Solved

Network Issues (T1 slower than DSL?!)

Posted on 2004-10-01
18
402 Views
Last Modified: 2013-12-14
We have a Full T1 line connected to a Cisco Router, which in turn is connected to a proxy server. I have separate DSL line connected to the DSL Modem, which in turn is connected to a firewall device.

In Internet Explorer, if the client is configured for the proxy server, he goes out thru the T1. If no setting exists, he goes out through the DSL side.

Up until two weeks ago, things were fine. Then clients configured for proxy started complaining about slowdown in the speed getting out to the Internet. We ran a tracert to an external IP from the client and found out that the first hop is our firewall device, not the cisco router.

When we do a speed test (optonline.net) again from the client, we find that we get a lower speed than the DSL (last test clocked a 136 Kbps)!  

Any help would be greatly appreciated.
0
Comment
Question by:mperez1216
  • 8
  • 5
  • 3
  • +1
18 Comments
 
LVL 1

Assisted Solution

by:Wilson_Phillips
Wilson_Phillips earned 20 total points
ID: 12206099
How about a copy and paste of the Tracert to optonline.net, since this would give us all more to go on. By the way, your first hop should be your firewall device and the second hop should be your router.
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 75 total points
ID: 12213523
>We ran a tracert to an external IP from the client and found out that the first hop is our firewall device, not the cisco router.
This is a good clue. From the Proxy server, run C:\>route print
Even though you may have a default gateway pointing to the Cisco router, you may have received an icmp redirect to the firewall, which has "stuck" in the proxy server.

What type of firewall do you have on the DSL line? Do you control the Cisco router, or does the ISP?
0
 

Author Comment

by:mperez1216
ID: 12217882
Requested info (please forgive me for masking some ip addresses, but hopefully, this may be sufficient:

tracert from client pc:

Tracing route to s1.optonline.net [167.206.5.7]
over a maximum of 30 hops:



  1   <10 ms   <10 ms   <10 ms  (our firewall)
  2   <10 ms   <10 ms   <10 ms  w001.z(isp-externall-assigned-ip.nyc-ny.dsl.cnc.net [our-dsl-modem.1]
  3    20 ms    30 ms    30 ms  w001.z(isp-254.nyc-ny.dsl.cnc.net [isp-.254.1]
  4    20 ms    30 ms    20 ms  ge5-0-0.MAR1.NYC-NY.us.xo.net [207.88.86.17]
  5    20 ms    20 ms    20 ms  p5-2-0.RAR1.NYC-NY.us.xo.net [65.106.3.45]
  6    20 ms    21 ms    30 ms  p0-0.IR1.NYC-NY.us.xo.net [65.106.3.38]
  7    20 ms    30 ms    20 ms  iar3-so-2-1-0.NewYork.savvis.net [208.173.135.129]
  8    20 ms    30 ms    30 ms  agr1-loopback.NewYork.savvis.net [206.24.194.101]
  9   341 ms   310 ms   241 ms  dcr1-so-6-1-0.NewYork.savvis.net [206.24.207.53]
 10   261 ms   240 ms   320 ms  r1-pos10-0.in.nycmny83.cv.net [206.24.207.26]
 11   240 ms    90 ms    20 ms  451be031.cst.lightpath.net [65.19.96.49]
 12   210 ms    20 ms    30 ms  65.19.104.212
 13    20 ms    20 ms    30 ms  167.206.15.149
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
.
.
.
 30     *        *        *     Request timed out.

Trace complete.
------------------------------
Tracert from proxy server:
Tracing route to s1.optonline.net [167.206.5.7]
over a maximum of 30 hops:

