Solved

Internet Speeds are very slow (but bandwidth is fine)

Posted on 2011-03-18
21
753 Views
Last Modified: 2012-05-11
Hi,

Over the past few weeks my org has been experiencing the following issue.
Browsing speeds are very slow to the internet but browsing internal resources is fine.

I will try to provide as much info as possible...

Bandwidth - Time Warner Cable 20 down 2 up
Router/Firewall - Sonicwall NSA 240 (latest firmware)
Switches - HP Procurve gigabit (latest firmware)
Users - 100

- We have spoken at length with Sonicwall who insists it is not their device and we do not have a virus issue since we dont have an abnormal amount of connections
- We are seeing some collisions on the HP on certain ports where other down level (8 port switches) are plugged in.  But these have been the case for over 2 years
- We have tried using different DNS and same issue
- We have tried multiple browsers, chrome, IE, firefox

Ran multiple AV scans on all machines and came up with nothing.

So here is what happens.. go to a page say yahoo.com and click on a link.
Loading, loading..................... times out

So heres the kicker... before 9AM and after 5:30 PM the speeds are super fast.... during the day they are bad.

How do we go about trying to find out what is happening during these times??!
0
Comment
Question by:btny
  • 10
  • 6
  • 2
  • +3
21 Comments
 
LVL 3

Expert Comment

by:dtrance
ID: 35167600
All symptoms would indicate some type of traffic congestion or use of throttling.

One way to find out for sure .....

During the window in question, test with a station in front of the sonicwall.  I presume you have more usable IPs so you don't have to take your production network offline?
0
 
LVL 1

Expert Comment

by:oldstone00
ID: 35167678
Try this test for dropped packets and Internet line quality. Run the test in the morning and afternoon.

http://www.pingtest.net

Our company had a similar situation. We had to get rid of our T1 lines because they sucked.
0
 
LVL 7

Expert Comment

by:DIIRE
ID: 35169966
I'd look into setting up the NetFlow monitoring on the sonicwall so you see which user/users and/or applications are causing the slow down.  



0
 
LVL 13

Expert Comment

by:kdearing
ID: 35170356
I've seen this before.
If you're on a Windows domain, and the domain controller is overworked, DNS requests can be bery slow.
0
 

Author Comment

by:btny
ID: 35182606
Thanks for all the suggestions, we will try one by one!
0
 

Author Comment

by:btny
ID: 35182627
How do i tell if a DC is overworked?
0
 
LVL 3

Expert Comment

by:dtrance
ID: 35182712
In terms of your specific issue, the hypothetical overworked DC would result in a substantial delay in DNS queries.

You can test this by doing a 'nslookup somedomain.com' and see how quickly it returns a result during the window in which you are experiencing slowness.

With only 100 users, I highly doubt its the actual DC that is slow.  If anything its the recursive queries (those forwarded to your ISP) that may be the hang up.

Test that specifically by 'nslookup somedomain.com <ip of your forwarding (ISP) DNS server>'

0
 

Author Comment

by:btny
ID: 35191896
Hi.

Nslookup is fine.

The issue seems to only be during business hours.

How on earth would I go about determining if this is a PC or port or something?
0
 
LVL 3

Expert Comment

by:dtrance
ID: 35191998
Okay so you've tested delay for local and recursive (forwarded) queries and ruled out DNS resolution as the problem.  What happens when you test traffic outside of of the sonicwall?

Have you looked at the I/O stats on your perimeter switch to see if you are hitting your down limit?  If so then narrow down which port(s) is using up all the bandwidth.  Are your users proxied?  Check your statistics there or pull down stats via SNMP from your switches otherwise.
0
 

Author Comment

by:btny
ID: 35203424
Users are not proxied.

Switch is not exceeding 1% of its usage.

We turned off an entire side of the office and still have the issue.

It's so odd and frustrating.  Web pages will load but not all the way, like they are choking and then after 10-15 seconds either time out or just go.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 3

Expert Comment

by:dtrance
ID: 35205564
Have you tested with a computer that is not behind of the sonicwall?
0
 

Author Comment

by:btny
ID: 35208369
I just tested a seperate sonicwall interface and it has the same issue, we have not tested without the SW yet.

