High Ping Trace

Hi eaglerod,

Do you see a difference in time between pings to google.com vs 8.8.8.8? (e.g. google.com yields 300ms, 8.8.8.8 yields 84ms)

Are your DNS the servers the ISP provided ones or are you using different ones?

No I don't see a difference.  We are using a domain based network with primary as our internal DNS and secondary as Google.  No matter what or who I ping external of the network, I get over 200ms.  Internal is 1ms to 2ms.  So the issue is not internal.

What the SonicWALL model and the Server OS?

Try assigning a PC with 4.2.2.2 or 8.8.8.8 as the DNS Server settings and retest...what happens...does it speed up?

No.  It still has the same issue.

This is my tracert from the router

traceroute to 8.8.8.8 from 68.x.x.x, 30 hops max, 36 byte packets
 1       183.3 ms       200.0 ms       216.6 ms       10.39.176.1      
 2       216.6 ms       200.0 ms       216.6 ms       172.21.0.132      
 3       216.6 ms       233.3 ms       216.6 ms       70.169.73.90      
 4       233.3 ms       233.3 ms       233.3 ms       70.169.75.153      
 5       250.0 ms       250.0 ms       283.3 ms       68.1.5.139      
 6       250.0 ms       283.3 ms       266.6 ms       72.14.215.221      
 7       333.3 ms       283.3 ms       283.3 ms       209.85.248.185      
 8       283.3 ms       316.6 ms       333.3 ms       72.14.238.0      
 9       333.3 ms       350.0 ms       316.6 ms       72.14.239.160      
10       183.3 ms       166.6 ms       166.6 ms       216.239.48.167      
11        *              *              *            
12       233.3 ms       250.0 ms       250.0 ms       8.8.8.8

Again, what is the SonicWALL model? (e.g. TZ 215, NSA 3600)
What is the Server OS? (e.g. Windows Server 2012)

SBS 2011 Standard
SonicWall TZ 215

When you take this upstream you are going to be required to do a direct-connect test so you might as well get it out of the way now. Plug in a laptop straight into your ISP feed and test. If the test yields high latency, then it will be conclusive that the issue does not fall on your side of the fence and then I'd agree with DaveHowe - if its solely with your ISP, take it up with them.

Regarding your Geo-IP floods...

I have checked the router logs and found that there is a lot of geolocation ips from other countries that are being blocked so I changed my WAN IP address.

I'm not sure how you are blocking them but the preferred method is via Geo-IP & Botnet Filtering. You can do this by purchasing CGSS (Comprehensive Gateway Security Suite) for your SonicWALL. You firmware must be at least at 5.8.1.x in order to control Geo-IP Filtering.

Are you having trouble access internet resources, websites, etc or is this just preventative?

This is most likely either a contention issue or your connection is being heavily utilized.  If the latter I'd check your SonicWALL to see how much bandwidth it is actually passing to see if it's a hardware limitation which is causing the excessive ping times.

craigbeck - The CPU on the SonicWall is only at around 6% on average.
diverseit - Yes they have the Security Suite.  This was put into place because of the constant hack attempts that we were noticing on the logs and to stop any viruses from transmitting information to other countries.  By changing the IP, we now only have 2 or 3 computers on the inside that is consistently every 2 to 3 minutes contacting an IP in other countries.  I can't seem to find what those IP are going to but I am able to confirm his country of origin.

I had the ISP ping the modem and they had over 600ms. They want me to go onsite and unplug my network from it, so they can test it again without any load on it.  But this was at 2am in the morning and only I was in the network with the router at a 3% load.  I believe the issue may be the ISP but I wont know until I go onsite and conduct further test.  I will follow up on Monday if the issue is still internal.

If it's like that with no load it's probably a contention or line issue.

Just connect to the line directly without the LAN or firewall connected and see if it's the same.

So I did everything you guys said.  The router is not being maxed out at all.  When we did a ISP check with nothing but the modem and laptop hooked up, everything stopped.  So keep a long story short, we noticed that a lot of activity on my sniffer was coming from a particular IP.  we found it was the backup server.  That is all it does.  So we disconnected it from the network and the ping time dropped from 400+ to less than 60.  We tested this several times and the count would drop every time we disconnected the server.  We traced it back to a process called imagemanager.exe which an exe file for storagecraft software.  I don't know how it was causing a high latency but I was able to define it to this particular process.  I will leave the ticket open for a few days and then close it if I don't have anymore issues.

Wow. Glad you were able to pinpoint it! DirectConnect tests, albeit may seem elementary, are a very good way to rule out equipment and isolate issues.

I'm glad I could help! Thanks for the points.