  1   <10 ms   <10 ms   <10 ms  host-ip-from-isp-.companyname.com [external-ip-cisco-router]
  2   <10 ms   <10 ms    10 ms  Loopback0.GW7.EWR1.Alter.Net [137.39.7.181]
  3   <10 ms   <10 ms    10 ms  543.ATM2-0.XR2.EWR1.ALTER.NET [152.63.24.210]
  4   <10 ms   <10 ms    10 ms  292.at-2-2-0.XR2.NYC9.ALTER.NET [152.63.17.246]
  5   <10 ms   <10 ms    10 ms  0.so-2-1-0.XL2.NYC9.ALTER.NET [152.63.23.141]
  6   <10 ms    10 ms   <10 ms  0.so-3-0-0.XL2.NYC1.ALTER.NET [152.63.29.113]
  7   <10 ms    10 ms   <10 ms  POS7-0.GW9.NYC1.ALTER.NET [152.63.9.1]
  8   <10 ms    10 ms   <10 ms  r2-pos3-0.in.nycmnyzr.cv.net [65.19.102.145]
  9   <10 ms    10 ms   <10 ms  451be082.cst.lightpath.net [65.19.96.130]
 10   <10 ms    10 ms    10 ms  r1-srp5-0.mhe.hcvlny.cv.net [65.19.104.194]
 11   <10 ms    10 ms   <10 ms  167.206.15.129
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
.
.
.
 30     *        *        *     Request timed out.

Trace complete.

---------------------------

Tracert from our DNS server that points to firewall:

Tracing route to s1.optonline.net [167.206.5.7]
over a maximum of 30 hops:

  1   <10 ms   <10 ms   <10 ms  (our firewall)
  2   <10 ms   <10 ms   <10 ms  w001.z(isp-external-assigned-ip.nyc-ny.dsl.cnc.net [our-dsl-modem.1]
  3    62 ms    32 ms    31 ms  w001.zisp254.nyc-ny.dsl.cnc.net [isp.254.1]
  4    16 ms    31 ms    63 ms  ge5-0-0.mar1.nyc-ny.us.xo.net [207.88.86.17]
  5    16 ms    31 ms    31 ms  p5-2-0.rar1.nyc-ny.us.xo.net [65.106.3.45]
  6    15 ms    32 ms    31 ms  p0-0.ir1.nyc-ny.us.xo.net [65.106.3.38]
  7    16 ms    31 ms    31 ms  iar3-so-2-1-0.newyork.savvis.net [208.173.135.129]
  8    15 ms    32 ms    31 ms  agr2-loopback.NewYork.savvis.net [206.24.194.102]
  9    16 ms    32 ms    15 ms  dcr1-so-6-0-0.NewYork.savvis.net [206.24.207.49]
 10    16 ms    31 ms    31 ms  r1-pos10-0.in.nycmny83.cv.net [206.24.207.26]
 11    31 ms    32 ms    15 ms  451be031.cst.lightpath.net [65.19.96.49]
 12    15 ms    32 ms    31 ms  65.19.104.212
 13    16 ms    31 ms    31 ms  167.206.15.149
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
.
.
.
 30     *        *        *     Request timed out.

Trace complete.
------------------------------
Route Print:

My PC:

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     int-ip-firewall    192.168.1.mypc        1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1        1
      192.168.1.0    255.255.255.0     192.168.1.mypc    192.168.1.mypc        1
     192.168.1.mypc  255.255.255.255        127.0.0.1       127.0.0.1        1
    192.168.1.255  255.255.255.255     192.168.1.mypc    192.168.1.mypc        1
        224.0.0.0        224.0.0.0     192.168.1.mypc    192.168.1.mypc        1
  255.255.255.255  255.255.255.255     192.168.1.mypc    192.168.1.mypc        1
Default Gateway:      int-ip-firewall
===========================================================================
Persistent Routes:
  None
------------------------------------------
DNS Server that points to firewall:

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     int-ip-firewall      dns-server        1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1        1
      192.168.1.0    255.255.255.0     dns-server    dns-server        1
     dns-server  255.255.255.255        127.0.0.1       127.0.0.1        1
    192.168.1.255  255.255.255.255     dns-server   dns-server        1
        224.0.0.0        224.0.0.0     dns-server    dns-server        1
  255.255.255.255  255.255.255.255     dns-server    dns-server        1
Default Gateway:      int-ip-firewall
===========================================================================
Persistent Routes:
  None
-------------------------------
===========================================================================
------------------------------
Proxy Server:

Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0   ext-isp-router-ip  ext-isp-proxy-ip        1
   65.209.107.176  255.255.255.240   ext-isp-proxy-ip  ext-isp-proxy-ip        1
   ext-isp-proxy-ip  255.255.255.255        127.0.0.1       127.0.0.1        1
   65.255.255.255  255.255.255.255   ext-isp-proxy-ip  ext-isp-proxy-ip        1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1        1
      192.168.1.0    255.255.255.0     int-proxy-ip    int-proxy-ip        1
     int-proxy-ip  255.255.255.255        127.0.0.1       127.0.0.1        1
    192.168.1.175  255.255.255.255        127.0.0.1       127.0.0.1        1
    ext-isp-router-ip  255.255.255.255    192.168.1.175   192.168.1.175        1
    192.168.1.255  255.255.255.255     int-proxy-ip    int-proxy-ip        1
  213.189.157.245  255.255.255.255   65.209.107.177  ext-isp-proxy-ip        1
        224.0.0.0        224.0.0.0   ext-isp-proxy-ip  ext-isp-proxy-ip        1
        224.0.0.0        224.0.0.0     int-proxy-ip    int-proxy-ip        1
        224.0.0.0        224.0.0.0    192.168.1.175   192.168.1.175        1
  255.255.255.255  255.255.255.255     int-proxy-ip    int-proxy-ip        1
===========================================================================
----------------------------------------

As far as the firewall on the DSL side, it is a third-party provided device (such as a sonicwall) controlled by same third party.

Hope this info helps!
0
 
LVL 3

Accepted Solution

by:
TRobertson earned 30 total points
ID: 12220129
Depending on what speed DSL circuit, technically it is possible.  Basically a Internet DS1/aka.T1 is the same as a 1.5U/1.5D speed DSL circuit, however usually you don't find DSL circuits symetrically matched unless it is of business class.  When I say a T1 is the same as a DSL circuit, I am referring to the speed, however most businesses prefer the T1 due to its service level agreement that guarantees its quality.  Also T1s are popular for connecting MANs and WANs because you are dedicating a circuit between two locations, unlike and Internet T1 where one endpoint is your LAN and the other is the Internet.  Many ISP now offer DSL circuits a 3MB/s on the download (much less bandwidth on the upload) therefore depending on what speed DSL circuit you have it could technically be faster on the download.

Also I see that your two circuits are on different backbones, one alter.net the other cnc.net to xo.net, this can also account for different latencies.

My advice, run a sniffer to check out what other traffic may be traveling out your proxy, possibly a file sharer is eating your bandwidth.
0
 
LVL 1

Expert Comment

by:Wilson_Phillips
ID: 12222195
The trace routes look very good on the T-1 line. I don't see anything wrong there. I have to agree with TRobertson on something using all of your bandwidth.
0
 

Author Comment

by:mperez1216
ID: 12227513
The reason that you see two different circuits is because the DSL line was installed better part of 6 years, whereas the T1 only up for about 3 years.
0
 

Author Comment

by:mperez1216
ID: 12227841
In reviewing the route print from the proxy server, I see these two entries:

192.168.1.175  255.255.255.255    127.0.0.1          127.0.0.1        1
192.168.1.177  255.255.255.255    192.168.1.175   192.168.1.175        1

Yet, when I ping these Ip's, there is no response. Would it be safe to delete these and if so, how? What affect would it have by deleting these entries and if I needed to put them back, how would I go about it.
0
 

Author Comment

by:mperez1216
ID: 12227866
Wanted to increase the points on my last comment.

Additionally, I saw a posting on another web site

http://www.jsiinc.com/SUBD/tip1500/rh1598.htm that mentions disabling ICMP redirects. Is this a norm or recommended setting?
0
 
LVL 3

Expert Comment

by:TRobertson
ID: 12228369
If this problem is just starting after three years, and you have not made any changes to your settings I would not recommend making any further changes on your firewall or modems.  Unless there is some strange hardware malfunction I would guess that there is some third-party problem creating traffic or eating your bandwidth.  I would recommend running ethereal with your proxy as a dst host address to see what is going on there.  Also I might recommend bypassing the proxy and test a connection directly connected to the T1 modem.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 79

Expert Comment

by:lrmoore
ID: 12229471
>192.168.1.175  255.255.255.255    127.0.0.1          127.0.0.1       1  <== not a good idea to delete this one
>192.168.1.177  255.255.255.255    192.168.1.175   192.168.1.175       1 <== result of an icmp redirect

Agree that if this is a new phenomenon after several years, then you have something else going on in the network. Some backdoor, trojan, virus or worm.. Only way to find out is to use a sniffer..



