* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Troubleshooting Slow Browsing
Survey
Document related concepts
Wireless security wikipedia , lookup
Net neutrality law wikipedia , lookup
Remote Desktop Services wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Computer network wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Network tap wikipedia , lookup
Airborne Networking wikipedia , lookup
Serial digital interface wikipedia , lookup
Wake-on-LAN wikipedia , lookup
Deep packet inspection wikipedia , lookup
Distributed firewall wikipedia , lookup
Transcript
Troubleshooting Slow Browsing Troubleshooting Slow Browsing Applicable Version: 10.00 onwards Scenario This article provides step-by-step instructions for troubleshooting slow Internet browsing in a network. Troubleshooting Steps If you experience slow browsing in your network, follow the steps given below to troubleshoot the issue. Step 1: Verify DoS Settings One major reason for slow browsing is an ongoing DoS or DDoS attack. It may be possible that DoS settings are not enabled in Cyberoam, hence attack was not detected, or the settings are inappropriate. For Troubleshooting: Check if DoS Settings are enabled from the Dashboard, under DoS Attack Status doclet. Check if DDoS related IPS policies are configured under IPS > Policy > Policy. If not configured prior, you can configure DoS and DDoS prevention mechanisms by referring to the article How To – Prevent DoS and DDoS Attacks using Cyberoam. Note: - Unless specifically advised by Cyberoam Support, do not enable the TCP Flood settings. For optimum results, periodically check the DoS alerts and if any legitimate traffic is dropped, readjust the Packet rate per source and Burst rate per source values. Configure a DoS Bypass Rule for a specific IP address if its legitimate traffic is dropped. Refer to the article How To – Configure DoS Bypass Rule. Step 2: Check DNS Configuration The following may be the reasons for slow browsing: Case 1 An Internal DNS server is configured for LAN users and all DNS requests are directed to it. Issues with the Internal DNS Server or the External DNS Server, to which it forwards requests, may result in overall slow browsing. Resolution: To resolve this issue, contact appropriate administrators or Server vendors. Troubleshooting Slow Browsing Case 2 Multiple ISP Links are terminated on Cyberoam and user systems are configured with a particular ISP’s DNS. In this case, the outgoing DNS traffic gets load balanced. Hence, Two (2) possibilities occur: - If a DNS request travels through the ISP Link whose DNS is configured in user’s system, the request is resolved and turnaround time is good. If a DNS request travels through another ISP Link, the request is dropped because the DNS configured in user’s system does not match ISP’s DNS. This results in only partial DNS requests in the network to be resolved, which ultimately leads to slow browsing. Resolution: Configure a Static Route in Cyberoam that forwards all DNS Traffic to the ISP Link whose DNS is configured in user’s systems. You can configure Static Routes from Network > Static Route > Unicast. Consider an example where the ISP has given a DNS Server IP Address 203.88.56.23 for the gateway IP Address 192.168.1.254. For this, the Static Route is as follows. Case 3 Cyberoam LAN IP is configured as DNS in user systems. Issues with DNS configuration in Cyberoam may lead to slow browsing. Resolution: Follow the instructions given below to troubleshoot DNS configuration in Cyberoam 1. Login to Cyberoam Web Admin Console with user having read-write administrative rights over relevant features. 2. Go to System > Maintenance > Services to check if DNS Service is running. If service is stopped, restart it by clicking Start. If issue persists, contact Cyberoam Support. Troubleshooting Slow Browsing 3. If the DNS service is running, then check query response time by performing a Name Lookup of any domain like google.com. To perform Name Lookup, go to Network > DNS > DNS and click Test Name Lookup. 4. Specify google.com as host name and click Test Connection. 5. The following Result is displayed. Result is dependent on individual networks. Troubleshooting Slow Browsing 6. Cyberoam resolves queries using DNS Servers in a top to bottom order. Hence, compare the response times of each Server and place the Server with the least response time at the top. Here, we see that 8.8.8.8 has taken the least time. So, place 8.8.8.8 at the top of the DNS List using Move Up and Move Down buttons. Note: It is recommended to use 127.0.0.1 as the Primary DNS Server if Cyberoam is used as a Direct Proxy Server (Cyberoam LAN IP configured as Proxy Server in browsers) OR if Cyberoam LAN IP is configured as DNS in all user systems. 127.0.0.1 is Cyberoam loop back local DNS Server which directly resolves queries from Root DNS servers and caches them locally. This ensures that repeat queries are resolved much faster. Step 3: Check for Packet Loss within the Network Loss of packets during transmission between network nodes may result in reduced browsing speeds. Resolution: To check for Packet Loss, follow instructions given below. 