Topic: Excessively long ping times

[edb]

Hi

Was hoping that maybe someone would have an idea as to why I periodically have long ping times given my SME setup.
I have my SME server in gateway mode on a Sonicwall 2040 - DMZ port with a public IP and a private IP on the internal nic.

Things work great one minute and then the next minute our branch offices which are running over the Sonicwall VPN are slowing down to a crawl with ping times over 2000+ms which are ordinarily about 48ms.

If at the time this is happening I reboot the SME server the ping times quickly return to 45ms again but when the server comes back up it is back to the 2000+ms again. Sometimes this last for a couple of minutes and sometimes it lasts for an hour or more.

For those who are familiar with Sonicwall firewall setups it is configured in transparent mode.
Could this be a chatty NIC that needs replacing? I have even lowered our MTU size on the Sonicwall to 1404 but no change.

Just looking for ideas if anyone has any for this particular issue. Really weired.

edb

[cactus]

Hi

Was hoping that maybe someone would have an idea as to why I periodically have long ping times given my SME setup.
I have my SME server in gateway mode on a Sonicwall 2040 - DMZ port with a public IP and a private IP on the internal nic.

Things work great one minute and then the next minute our branch offices which are running over the Sonicwall VPN are slowing down to a crawl with ping times over 2000+ms which are ordinarily about 48ms.

If at the time this is happening I reboot the SME server the ping times quickly return to 45ms again but when the server comes back up it is back to the 2000+ms again. Sometimes this last for a couple of minutes and sometimes it lasts for an hour or more.

For those who are familiar with Sonicwall firewall setups it is configured in transparent mode.
Could this be a chatty NIC that needs replacing? I have even lowered our MTU size on the Sonicwall to 1404 but no change.

Just looking for ideas if anyone has any for this particular issue. Really weired.

edb

To me this sound like a conflict somewhere in your network.

Are there perhaps multiple systems providing DHCP to your network. Normally a gateway priovides DHCP and SME Server does (if you say so during setup) as well, you can not have two servers in the same subnet handing out DHCP addresses.

I suspect you configured your SME Server to hand-out DHCP addresses (and your Sonicwall is doing so as well). If so you can resolve it by login at the terminal as admin and choose the option reconfigure your server, disable DHCP in one of the screens and see if this changes anything.

A schematic drawing of your network would help to better understand your situation as you know a picture says more than a thousand words.

[edb]

Hi Cactus

I don't have DHCP enabled on either the Sonicwall or the SME server all my addresses are static.
If a picture is worth a thousand words then here goes ...



Like I said the layout works fine most of the time but usually 3 or 4 times a day it will slow down to a crawl for a few minutes and then even out back to normal again. It must have something to do with the SME server only because when I down the server the network and VPN connections immediately recover back to a normal state.
When the SME server comes back up ... it slows to a crawl again but eventually it returns to normal operation again. It is really quite odd ...

edb

[mercyh]

Nice picture

It looks like you have couple of routes for testing.

1> does local lan to SME private lan IP also slow down on pings?

2> does local lan PC to a branch office PC or Server slow down?

I like to use Colasoft's ping tool on a windows machine to troubleshoot these. You can ping multiple addresses at once and see at a glance on the graph if certain addresses are slower then others. The addresses I usually run are as follows,

My workstation to:

1> local file server or pdc
2> LAN internet gateway
3> ISP's closest internet gateway to me
4> google.com or other reliable WAN target
5> targets across various VPN tunnels

I then use pingplotter to watch which hop is causing trouble if I have one route that is not working correctly. (pingplotter does not help on my tunnels as all of them show as just one hop)

It sounds suspiciously like hardware to me (nic on server, switch port or could be a nic on a workstation.) That is assuming this was a stable situation that has just now degraded.

[electroman00]

edb

Your pic show's a hub, if in fact it is a hub I would suggest that the hub be changed out to a switch
especially with all the VPN traffic you have.

[raem]

edb

Considering your network arrangement, my thought is that your problem could be local DNS issues.
Your network devices are getting conflicting/wrong information about which device is handling DNS requests from your network.
So what device is configured as the DNS server for your network ?
Are your workstations configured as such ?

