[nsp] Slow access to one particular web site

From: Steve Pfister (srp336@optimum.com)
Date: Wed Aug 05 1998 - 16:41:32 EDT


We have a company Ethernet LAN, connected to the Internet via a dual-homed
gateway (currently a Sun Sparc 5 running SunOS 4.1.3_U1) and a
packet-filtering router. We are using Netscape Proxy Server to allow
internal users to browse web pages from their workstations. We also have
modem dialup, and dial-on-demand LAN attachments over ISDN which connect
outside the firewall.

Access to the web site of our parent corporation (www.inmrk.com) is
inordinately slow. Each page can take 30 seconds or more to download. Any
graphics on that page will take an equally long time. This has been
observed on our local LAN, and also from the actual gateway hosts. Machine
which are right outside the firewall do not exhibit this problem. The vast
majority of sites that we access from inside our firewall seem to load in
a more reasonable amount of time.

- The first thought I had on this was that it was DNS related. And as it
turns out, no host or router in our network can do a reverse lookup of the
server's ip address (204.141.231.22; result is "server failed.") Actually,
it's not just that one particular address, it's all known addresses in
that network. It is not known at this time whether this has any impact on
the problem at hand, nor whether this error is the result of name server
configuration problems or filtering of queries. It did seem to result in
some confusion in troubleshooting however. The results of 'ping -s' showed
odd behavior, for example, with lost packets and unusually large round
trip times as the result of Sun's ping command attempting to do a reverse
lookup with every line.
- Telnetting to the web server at the http port and doing a 'GET /
HTTP/1.0' shows similar behavior to access from a web browser. It seems
like data begins arriving from the server more or less exactly 30 seconds
after the initial connection is made, no matter when the GET command is
issued during that time (if the GET is done longer than 30 seconds after
the initial connection, the page begins arriving right away).
- Doing the same telnet from the packet-filtering router (a Cisco) which
is one hop closer to the Internet always works as expected (the page
begins arriving pretty much immediately).
- Doing a traceroute from the gateway machine seems to show reasonable
round-trip times, although there is a noticeable pause when it's trying to
a reverse lookup on the
destination ip address.

As I said, most sites that we browse from inside our firewall seem to load
in a normal amount of time. Just this one site (that we know about
offhand) seems to have this problem. Given the observations above, where
should I go next in troubleshooting this problem?

Thanks!

Steve Pfister // network administrator
Optimum Group
srp336@optimum.com



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:13 EDT