1. Login to any network node and execute the PING command to any host on the Internet. For example, here, we have executed ping to 8.8.8.8 from a windows machine. Troubleshooting Slow Browsing The above screen shows a 40% packet loss. 2. Execute a trace route command to any host on the Internet to find out where the packet loss is taking place. For example, here, we have executed the tracert command to 8.8.8.8 from a windows machine. 3. As shown above, packets are lost in transmission. A possible cause for it can be Bandwidth Congestion. To troubleshoot this issue: - Increase the available bandwidth in the network. - Optimize bandwidth usage in the network by Bandwidth Shaping or applying other QoS Policies using Cyberoam. 4. Packets could also be lost while transmitting from network node to Internet if certain kind of traffic is not allowed through Cyberoam. In Cyberoam, go to Firewall > Rule > Rule and check if any traffic is filtered out. 5. Packet loss could also be a result of faulty network hardware or cables. Physically check the network nodes for loose cables or faults. If necessary, replace the faulty hardware. Step 4: Check for Interface Collisions and Errors Improper Link Speed and Duplex negotiation between Cyberoam WAN Port and upstream router can be a reason for less browsing speeds. Another reason could be an IP Conflict between Two (2) or more interfaces of Cyberoam. Resolution: To check for Interface errors, follow instructions given below. 1. Login to Cyberoam CLI and choose option 4. Cyberoam Console. Troubleshooting Slow Browsing 2. Execute the command: console> show network interfaces 3. As shown, there should be no errors and dropped packets. If errors exist, execute the same command a few times and observe the number of errors. An increasing number of errors implies poor connectivity, and hence, slow browsing. To troubleshoot the issue: - Replace the cables connected to the interface(s) showing errors. - If Cyberoam is directly connected to an upstream router, insert a switch between them. 4. The auto-negotiated Interface Speed should be a Full Duplex connection. If any interface has negotiated with a Half Duplex, manually set the Interface Speed to match that of the peer device. To set the interface speed: Go to Network > Interface > Interface and select the required Interface. Troubleshooting Slow Browsing Under Advanced Settings, select the appropriate Interface Speed to match the peer device. Here we have selected 100 Mbps Full Duplex. Step 5: Verify Gateway Failover Condition and Health of ISP Link The following may be the reasons for slow browsing: Case 1 Improper Gateway Failover Condition might cause Cyberoam to detect inaccurate gateway status. Resolution: To verify Gateway Failover Condition, follow instructions given below. Go to Network > Gateway > Gateway and select the required Gateway to check its failover condition. We recommend keeping a failover condition that performs check on either Global DNS Servers, like 4.2.2.2 and 8.8.8.8, or other reliable Global IP Addresses on the Internet. Troubleshooting Slow Browsing Case 2 Poor Internet connectivity on the gateway because of a fluctuating ISP Link leads to slow browsing. . Resolution: To check Internet Connectivity, follow instructions given below. Go to System > Diagnostics > Tools and Ping any external host like yahoo.com with packet size 1000 using each Cyberoam WAN Port (Gateway). If there are any errors or packet loss, contact your ISP. Step 6: High Resource Utilization Exceeding Maximum Capacity High utilization of resources such as bandwidth and processors result in slow browsing Resolution: Check resource utilization from System > Diagnostics > System Graphs. You can view live and historical information of CPU Usage, Memory Usage, Disk Usage, Load Average, Users information, WAN Zone and Interface Data. Here we have shown information for CPU and Memory Usage, and Interface Data. If you observe continuous high utilization of bandwidth on any WAN Interface reaching the Maximum bandwidth available from ISP, you can either consider increasing the Maximum Bandwidth Limit from the ISP or try analyzing surfing patterns in the network to apply appropriate Internet Access Policies like Web Filter, Application Filter and QoS Policies. If you observe continuous high utilization for any of the system resources like CPU or Memory, contact Cyberoam Support. Troubleshooting Slow Browsing Troubleshooting Slow Browsing Troubleshooting Slow Browsing Step 7: The PLAIN Firewall Rule Check If the slow browsing issue still persists perform the PLAIN Firewall Rule check. Create a firewall rule that allows all traffic without scanning, as shown below, and place it on top of all other firewall rules created. Resolution: Once Plain Firewall Rule is created, contact Cyberoam Support for further analysis of security scanning process in your Appliance. Document Version: 2.1 – 9 September, 2014