I also am seeing the following while pinging google.com which seems odd

Reply from 72.14.204.104: bytes=32 time=20ms TTL=53
Reply from 72.14.204.104: bytes=32 time=13ms TTL=53
Reply from 72.14.204.104: bytes=32 time=18ms TTL=53
Reply from 72.14.204.104: bytes=32 time=15ms TTL=53
Reply from 72.14.204.104: bytes=32 time=73ms TTL=53
Reply from 72.14.204.104: bytes=32 time=38ms TTL=53
Reply from 72.14.204.104: bytes=32 time=16ms TTL=53
Reply from 72.14.204.104: bytes=32 time=280ms TTL=53
Reply from 72.14.204.104: bytes=32 time=263ms TTL=53
Reply from 72.14.204.104: bytes=32 time=344ms TTL=53
Reply from 72.14.204.104: bytes=32 time=316ms TTL=53
Reply from 72.14.204.104: bytes=32 time=761ms TTL=53
Reply from 72.14.204.104: bytes=32 time=658ms TTL=53
Reply from 72.14.204.104: bytes=32 time=208ms TTL=53
Reply from 72.14.204.104: bytes=32 time=273ms TTL=53
Request timed out.
Reply from 72.14.204.104: bytes=32 time=313ms TTL=53
Reply from 72.14.204.104: bytes=32 time=562ms TTL=53
Reply from 72.14.204.104: bytes=32 time=592ms TTL=53
Reply from 72.14.204.104: bytes=32 time=535ms TTL=53
Reply from 72.14.204.104: bytes=32 time=526ms TTL=53
Reply from 72.14.204.104: bytes=32 time=384ms TTL=53
Reply from 72.14.204.104: bytes=32 time=488ms TTL=53
Reply from 72.14.204.104: bytes=32 time=522ms TTL=53
Reply from 72.14.204.104: bytes=32 time=553ms TTL=53
Reply from 72.14.204.104: bytes=32 time=443ms TTL=53
Reply from 72.14.204.104: bytes=32 time=485ms TTL=53
Reply from 72.14.204.104: bytes=32 time=491ms TTL=53
Reply from 72.14.204.104: bytes=32 time=521ms TTL=53
Reply from 72.14.204.104: bytes=32 time=541ms TTL=53
Reply from 72.14.204.104: bytes=32 time=499ms TTL=53
Reply from 72.14.204.104: bytes=32 time=416ms TTL=53
Reply from 72.14.204.104: bytes=32 time=450ms TTL=53
Reply from 72.14.204.104: bytes=32 time=394ms TTL=53
Reply from 72.14.204.104: bytes=32 time=467ms TTL=53
Reply from 72.14.204.104: bytes=32 time=497ms TTL=53
Reply from 72.14.204.104: bytes=32 time=481ms TTL=53
0
 

Author Comment

by:btny
ID: 35218137
Testing not behind the firewall is for the most part the same.

Our issue is SO BIZZARE

During busines hours here is what happens

I go to msn.com (loads up great)
I start clicking on links and one may not load.. it says waiting... and then it times out
I refresh and it loads lightening fast
and so forth

Any tools or ideas to troubleshoot this?
0
 
LVL 3

Expert Comment

by:dtrance
ID: 35218180
You've ruled out DNS and now the sonicwall being the problem.  Entertain me however, with the same station in front of (not behind) of the firewall, set the DNS server to 4.2.2.1 and see if your browsing slowness goes away.
0
 

Author Comment

by:btny
ID: 35218210
Ok and just to clarify browsing is typically SUPER fast

but then all the sudden out of nowhere its SUPER SLOW and fails

Reload

SUPER FAST

grrr!
0
 
LVL 1

Expert Comment

by:oldstone00
ID: 35219098
Did you have Time Warner Cable test you line?
0
 

Author Comment

by:btny
ID: 35219387
TWC says everything checks out fine.

This is seeming like a DNS issue for me..
0
 
LVL 2

Expert Comment

by:Axis52401
ID: 35219397
Try adding a static DNS server to a single workstation to bypass your internal DNS. I use Open DNS 208.67.222.222
0
 
LVL 3

Expert Comment

by:dtrance
ID: 35219860
I'm convinced btny is using a ouija board to troubleshoot this problem.
0
 

Accepted Solution

by:
btny earned 0 total points
ID: 35379998
Called our ISp and they had a Intrusion Prevention System running on our modem.  Once they disabled that ALL WAS WELL.
0
 

Author Closing Comment

by:btny
ID: 35410415
Everyone was very helpful but in the end it was our ISPs fault.

Our router has IPS and so did theirs and there was a weird conflict with the two running at the same time.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now