mperez1216
asked on
Network Issues (T1 slower than DSL?!)
We have a Full T1 line connected to a Cisco Router, which in turn is connected to a proxy server. I have separate DSL line connected to the DSL Modem, which in turn is connected to a firewall device.
In Internet Explorer, if the client is configured for the proxy server, he goes out thru the T1. If no setting exists, he goes out through the DSL side.
Up until two weeks ago, things were fine. Then clients configured for proxy started complaining about slowdown in the speed getting out to the Internet. We ran a tracert to an external IP from the client and found out that the first hop is our firewall device, not the cisco router.
When we do a speed test (optonline.net) again from the client, we find that we get a lower speed than the DSL (last test clocked a 136 Kbps)!
Any help would be greatly appreciated.
In Internet Explorer, if the client is configured for the proxy server, he goes out thru the T1. If no setting exists, he goes out through the DSL side.
Up until two weeks ago, things were fine. Then clients configured for proxy started complaining about slowdown in the speed getting out to the Internet. We ran a tracert to an external IP from the client and found out that the first hop is our firewall device, not the cisco router.
When we do a speed test (optonline.net) again from the client, we find that we get a lower speed than the DSL (last test clocked a 136 Kbps)!
Any help would be greatly appreciated.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The trace routes look very good on the T-1 line. I don't see anything wrong there. I have to agree with TRobertson on something using all of your bandwidth.
ASKER
The reason that you see two different circuits is because the DSL line was installed better part of 6 years, whereas the T1 only up for about 3 years.
ASKER
In reviewing the route print from the proxy server, I see these two entries:
192.168.1.175 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.177 255.255.255.255 192.168.1.175 192.168.1.175 1
Yet, when I ping these Ip's, there is no response. Would it be safe to delete these and if so, how? What affect would it have by deleting these entries and if I needed to put them back, how would I go about it.
192.168.1.175 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.177 255.255.255.255 192.168.1.175 192.168.1.175 1
Yet, when I ping these Ip's, there is no response. Would it be safe to delete these and if so, how? What affect would it have by deleting these entries and if I needed to put them back, how would I go about it.
ASKER
Wanted to increase the points on my last comment.
Additionally, I saw a posting on another web site
http://www.jsiinc.com/SUBD/tip1500/rh1598.htm that mentions disabling ICMP redirects. Is this a norm or recommended setting?
Additionally, I saw a posting on another web site
http://www.jsiinc.com/SUBD/tip1500/rh1598.htm that mentions disabling ICMP redirects. Is this a norm or recommended setting?
If this problem is just starting after three years, and you have not made any changes to your settings I would not recommend making any further changes on your firewall or modems. Unless there is some strange hardware malfunction I would guess that there is some third-party problem creating traffic or eating your bandwidth. I would recommend running ethereal with your proxy as a dst host address to see what is going on there. Also I might recommend bypassing the proxy and test a connection directly connected to the T1 modem.
>192.168.1.175 255.255.255.255 127.0.0.1 127.0.0.1 1 <== not a good idea to delete this one
>192.168.1.177 255.255.255.255 192.168.1.175 192.168.1.175 1 <== result of an icmp redirect
Agree that if this is a new phenomenon after several years, then you have something else going on in the network. Some backdoor, trojan, virus or worm.. Only way to find out is to use a sniffer..
>192.168.1.177 255.255.255.255 192.168.1.175 192.168.1.175 1 <== result of an icmp redirect
Agree that if this is a new phenomenon after several years, then you have something else going on in the network. Some backdoor, trojan, virus or worm.. Only way to find out is to use a sniffer..
ASKER
The reason I asked about these two specific Ip's is because I can't seem to identify them. I can see that x.x.x.175 is pointing to the local host and x.x.x.175 points to x.x.x.177, but I can't locate these on my network. DHCP is enabled, so I am thinking it's got to be a printer.
Again, when I ping or do nbtstat queries, nothing happens.
Again, when I ping or do nbtstat queries, nothing happens.
>192.168.1.175 255.255.255.255 127.0.0.1 127.0.0.1
^^^^^^^^^
This is supposed to be this machine's own local IP address. If it's not, then you have some serious issues with the local LAN adapter...
If you can't ping this IP, then it would be safe to delete:
>192.168.1.177 255.255.255.255 192.168.1.175 192.168.1.175
C:\>route delete 172.168.1.177 mask 255.255.255.255
^^^^^^^^^
This is supposed to be this machine's own local IP address. If it's not, then you have some serious issues with the local LAN adapter...
If you can't ping this IP, then it would be safe to delete:
>192.168.1.177 255.255.255.255 192.168.1.175 192.168.1.175
C:\>route delete 172.168.1.177 mask 255.255.255.255
ASKER
I am guessing that this is the correct syntax for adding the route back in, if need be (taken from help file):
route add 192.168.1.177 mask 255.255.255.255 gateway 192.168.1.175 metric 1
Also, does the server require a reboot after adding / deleting an entry?
route add 192.168.1.177 mask 255.255.255.255 gateway 192.168.1.175 metric 1
Also, does the server require a reboot after adding / deleting an entry?
