Link to home
Start Free TrialLog in
Avatar of hypercube
hypercubeFlag for United States of America

asked on

Reports and experience of "slow internet" but can't find the cause.

I have a network that has been getting user reports that "the internet is slow".  Plenty of users....
I can see slowness in web browsing but:
- speed tests look fine
- DNS response times look fine
- internal and internet traffic levels look fine
- I've rebooted the main firewall and don't see any issues there - no recent changes.

I'm using PRTG for network monitoring and network traffic levels appear to be reasonable.

I rather suspect DNS issues but can't pinpoint any.

I'd really like to have a nice tool that would help with this.
And, suggestions about how to approach this would help.
Avatar of John
John
Flag of Canada image

I saw this some time back at a small client, and all we could do is ask people. What happened?   Large Video downloading (business purposes). We had to upgrade the internet. So it was really congestion that slowed thing down.

Also look for DDOS attacks on the other side of the router (check router logs for excessive traffic).
Avatar of Ron Malmstead
I had a similar issue recently when Windows released an update.  I had to bandwidth throttle windows updates.
Trick: Use mtr (if you're using Windows, there are many windows versions available).

Check to see if you consistently see high packet loss somewhere in a routing chain.

If you see a large + consistent packet loss somewhere between you + your upstream ISP machines, this is first thing to fix.

Also, to clarify John's comment about congestion... If you have many people on a small pipe (low throughput) or a symmetrical pipe (fast download speed + fast upload speed), you may have to switch to a fast asymmetrical pipe...

Like a 1G+ asymmetrical fiber connection.
Avatar of hypercube

ASKER

John:  Network traffic is normal.  I've seen things choked in the past.  Not this time.

David: No packet loss.

Ron: Not enough traffic to indicate such a thing.  I have seen it with Carbonite initial uploads if allowed during the day.  But that was long ago.

From my own observations, I'd say this:
Uncached opening of Google takes longer than one would expect - by quite a bit.
I see this on other websites for AT&T, IBM, Intel...
It appears that once the first page is opened, then the response is more reasonable.
But surely this would cause users to say that "the internet is slow".

I'm still at a loss to explain or FIX!
Using Wireshark, I can see that the DNS for www.intel.com took 0.4 seconds.  So that's not it.

In the midst of the Intel dialog, I see LOTS of these:
3681      11:52:41.039806      23.44.160.12      10.109.1.213      TCP      1514      443 → 36323 [ACK] Seq=161294 Ack=4081 Win=38912 Len=1460 [TCP segment of a reassembled PDU]
from 11:52:34 to 11:52:45.  That's 11 seconds and that's enough to try one's patience....
It appears that once the first page is opened, then the response is more reasonable.

I know you said many users.  On one or two systems, try DNS Flush to see it that speeds up the first access.

Open cmd.exe with Run as Administrator
Then: netsh int ip reset c:\resetlog.txt
Then: ipconfig /flushdns
Then: restart the computer
Based on what you provided, check to see if there's a pattern. For example, are a lot of the sites where you're experiencing issues on Akamai?

What type of internet connection do they have? Would you be able to disconnect everyone from the internet and put one machine directly to the connection for testing purposes?
ASKER CERTIFIED SOLUTION
Avatar of David Favor
David Favor
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I found the culprit.
First, this appeared to be in-house and near the internet connection.
There is a main firewall connected to an "internet switch" that provides connectivity for the address block / subnet.

Just for story-tellling, I was going to cut in a different firewall but I could get it to connect through the internet switch.
So, I replaced the internet switch and that took care of that little problem.
As a replacement, the new firewall made the problem go away.
So now the main firewall is set aside temporarily while I resolve its problems.

This is one of those cases that I call:
When a device "goes crazy".  
It still "works" for the most part so it's not very suspect.
Yet, in the end, it's not doing everything perfectly as it should.
Very tough to diagnose.
Generally there is *no logic* to the symptoms or the cure.  One has to resort to brute force.
Sometimes only a reboot is necessary.  Not this time....

Thanks for all the good suggestions!
Thanks!