudden flight, but they, while their companions slept were toiling upward in the night." from the poem: The Ladder of St. Augustine, Henry Wadsworth Longfellow
  • nethackernethacker Member Posts: 184 ■■■□□□□□□□
    i have once had this issue on my lan and i configured broadcast storm control on the switches and configured ip route-cache flow on my router. I did a "sh ip cache flow" and i discovered that one of my internal host was talking directly to a public ip address, i located the port on the switch where the host was connected and i shut the port. Immediately i shut the port, the internet went faster.
    Another issue that could cause a slow internet link, at least from my experience, is when all hosts on the internal network try to download anti-virus updates automatically at the same time from the anti-virus server at the HQ, i created a timed access-list to deny updates from 9am to 4pm.
    i don't know if anyone has ever experienced the above though but i know it surely exist
    JNCIE | CCIE | GCED
Sign In or Register to comment.