You don't need the "gateway" keyword or the metric
C:\>route add 192.168.1.177 mask 255.255.255.255 192.168.1.175
No reboot, the change is instant..
C:\>route add 192.168.1.177 mask 255.255.255.255 192.168.1.175
No reboot, the change is instant..
ASKER
I tried to fair with the points. Lrmoore provided additional info and give you all "A"'s.
Problem is that I was able to pinpoint the problem and DNS was never the issue.
About three weeks ago, I had upgraded my version of Office to Office XP. I only did this on several computers. Anyway, it was about a week and a half ago that I was informed by the slowness of IE. That pointed me towards the proxy server to begin my troubleshooting.
Things took a turn for the better when I came across a computer that had not had Office upgraded yet, but was using proxy to get out to 'net. Did a speed test and found the speed to be 1460+Kbps, far better than my 125-137Kbps! So I went back to my pc and completely uninstall Office, with sadly to report, no change.
I then started looking closer at the other computer and noticed that when I did the speed check, I did not receive the familiar-looking coffee cup associated with Java on the system tray.
Armed with this info, I proceeded to uninstall Java from my computer. Re-ran the speed test, and wow! I was back at 1470Kbps! I then re-installed Java and found that my speed went back to 130Kbps. So I know what caused it. How to fix it. It seems that there is a browser setting in Java that is automatically checked during the installation to use Internet Explorer, which is what I use. I quickly removed the check mark from this setting, closed and reopened my browser to find that I was back at full speed.
I then reinstalled my Office app and am happy to report that I am back up and running. I wish to take this time to thank all of you and have awarded the points in what I see as a fair exchange of info. If I had mentioned that I had installed Office originally, I might have had this resolved a lot sooner, but, as the saying goes, "Live and Learn".
Thanks again.
Problem is that I was able to pinpoint the problem and DNS was never the issue.
About three weeks ago, I had upgraded my version of Office to Office XP. I only did this on several computers. Anyway, it was about a week and a half ago that I was informed by the slowness of IE. That pointed me towards the proxy server to begin my troubleshooting.
Things took a turn for the better when I came across a computer that had not had Office upgraded yet, but was using proxy to get out to 'net. Did a speed test and found the speed to be 1460+Kbps, far better than my 125-137Kbps! So I went back to my pc and completely uninstall Office, with sadly to report, no change.
I then started looking closer at the other computer and noticed that when I did the speed check, I did not receive the familiar-looking coffee cup associated with Java on the system tray.
Armed with this info, I proceeded to uninstall Java from my computer. Re-ran the speed test, and wow! I was back at 1470Kbps! I then re-installed Java and found that my speed went back to 130Kbps. So I know what caused it. How to fix it. It seems that there is a browser setting in Java that is automatically checked during the installation to use Internet Explorer, which is what I use. I quickly removed the check mark from this setting, closed and reopened my browser to find that I was back at full speed.
I then reinstalled my Office app and am happy to report that I am back up and running. I wish to take this time to thank all of you and have awarded the points in what I see as a fair exchange of info. If I had mentioned that I had installed Office originally, I might have had this resolved a lot sooner, but, as the saying goes, "Live and Learn".
Thanks again.
Great lesson, and an awsome display of detective work on your part!
- Cheers!
- Cheers!
ASKER
Thanks.
Question (and maybe I should post this in a different forum):
Has anyone come across a situation that messed up settings a different program just by upgrading or installing Office XP?
Question (and maybe I should post this in a different forum):
Has anyone come across a situation that messed up settings a different program just by upgrading or installing Office XP?
Finding the problem is all that matters, and you did a great job to track that down. This could very well help someone else later. Thanks for the points, but they were not really needed. I don't do it for points. I just do it to try to help others.
ASKER
tracert from client pc:
Tracing route to s1.optonline.net [167.206.5.7]
over a maximum of 30 hops:
1 <10 ms <10 ms <10 ms (our firewall)
2 <10 ms <10 ms <10 ms w001.z(isp-externall-assig
3 20 ms 30 ms 30 ms w001.z(isp-254.nyc-ny.dsl.
4 20 ms 30 ms 20 ms ge5-0-0.MAR1.NYC-NY.us.xo.
5 20 ms 20 ms 20 ms p5-2-0.RAR1.NYC-NY.us.xo.n
6 20 ms 21 ms 30 ms p0-0.IR1.NYC-NY.us.xo.net [65.106.3.38]
7 20 ms 30 ms 20 ms iar3-so-2-1-0.NewYork.savv
8 20 ms 30 ms 30 ms agr1-loopback.NewYork.savv
9 341 ms 310 ms 241 ms dcr1-so-6-1-0.NewYork.savv
10 261 ms 240 ms 320 ms r1-pos10-0.in.nycmny83.cv.
11 240 ms 90 ms 20 ms 451be031.cst.lightpath.net
12 210 ms 20 ms 30 ms 65.19.104.212
13 20 ms 20 ms 30 ms 167.206.15.149
14 * * * Request timed out.
15 * * * Request timed out.
.
.
.
30 * * * Request timed out.
Trace complete.
