Solved

Internet Connection Times Out Periodically

Posted on 2011-03-02
7
1,727 Views
Last Modified: 2012-05-11
Our company network has been dropping its connection to the Internet every 1 - 2 hours for 20 - 120 seconds for the past 72 hours. Our ISP is Windstream. We have seven bonded T1s. I can ping the public gateway continuously all day and I can see that we lose our connection for about 10 to 14 pings or about one minute per occurrence.  When it goes offline, normal users do not notice because it comes back quickly. However, our VPN users are kicked offline and cannot work. Large file transfers and back ups are also interrupted. We use a SonicWALL NSA 2400. I have no errors in the log and I have rebooted it. Windstream is about to blame this on internal equipment because they cannot see any problems remotely.

What is the solution?
Should I start immediate ISP shopping?
Has anyone seen anything like this before?

Please help!
JM  Latest Outage as of 3.2.11
0
Comment
Question by:alnc2004
  • 3
  • 3
7 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 35024402
let's confirm a few things first.

edit the WAN interface and try setting the negotiation first to 100mb/full then to 100mb/half. do either help?

then, let's look at MTU on the WAN interface. review my article for this setting on the sonicwall appliance. work through it and report back your results.

http://www.experts-exchange.com/viewArticle.jsp?articleID=3110
0
 
LVL 3

Expert Comment

by:macoronat
ID: 35036916
I don't have experience on solicwall appliances, but I recomend you to connect a PC directly to the router and run the extended ping again, see if there is the same behaviour.  Then, as digitap said, check your MTU settings at the WAN links.  Verify that you have the correct encapsulation and linecode for the T1's.  Check if the physical interfaces are reporting any errors.  If they are, you can unbind your T1's one by one and do a loopback cable:

-Use wire cutters to create a working RJ-45 cable that is 5 inches long with an attached connector.
-Strip the wires.
-Twist the wires from pins 1 and 4 together.
-Twist the wires from pins 2 and 5 together.
-Leave the rest of the wires alone.

Put the cable on you sonicwall's T1 port (I'm assuming that your appliance has integrated CSU/DSU). Assign an IP address to the unbond T1, clear the counters of that interface and run an extended ping from the sonicwall router to that IP address. See if you find any errors.  Bind the T1 back.

Then do that for each T1.  If you see errors on the interfaces, you have some bad hardware.  If not you have an ISP issue  (time to look for a new provider).

Cheers!
0
 

Accepted Solution

by:
alnc2004 earned 0 total points
ID: 35059643
It turned out that a computer on our network was infected with a virus that was part of a DDoS attack. That computer was sending 11212 Byte files to an outside IP on over 6,000 ports, which crippled our router.

Thanks for the suggestions,
Jess
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 33

Expert Comment

by:digitap
ID: 35060407
@jess :: what did you do to find the device?
0
 

Author Comment

by:alnc2004
ID: 35060478
I replaced the NSA 2400 with another brand new one and we had the same problem. I ran an activity scan on my open connections and found that one IP on my network had over 6K connections. I isolated that machine and disconnected it from the network and the problem was solved instantly. Now I have to clean the virus, but that's nowhere nearly as bad as having a network outage.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35060491
indeed...working another question with the same issue as yours. i've recommended the same steps you've just confirmed so we'll see where it goes. thanks for the extra information. good luck with the virus.
0
 

Author Closing Comment

by:alnc2004
ID: 35115322
It was not an ISP or a firewall problem. It was an internal computer that caused our service to go out.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now