0
 

Author Comment

by:mperez1216
ID: 12229641
The reason I asked about these two specific Ip's is because I can't seem to identify them. I can see that x.x.x.175 is pointing to the local host and x.x.x.175 points to x.x.x.177, but I can't locate these on my network. DHCP is enabled, so I am thinking it's got to be a printer.

Again, when I ping or do nbtstat queries, nothing happens.

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12229692
>192.168.1.175  255.255.255.255    127.0.0.1          127.0.0.1  
  ^^^^^^^^^
This is supposed to be this machine's own local IP address. If it's not, then you have some serious issues with the local LAN adapter...

If you can't ping this IP, then it would be safe to delete:

>192.168.1.177  255.255.255.255    192.168.1.175   192.168.1.175      

C:\>route delete 172.168.1.177 mask 255.255.255.255


0
 

Author Comment

by:mperez1216
ID: 12229877
I am guessing that this is the correct syntax for adding the route back in, if need be (taken from help file):

route add 192.168.1.177 mask 255.255.255.255 gateway 192.168.1.175 metric 1

Also, does the server require a reboot after adding / deleting an entry?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12230632
You don't need the "gateway" keyword or the metric

C:\>route add 192.168.1.177 mask 255.255.255.255 192.168.1.175

No reboot, the change is instant..

0
 

Author Comment

by:mperez1216
ID: 12238437
I tried to fair with the points. Lrmoore provided additional info and give you all "A"'s.

Problem is that I was able to pinpoint the problem and DNS was never the issue.

About three weeks ago, I had upgraded my version of Office to Office XP. I only did this on several computers. Anyway, it was about a week and a half ago that I was informed by the slowness of IE. That pointed me towards the proxy server to begin my troubleshooting.

Things took a turn for the better when I came across a computer that had not had Office upgraded yet, but was using proxy to get out to 'net. Did a speed test and found the speed to be 1460+Kbps, far better than my 125-137Kbps!  So I went back to my pc and completely uninstall Office, with sadly to report, no change.
I then started looking closer at the other computer and noticed that when I did the speed check, I did not receive the familiar-looking coffee cup associated with Java on the system tray.

Armed with this info, I proceeded to uninstall Java from my computer. Re-ran the speed test, and wow! I was back at 1470Kbps! I then re-installed Java and found that my speed went back to 130Kbps. So I know what caused it. How to fix it. It seems that there is a browser setting in Java that is automatically checked during the installation to use Internet Explorer, which is what I use. I quickly removed the check mark from this setting, closed and reopened my browser to find that I was back at full speed.

I then reinstalled my Office app and am happy to report that I am back up and running. I wish to take this time to thank all of you and have awarded the points in what I see as a fair exchange of info. If I had mentioned that I had installed Office originally, I might have had this resolved a lot sooner, but, as the saying goes, "Live and Learn".

Thanks again.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12238544
Great lesson, and an awsome display of detective work on your part!

- Cheers!
0
 

Author Comment

by:mperez1216
ID: 12238618
Thanks.

Question (and maybe I should post this in a different forum):

Has anyone come across a situation that messed up settings a different program just by upgrading or installing Office XP?

0
 
LVL 1

Expert Comment

by:Wilson_Phillips
ID: 12239828
Finding the problem is all that matters, and you did a great job to track that down. This could very well help someone else later. Thanks for the points, but they were not really needed. I don't do it for points. I just do it to try to help others.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

This solves the problem of diagnosing why an internet connection is no longer working. It also helps identify the likely cause of the lost connection if the procedure fails to re-establish your internet connection. It helps to pinpoint the likely co…
Sometimes you have to pull out old tricks to get a new firewall to work… While we were installing a new Sonicwall at a customers site we found that sites they were able to visit before were not working.  It seemed random and we could not understa…
This video discusses moving either the default database or any database to a new volume.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now