Sharing ADSL2+ to 75 Users - Internal DNS Needed?

alexbuckland
alexbuckland used Ask the Experts™
on
Hi,

I have a strange problem. I have setup many networks from stratch but I have recently implemented a 'Internet Only' solution for a building with 75 - 100 clients with low to medium intenet usage. The building runs no servers, only standalone clients.

The main plan was to install 2 x ADSL2+ lines and load balance them, so far only 1 line has been setup. I have attached about 50 clients to the new system as a test.

While the throughput is good (12mb down / 1.2mb up) browsing websites is generally very slow slower than it should be with with the amount of traffic. Once a connection is established ie a download the throughput is fine.

My thinking is that an internal DNS server (a 2003 box for example) is needed to cache and resolve the querys much quicker, as a the moment the router is the gateway & dns server.

Does anyone agree or have another idea?

All switches are gigbit and the router is a Draytek 2820.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
bluntTonyHead of ICT
Top Expert 2009

Commented:
HI there,
bluntTonyHead of ICT
Top Expert 2009

Commented:
Hi there,
(don't know what happened with the last post!)
From looking at the spec of the 2820, it actually looks like it is acting as a DNS caching server anyway, so I don't think this would be your issue. In any case, 50 isn't a lot of users for simple web browsing over a 12MB connection.
What sort of latency are you getting?
Also, what external DNS servers is the router set up to use? Could it be that the primary DNS server is unavailable and is timing out and subsequently failing over to the secondary?

Author

Commented:
Hi speedtest.net gives me 353ms - quite bad - but if I disconnect all the users I get 26-45ms.
The router is using the ISP's (186k) DNS, but there is no reported problems, also I have many users on 186k with no issues.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

bluntTony has a great point about the primary DNS possibly timing out. In our data center we used to use an internal DNS server that forwarded to our ISP's DNS servers. We got to the point where pages would time out and started to panic. Turns out our ISP upstream DNS was horrible, and we switched to the OpenDNS resolvers.

Now we couldn't be happier with the response.

Is there a way in your router to view current connections? I can do this with our Fortigates and if you see a lot of open connections on port 53 over 5 seconds in duration, you know you have a bad DNS setup. Try the OpenDNS resolvers at 208.67.222.222 and 208.67.220.220.

Author

Commented:
Thanks, I will give that a try on monday!

Commented:
Is the throughput good with the users connected or might you have machines that are generating excess traffic and clogging the link. (malware/worms/virus/etc...) Filling up either the up or down side of the connection will give similar results.  

How much traffic are you using of the 12/1.2 while the users are connected?  How do the speedtest numbers look whent he users are online?  The PING time in the tests should not be dependant on the DNS latency, but on just the round trip time.  If it is that slow I would suspect you have a link problem due to traffic...

50 users on a 12/1.2 could be low or very high...  Without knowing what types of traffic and the amount per user, it would not be smart to predict.  Just measure it...  Be certain and don't waste time guessing...

Commented:
If you think it is DNS just use NSLOOKUP from the Windows XP command line to see how long DNS takes to resolve versus a ping to the DNS server(s).  Compare those two and you should be able to better see where the source of the issues might be.

Commented:
From what I know, not all home routers are capable of dealing with a lot of concurrent connections. I suppose that's not the problem you see.

Commented:
It is possible if you have IE8 on very many of the machines that you are running into traffic issues you do not expect...

Here is a link from MS that describes the new behavior in IE8.
http://msdn.microsoft.com/en-us/library/cc304129(VS.85).aspx

With the default IE connections per server bumped from 2 to 6, you can create 3X the session count and generate much more traffic per user that you might be expecting.

If this reference to Draytek HW is correct, then normal traffic loads should not bother the 2820...  regardless of the IE version...
http://forums.whirlpool.net.au/forum-replies.cfm?t=1165817&r=19114990#r19114990

I think that measuring and collecting some facts and data will answer the questions and eliminate most of the guesswork...


-CoreyMac

Author

Commented:
Hi,

I tried the new DNS settings and it made no difference, whilst the users are online they are consuming probably on 1.6 - 2.5mb of bandwidth. I think maybe the router is having problems processing all the requests?

Any ideas for better router anyone?
Commented:
I have not used the Draytek, so I do not have experience to say otherwise, but the people who have discussed it have never mentioned a problem with the workloads you are talking about.  

Still the reviews for that router are not stellar, but they saw 8X-10X the throughput you are seeing...

http://www.pcpro.co.uk/labs/212304/draytek-vigor-2820n.html

I would probalby pick a Cisco ASA 5505 or 5510, but they do NOT load balance.

Commented:
Such low throughput needs more measurement IMHO....  

Are you dropping packets?  
Are you filling up the return path (upstream)?
What is the actual, measured bandwidth in both directions?
what about speed and duplex, are there errors, or is the Auot-Negotiation failing?

Commented:
AlexBuckland,

What turned out to be the problem?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial