mcanany
asked on
New Internet Circuit (AT&T Opteman)
Hello All,
About a month ago we replaced an old business class DSL connection with an AT&T Opteman circuit. 10Mbps symmetrical.
I'm trying to determine the best way to troubleshoot the issues we've been having. Webpages on a daily basis on different computers will time out and downloading files will often slow to a crawl (5-10 kbps). This is happening on a number of sites. We have an ASA 5510 siting between the AT&T router and our LAN. I've contacted AT&T and the guy thinks its something on our LAN because the FE 0/1 port (facing our lan) was having issues. He didn't go into much detail on his message. He then went on to say it looks good now. Which I've confirmed that this issue doesn't persist but it could happen at any given time causing problems throughout a regular business day. The old DSL connection was problematic which is why we replaced it and it seems our new connection is having problems as well, which kinda makes me think it is something running on our LAN. Any guidance would be greatly appreciated since I'm not even sure where to start. I was thinking wireshark but I have no idea what to look for. Thanks again!
Edit: I just wanted to add that this is for one of our remote sites and we are not hosting any services over this connection.
About a month ago we replaced an old business class DSL connection with an AT&T Opteman circuit. 10Mbps symmetrical.
I'm trying to determine the best way to troubleshoot the issues we've been having. Webpages on a daily basis on different computers will time out and downloading files will often slow to a crawl (5-10 kbps). This is happening on a number of sites. We have an ASA 5510 siting between the AT&T router and our LAN. I've contacted AT&T and the guy thinks its something on our LAN because the FE 0/1 port (facing our lan) was having issues. He didn't go into much detail on his message. He then went on to say it looks good now. Which I've confirmed that this issue doesn't persist but it could happen at any given time causing problems throughout a regular business day. The old DSL connection was problematic which is why we replaced it and it seems our new connection is having problems as well, which kinda makes me think it is something running on our LAN. Any guidance would be greatly appreciated since I'm not even sure where to start. I was thinking wireshark but I have no idea what to look for. Thanks again!
Edit: I just wanted to add that this is for one of our remote sites and we are not hosting any services over this connection.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Depending on your hours and ease of access, I'd consider temporarily (evening or weekend?) installing an inexpensive router instead of the ASA, connect one computer to it, and then test for a while. If you see problems there, it is not an issue with your router.
It would take more configuring, but you could also sandwich the cheap router between AT&T and the ASA and connect a single test computer to one of the LAN ports on the cheap router. You could then conduct tests from the test computer while the rest of the network is still up and running.
It would take more configuring, but you could also sandwich the cheap router between AT&T and the ASA and connect a single test computer to one of the LAN ports on the cheap router. You could then conduct tests from the test computer while the rest of the network is still up and running.
Those are very good pieces of ammo to push in the direction of AT&T. If you can't maintain a simple consistent "ping" to websites out there.. how do they expect anything at the application layer to function correctly... (IE: Logging into your Bank and maintaining an Https session.)
One other possible thing i suppose you can test, which i Highly doubt will even matter, but if you have a spare interface on the ASA you could configure in a different subnet of sorts, and put like a laptop on it or something. Then ensure you can ping thru the F0/1 interface, to the Newly assigned laptop IP. This would just further rule out your ASA by proving it is routing all traffic from 1 interface to another without a hickup.
The response time from a website being 900ms might not be a problem with the ISP.. Depends how far your traffic actually has to travel and come back with a response. The website might be hosted in... japan for example. And your response times would indeed be much higher than a server that is located 100miles away.
I think you pretty much have enough ammo with your ping tests to throw up the BS flag at at&t tho. You could perform the same tests and get better results out of a 3g Cell phone connection.
One other possible thing i suppose you can test, which i Highly doubt will even matter, but if you have a spare interface on the ASA you could configure in a different subnet of sorts, and put like a laptop on it or something. Then ensure you can ping thru the F0/1 interface, to the Newly assigned laptop IP. This would just further rule out your ASA by proving it is routing all traffic from 1 interface to another without a hickup.
The response time from a website being 900ms might not be a problem with the ISP.. Depends how far your traffic actually has to travel and come back with a response. The website might be hosted in... japan for example. And your response times would indeed be much higher than a server that is located 100miles away.
I think you pretty much have enough ammo with your ping tests to throw up the BS flag at at&t tho. You could perform the same tests and get better results out of a 3g Cell phone connection.
ASKER
Just wanted to follow up here and let everyone know that we think we have the issue pinned down. It appears to be the demarc extension that is causing the problem. Since we are on the 15th floor in this building we had to run a fiber extensions but we had to use media converters because the hand off is copper. Anyways, They are coming out to check the demarc extension since they are the ones we had install it...
If you ever see a repetitive ping time out mean 4 successful pings, the 2 timeouts happen over and over, consistently for hours you can probably point to the media converters on the demarc ext. In the end it was still AT&T's issue.
If you ever see a repetitive ping time out mean 4 successful pings, the 2 timeouts happen over and over, consistently for hours you can probably point to the media converters on the demarc ext. In the end it was still AT&T's issue.
10/4 . Sounds good :)
ASKER
I just wanted to follow up on this issue, in case someone else comes across a similar issue. Turns out, the person we hired to reconfigure the firewall (asa) for the new internet circuit, left the old Route in the firewall for the old internet circuit. So essentially we had 2 routes in there, 1 which was invalid. It appeared the firewall was either load balancing across those two routes… or something else was going on there. I removed the old route and immediately I stopped seeing the timeouts. That will be the last time we use them.
ASKER
I've reached out to AT&T. Any other things I could do to prove its them and not my LAN?