Author: browolf, Posted: Mon Dec 16, 2002 1:27 pm Post subject: Broadband connectivity problem with "ISP" ---- At work we have a problem, apparently we are not the only site with this problem. Even stranger, the "ISP" dont know what is causing it.
I figure this is a chance to get some brownie points if i can figure out anything.
I will describe the problem as it effect us. I dont expect anyone to say "oh yeah its..." but any ideas on what to look for would help.
The Setup:
We have a nt proxy 2 (running on a p3/700isj 128mb ram) connected to a router which connects to a microwave broadband dish. (10mb+). There is another router connected to the dish which connects to about 9 sdsl modems which go through bt and allow another sites to use the dish.
I have a connection on my pc that bypasses the proxy (for testing purposes)
The problem:
At times during the day trying to access pages thru the proxy becomes slow and useless. we used to get proxy error msgs like "the specified network name could no longer be found" but now we get proxy timeouts. And you sit there waiting.....
At the time the proxy bypass connection works perfectly well.
The Temporary solution:
Change the external ip address of the proxy(i just add one) and reboot.
We used to switch to the backup proxy which had the same effect.
But evert day it would be ...change to the other proxy.
Stuff i've noticed so far:
I've got performance monitor running on the proxy. I dont exactly know what i'm looking for but i have noticed today. but i need to confirm. When "it" was happening earlier, the processor usage on the proxy was stuck at 100%. normally it's around 15-20% for the same 50 odd users.
I've used ethereal b4 to check the traffic but i dont remember seeing anything conclusive. There were some strange router packets which i'm gonna have to ask about when i get it going again.
I shall continue to add to this thread as my investigation progresses.
~Andy
Author: ShaolinTiger, Location: Kuala Lumpur, MalaysiaPosted: Mon Dec 16, 2002 1:40 pm Post subject: ---- I had similar problems a while ago with the same product, I had to reboot it virtually every day or it would just start timing out everyone.
Changed it to a *nix machine and it was fine.
But I guess that's not the answer you were looking for
Author: Jason, Posted: Mon Dec 16, 2002 1:44 pm Post subject: ---- Could be a bug in the proxy software.
I would give www.windowsupdate.com a try, to see if you can get any patches for the proxy, + general windows updates, bug fixes etc.
~~~~~~~~~
Also, is it possible to remove the router from the equation, and have the proxy direct into the Wan Link?
OR
Why go through a proxy if you have so much bandwidth available?
Could you not set the PC's to use the router as the default gateway?
~~~~~~~~~
J
Author: ShaolinTiger, Location: Kuala Lumpur, MalaysiaPosted: Mon Dec 16, 2002 1:46 pm Post subject: ----
jasonlambert wrote:
Why go through a proxy if you have so much bandwidth available?
Could you not set the PC's to use the router as the default gateway?
To allow limitation to net access by Domain logon I imagine, if that is not required there is no real reason to be using a proxy (apart from caching or content control).
Author: browolf, Posted: Mon Dec 16, 2002 2:09 pm Post subject: ---- We dont own the wan equipment and we're not allowed to touch it.
Some other sites do have non-proxied connections to the WAN but We didnt do this cos we wanted to restrict access to some user groups.
We have an account named "internet" and a perl script that changes the password on the account every hour. if certain groups want access their teacher (it's a school) has to phone for the password.
crickey we're upto 81 connections thru the proxy now.
processor time is averaging at 8%
current average milliseconds per request is .8ms when it gets bad it can be as much as 45s!!
There's at least 5 routers between our proxy and the proxy upstream. So the problem could be anywhere. the fact its happening to other people tends to indicate it must be inbetween somewhere. if I could at least find out why the proxy gets killed that would be something.
~Andy
Author: browolf, Posted: Mon Dec 16, 2002 4:29 pm Post subject: ---- i've found out what CDP and STP are and have managed to find out
the router is a cisco ws-c3550-24
it is setup to :
performs level 3 routing
doesnt perform level 2 transparent bridging
doesnt perform level 2 source-route bridging
performs level 2 switching
doesnt send or receive packets for network-layer protocols
doesnt forward igmp report packets on nonrouter ports
doesnt provide level 1 functionality
I think over the summer the whole network was reconfigured. B4 it was operated by someone else and was a whole lot less secure.
By that I mean I could do SMTP scans and get lots more info off public keys. now it's all private.
the best it seems i can hope for it seems is to try different stuff in performance mon and watch ethereal to see if anything obvious happens.
someone else says the 100% processor usage could be os related so i'm gonna go look for stuff about that.
Author: browolf, Posted: Tue Dec 17, 2002 1:54 pm Post subject: ---- I remembered something else from b4.
when i packet sniffed the connection to our proxy we used to get http
1.1 errors. specifically 407 Proxy Access Denied
I still see these occasionally but now it tends to be
504 proxy error (connection timed out)
another odd thing. I'm sniffering the external connection from the proxy to the router.
the proxy has tried to do a DNS query to the upstream dns on my
internal ip address
e.g.
proxy > dns "standard query PTR 8.0.168.192.in-addr.arpa"
dns > proxy "standard query response, no such name"
and
my computer is trying to send ICMP packets to the external address of the proxy
after this i looked on the proxy and discovered that the authentication on the IIS default web site (which has something to do with proxy) is set to basic and NT challenge response.
I'm wondering if that's why it gets denied the first time