Member_2_7967532
asked on
Network analysis
Hello,
We have a network system that loadbalances 2 Vsat 15 Meg lines through a Draytek 2920 and uses a Microtic to get DNS from an ADSL line.
The purpose of this topography is to enable 30 or so PCs to operate on the network without overloading the hughes modem TCP connection limits.
The system worked well for a while but now we have periods of 5 - 10 minutes where no webbrosing can take place and we get timeouts.
The sessions in the Draytek rareley exceed 500 per Wan port so the Hughes (have a limit iof 512) should not be the issue here.
Please advise what I should be looking at on my browser and on the network to try and understand why the page loads are stalling.
My assumption is that this may be a DNS issue, I do however need assistance in using the right tools to diagnose the problem.
We have a network system that loadbalances 2 Vsat 15 Meg lines through a Draytek 2920 and uses a Microtic to get DNS from an ADSL line.
The purpose of this topography is to enable 30 or so PCs to operate on the network without overloading the hughes modem TCP connection limits.
The system worked well for a while but now we have periods of 5 - 10 minutes where no webbrosing can take place and we get timeouts.
The sessions in the Draytek rareley exceed 500 per Wan port so the Hughes (have a limit iof 512) should not be the issue here.
Please advise what I should be looking at on my browser and on the network to try and understand why the page loads are stalling.
My assumption is that this may be a DNS issue, I do however need assistance in using the right tools to diagnose the problem.
ASKER
Thanks for the reply.
Hughes modems have conncetions that low.. Very stupid in this day an age when everything is migrating to the cloud but that is what we are stuck with as it is both the local modem and the hub back at the teleport that has the restriction so we have to be inventive. We need sat lines because the local telcom operator in Swaziland has very ageing infraestructure which is failing.
Vsat is therefore the only reliable solution here.
We are also the local distributor so learning how we can best extract the best out of what we offer is in our interests.
Hughes modems have conncetions that low.. Very stupid in this day an age when everything is migrating to the cloud but that is what we are stuck with as it is both the local modem and the hub back at the teleport that has the restriction so we have to be inventive. We need sat lines because the local telcom operator in Swaziland has very ageing infraestructure which is failing.
Vsat is therefore the only reliable solution here.
We are also the local distributor so learning how we can best extract the best out of what we offer is in our interests.
ASKER
It seems to be quite reasonable.
I guess its not DNS, what other tools can I use when the browser just wont load?
Is there any diagnostics on firefox that can help?
Here is the nslookup below.
C:\Users\Stewart>nslookup googtuibn.google.com
Server: Gargoyle.lan
Address: 192.168.10.240
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to Gargoyle.lan timed-out
C:\Users\Stewart>
I guess its not DNS, what other tools can I use when the browser just wont load?
Is there any diagnostics on firefox that can help?
Here is the nslookup below.
C:\Users\Stewart>nslookup googtuibn.google.com
Server: Gargoyle.lan
Address: 192.168.10.240
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to Gargoyle.lan timed-out
C:\Users\Stewart>
it is the dns : your test query never completed
the expected answer would be :
and the answer would be instantaneous
the expected answer would be :
$ nslookup gnrolgkjermgr.google.com
Server: 127.0.0.1
Address: 127.0.0.1#53
** server can't find gnrolgkjermgr.google.com: NXDOMAINand the answer would be instantaneous
We are also the local distributor so learning how we can best extract the best out of what we offer is in our interests.
tunnels would be an idea in order to control the number of sessions but that would likely make things worse for web traffic giver the likely poor response time of the satcon
dns over an adsl line seems sensible. you probably want a local recursive resolver and cache if you don't have one yet. with failover so it makes use of the satcon should the adsl connection fail.
a web proxy should let you control the number of www outgoing connections : it can buffer any extra connection. it might be sensible to use a chain with a second proxy on the other side of the satcon and have a huge cache on the local side proxy. web proxies can also provide decent error messages such as "all my slots are full and i already have queued 1000 more so please be patient. the page will automatically reload in 30 seconds"
i assume you'd need to forbid peer2peer and possibly most un-proxied connections
you probably should limit the number of sessions on the draytek. it will get less messy if he rejects connections rather than flooding the satcons with connections that are going to hang anyway but use precious resources nevertheless. and make tcp timeouts as low as possible on the satcons or enable reuse port or whatever the feature is called if it exists
feedback ?
ASKER
Thanks for the response, apologies for the delay, EE has changed a little and I only just realised that my email address was not verified and therefore we were not getting notifications.
I was thinking of instaling a local DNS server using one of our MS servers.
What is interesting is I have replaced the Draytek load balancer with a TPlink R480T which does not have DNS service but has drmatically inproved overall system performance.
I was thinking of instaling a local DNS server using one of our MS servers.
What is interesting is I have replaced the Draytek load balancer with a TPlink R480T which does not have DNS service but has drmatically inproved overall system performance.
maybe the TPlink does not have the same limitations in terms of sessions ?
a local dns seems sensible. i would probably not use m$'s though.
if you use an adsl line, you can install a recursive resolver.
if you use a line with few sessions, you had better setup a caching forwarder with fixed source ports and 4 or 5 upstream servers. but given the latency of the satellite connections...
you can redirect all dns traffic on the tplink to a forwarder.
a local dns seems sensible. i would probably not use m$'s though.
if you use an adsl line, you can install a recursive resolver.
if you use a line with few sessions, you had better setup a caching forwarder with fixed source ports and 4 or 5 upstream servers. but given the latency of the satellite connections...
you can redirect all dns traffic on the tplink to a forwarder.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
if your limit in terms of numbers of sessions is 512 and you reach 500, you clearly hit the limit. ( it takes time to recycle connections and free them and your draytec does not account for yet-to-recycle slots on the hughes )
btw what kind of connection has limits that low ??? seriously, even for satellite lines... and 2x512 for that many users is asking for trouble... why do you need sat lines ? are you in the middle of the himalayas ?