High Ping Trace

I am currently experiencing 300ms+ when I ping google.com.  I can ping the router and my ping is averaging around 2ms.  But when I ping the ISP gateway I get average of 200ms+.  I have checked the router logs and found that there is a lot of geolocation ips from other countries that are being blocked so I changed my WAN IP address. This worked for about 10 minutes and then it started again.

I cant seem to find why the ping count is so high.  I am not sure if this is because of it.  Is there a way to find out why the ping count is high?
eaglerodAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Blue Street TechLast KnightCommented:
Hi eaglerod,

Do you see a difference in time between pings to google.com vs 8.8.8.8? (e.g. google.com yields 300ms, 8.8.8.8 yields 84ms)

Are your DNS the servers the ISP provided ones or are you using different ones?
0
eaglerodAuthor Commented:
No I don't see a difference.  We are using a domain based network with primary as our internal DNS and secondary as Google.  No matter what or who I ping external of the network, I get over 200ms.  Internal is 1ms to 2ms.  So the issue is not internal.
0
Blue Street TechLast KnightCommented:
What the SonicWALL model and the Server OS?

Try assigning a PC with 4.2.2.2 or 8.8.8.8 as the DNS Server settings and retest...what happens...does it speed up?
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

eaglerodAuthor Commented:
No.  It still has the same issue.
0
eaglerodAuthor Commented:
This is my tracert from the router

traceroute to 8.8.8.8 from 68.x.x.x, 30 hops max, 36 byte packets
 1       183.3 ms       200.0 ms       216.6 ms       10.39.176.1      
 2       216.6 ms       200.0 ms       216.6 ms       172.21.0.132      
 3       216.6 ms       233.3 ms       216.6 ms       70.169.73.90      
 4       233.3 ms       233.3 ms       233.3 ms       70.169.75.153      
 5       250.0 ms       250.0 ms       283.3 ms       68.1.5.139      
 6       250.0 ms       283.3 ms       266.6 ms       72.14.215.221      
 7       333.3 ms       283.3 ms       283.3 ms       209.85.248.185      
 8       283.3 ms       316.6 ms       333.3 ms       72.14.238.0      
 9       333.3 ms       350.0 ms       316.6 ms       72.14.239.160      
10       183.3 ms       166.6 ms       166.6 ms       216.239.48.167      
11        *              *              *            
12       233.3 ms       250.0 ms       250.0 ms       8.8.8.8
0
Blue Street TechLast KnightCommented:
Again, what is the SonicWALL model? (e.g. TZ 215, NSA 3600)
What is the Server OS? (e.g. Windows Server 2012)
0
eaglerodAuthor Commented:
SBS 2011 Standard
SonicWall TZ 215
0
Dave HoweSoftware and Hardware EngineerCommented:
usually you use traceroute (-I for icmp ping in linux, slightly different command tracert in windows) to find out ping times to each "hop" between you and the target. that will give you a better indication of where the bottleneck is.

If its upstream of your own hardware, then you need to contact your ISP and ask why their device has such high latency.
0
Blue Street TechLast KnightCommented:
When you take this upstream you are going to be required to do a direct-connect test so you might as well get it out of the way now. Plug in a laptop straight into your ISP feed and test. If the test yields high latency, then it will be conclusive that the issue does not fall on your side of the fence and then I'd agree with DaveHowe - if its solely with your ISP, take it up with them.

Regarding your Geo-IP floods...
I have checked the router logs and found that there is a lot of geolocation ips from other countries that are being blocked so I changed my WAN IP address.
I'm not sure how you are blocking them but the preferred method is via Geo-IP & Botnet Filtering. You can do this by purchasing CGSS (Comprehensive Gateway Security Suite) for your SonicWALL. You firmware must be at least at 5.8.1.x in order to control Geo-IP Filtering.

Are you having trouble access internet resources, websites, etc or is this just preventative?
0
Craig BeckCommented:
This is most likely either a contention issue or your connection is being heavily utilized.  If the latter I'd check your SonicWALL to see how much bandwidth it is actually passing to see if it's a hardware limitation which is causing the excessive ping times.
0
eaglerodAuthor Commented:
craigbeck - The CPU on the SonicWall is only at around 6% on average.
diverseit - Yes they have the Security Suite.  This was put into place because of the constant hack attempts that we were noticing on the logs and to stop any viruses from transmitting information to other countries.  By changing the IP, we now only have 2 or 3 computers on the inside that is consistently every 2 to 3 minutes contacting an IP in other countries.  I can't seem to find what those IP are going to but I am able to confirm his country of origin.

I had the ISP ping the modem and they had over 600ms. They want me to go onsite and unplug my network from it, so they can test it again without any load on it.  But this was at 2am in the morning and only I was in the network with the router at a 3% load.  I believe the issue may be the ISP but I wont know until I go onsite and conduct further test.  I will follow up on Monday if the issue is still internal.
0
Craig BeckCommented:
If it's like that with no load it's probably a contention or line issue.
0
Blue Street TechLast KnightCommented:
Yes, this is why i said in comment http:#a39512794 to do a direct-connect test. You plug a laptop or PC straight into the Internet feed and retest.

The fault may be with the ISP but as a side note it sounds like you have active infection(s) within some of your systems. I'd start filtering outbound traffic and take those PCs which are connecting to exterior countries offline immediately and sanitize them for rootkits, bots malware, etc. My bet is they are connecting from within rather than the opposite as Geop-IP filtering will block inbound threats. Do you have any ports open WAN > LAN (or any other firewalled Zone)?

A TZ 215 hardware limitation is as follows:
Stateful Throughput: 500 Mbps
UTM Performance: 60 Mbps
Gateway Anti-Virus Throughput: 70 Mbps
Intrusion Prevention Throughput: 110 Mbps
3DES/AES VPN Throughput: 130 Mbps
Maximum Connections: 48,000
Maximum UTM Connections: 32,000
New Connections per Second: 1,800

What kind of connection do you have from the ISP? Do you really think its exceeding these?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Craig BeckCommented:
Just connect to the line directly without the LAN or firewall connected and see if it's the same.
0
eaglerodAuthor Commented:
So I did everything you guys said.  The router is not being maxed out at all.  When we did a ISP check with nothing but the modem and laptop hooked up, everything stopped.  So keep a long story short, we noticed that a lot of activity on my sniffer was coming from a particular IP.  we found it was the backup server.  That is all it does.  So we disconnected it from the network and the ping time dropped from 400+ to less than 60.  We tested this several times and the count would drop every time we disconnected the server.  We traced it back to a process called imagemanager.exe which an exe file for storagecraft software.  I don't know how it was causing a high latency but I was able to define it to this particular process.  I will leave the ticket open for a few days and then close it if I don't have anymore issues.
0
Blue Street TechLast KnightCommented:
Wow. Glad you were able to pinpoint it! DirectConnect tests, albeit may seem elementary, are a very good way to rule out equipment and isolate issues.
0
Blue Street TechLast KnightCommented:
I'm glad I could help! Thanks for the points.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.