[imcintyre]

We had a similar problem at work and found that someone    was using a torrent to download personal content.  So much for rules. It was intermittent in nature and was frustrating to solve. As I recall, the isp said that uploading at the limit caused an issue with the service and slowed the download. Something else to check.

[edb]

edb

Your pic show's a hub, if in fact it is a hub I would suggest that the hub be changed out to a switch
especially with all the VPN traffic you have.

Yes, it is a switch not a hub. Thanks

[edb]

edb

Considering your network arrangement, my thought is that your problem could be local DNS issues.
Your network devices are getting conflicting/wrong information about which device is handling DNS requests for your network.
So what device is configured as the DNS server for your network ?
Are your workstations configured as such ?

Thanks Ray, I'll consider that ... right now DNS is provided by the Windows 2003 DC server for both local DNS and Internet DNS lookups. Workstations are set up with DNS pointing to the Windows 2003 Domain Controler.

thanks

[edb]

We had a similar problem at work and found that someone    was using a torrent to download personal content.  So much for rules. It was intermittent in nature and was frustrating to solve. As I recall, the isp said that uploading at the limit caused an issue with the service and slowed the download. Something else to check.

Very good point imcintyre, I will have to search that out and find a way to block it just in case or do some software inventory analysis to find the culprit. 

[raem]

edb

... right now DNS is provided by the Windows 2003 DC server for both local DNS and Internet DNS lookups. Workstations are set up with DNS pointing to the Windows 2003 Domain Controler.

You didn't mention a Win2003 server anywhere !
Where is it connected ?

What is the role of your sme server ?
Is your sme server configured to get DNS from your Win2003 server ?

[edb]

I like to use Colasoft's ping tool on a windows machine to troubleshoot these. You can ping multiple addresses at once and see at a glance on the graph if certain addresses are slower then others.

I then use pingplotter to watch which hop is causing trouble if I have one route that is not working correctly. (pingplotter does not help on my tunnels as all of them show as just one hop)

It sounds suspiciously like hardware to me (nic on server, switch port or could be a nic on a workstation.) That is assuming this was a stable situation that has just now degraded.

I tried the Colasoft ping tool (very nice) thank you, I didn't know about that one.
Also, think it may be a bad NIC or as imcintyre pointed out it could be a torrent which I checking out now.

Thanks for your input!

[raem]

edb

Aren't you overlooking your comment:

"If at the time this is happening I reboot the SME server the ping times quickly return to 45ms again but when the server comes back up it is back to the 2000+ms again. Sometimes this last for a couple of minutes and sometimes it lasts for an hour or more."

While not directly involved with Internet requests, you could have a browsemaster issue which slows down your network and creates the problem. If sme and your Win2003 server are conflicting with each other and both are trying to win elections, this can cause disruption. Search forums on browsemaster & adjust sme for a lower "os level" value in smb.conf.

[edb]

edb

Aren't you overlooking your comment:

"If at the time this is happening I reboot the SME server the ping times quickly return to 45ms again but when the server comes back up it is back to the 2000+ms again. Sometimes this last for a couple of minutes and sometimes it lasts for an hour or more."

While not directly involved with Internet requests, you could have a browsemaster issue which slows down your network and creates the problem. If sme and your Win2003 server are conflicting with each other and both are trying to win elections, this can cause disruption. Search forums on browsemaster & adjust sme for a lower "os level" value in smb.conf.

Hi Ray,

I did the following just in case this was the culprit ...
config setprop smb OsLevel 30
signal-event workgroup-update

I'll see tomorrow if we have the problem fixed as it sure would be nice.

edb

[edb]

You didn't mention a Win2003 server anywhere !
Where is it connected ?

What is the role of your sme server ?
Is your sme server configured to get DNS from your Win2003 server ?

Sorry I missed this message earlier Ray ...

The Windows 2003 Domain Controller is connected to the LAN side only and serves as Data server.
The SME server is in gateway mode for Web/Mail/Ecommerce and does not get it's DNS from the Win2003 server.
If I recall during the setup of SME the DNS is left blank.

Thanks for your assistance

edb