--------------------------
Tracert from proxy server:
Tracing route to s1.optonline.net [167.206.5.7]
over a maximum of 30 hops:
1 <10 ms <10 ms <10 ms host-ip-from-isp-.companyn
2 <10 ms <10 ms 10 ms Loopback0.GW7.EWR1.Alter.N
3 <10 ms <10 ms 10 ms 543.ATM2-0.XR2.EWR1.ALTER.
4 <10 ms <10 ms 10 ms 292.at-2-2-0.XR2.NYC9.ALTE
5 <10 ms <10 ms 10 ms 0.so-2-1-0.XL2.NYC9.ALTER.
6 <10 ms 10 ms <10 ms 0.so-3-0-0.XL2.NYC1.ALTER.
7 <10 ms 10 ms <10 ms POS7-0.GW9.NYC1.ALTER.NET [152.63.9.1]
8 <10 ms 10 ms <10 ms r2-pos3-0.in.nycmnyzr.cv.n
9 <10 ms 10 ms <10 ms 451be082.cst.lightpath.net
10 <10 ms 10 ms 10 ms r1-srp5-0.mhe.hcvlny.cv.ne
11 <10 ms 10 ms <10 ms 167.206.15.129
12 * * * Request timed out.
13 * * * Request timed out.
.
.
.
30 * * * Request timed out.
Trace complete.
--------------------------
Tracert from our DNS server that points to firewall:
Tracing route to s1.optonline.net [167.206.5.7]
over a maximum of 30 hops:
1 <10 ms <10 ms <10 ms (our firewall)
2 <10 ms <10 ms <10 ms w001.z(isp-external-assign
3 62 ms 32 ms 31 ms w001.zisp254.nyc-ny.dsl.cn
4 16 ms 31 ms 63 ms ge5-0-0.mar1.nyc-ny.us.xo.
5 16 ms 31 ms 31 ms p5-2-0.rar1.nyc-ny.us.xo.n
6 15 ms 32 ms 31 ms p0-0.ir1.nyc-ny.us.xo.net [65.106.3.38]
7 16 ms 31 ms 31 ms iar3-so-2-1-0.newyork.savv
8 15 ms 32 ms 31 ms agr2-loopback.NewYork.savv
9 16 ms 32 ms 15 ms dcr1-so-6-0-0.NewYork.savv
10 16 ms 31 ms 31 ms r1-pos10-0.in.nycmny83.cv.
11 31 ms 32 ms 15 ms 451be031.cst.lightpath.net
12 15 ms 32 ms 31 ms 65.19.104.212
13 16 ms 31 ms 31 ms 167.206.15.149
14 * * * Request timed out.
15 * * * Request timed out.
.
.
.
30 * * * Request timed out.
Trace complete.
--------------------------
Route Print:
My PC:
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 int-ip-firewall 192.168.1.mypc 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 192.168.1.mypc 192.168.1.mypc 1
192.168.1.mypc 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 192.168.1.mypc 192.168.1.mypc 1
224.0.0.0 224.0.0.0 192.168.1.mypc 192.168.1.mypc 1
255.255.255.255 255.255.255.255 192.168.1.mypc 192.168.1.mypc 1
Default Gateway: int-ip-firewall
==========================
Persistent Routes:
None
--------------------------
DNS Server that points to firewall:
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 int-ip-firewall dns-server 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 dns-server dns-server 1
dns-server 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.255 255.255.255.255 dns-server dns-server 1
224.0.0.0 224.0.0.0 dns-server dns-server 1
255.255.255.255 255.255.255.255 dns-server dns-server 1
Default Gateway: int-ip-firewall
==========================
Persistent Routes:
None
--------------------------
==========================
--------------------------
Proxy Server:
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 ext-isp-router-ip ext-isp-proxy-ip 1
65.209.107.176 255.255.255.240 ext-isp-proxy-ip ext-isp-proxy-ip 1
ext-isp-proxy-ip 255.255.255.255 127.0.0.1 127.0.0.1 1
65.255.255.255 255.255.255.255 ext-isp-proxy-ip ext-isp-proxy-ip 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.1.0 255.255.255.0 int-proxy-ip int-proxy-ip 1
int-proxy-ip 255.255.255.255 127.0.0.1 127.0.0.1 1
192.168.1.175 255.255.255.255 127.0.0.1 127.0.0.1 1
ext-isp-router-ip 255.255.255.255 192.168.1.175 192.168.1.175 1
192.168.1.255 255.255.255.255 int-proxy-ip int-proxy-ip 1
213.189.157.245 255.255.255.255 65.209.107.177 ext-isp-proxy-ip 1
224.0.0.0 224.0.0.0 ext-isp-proxy-ip ext-isp-proxy-ip 1
224.0.0.0 224.0.0.0 int-proxy-ip int-proxy-ip 1
224.0.0.0 224.0.0.0 192.168.1.175 192.168.1.175 1
255.255.255.255 255.255.255.255 int-proxy-ip int-proxy-ip 1
==========================
--------------------------
As far as the firewall on the DSL side, it is a third-party provided device (such as a sonicwall) controlled by same third party.
Hope this info helps!