Latency accessing internet from internal network
- I have an dual-homed ISA 2006 server in a network that looks like the following:
Internet --- ISA --- Switch --- Server A
Assume the following:
Internet - Subnet A
ISA NIC 1 - Subnet A
ISA NIC 2 - 10.1.1.5 Subnet B
Switch - 10.1.1.1 Subnet B
Server A - 10.1.1.10 Subnet B
While on Server A, if I ping ISA NIC 2 (same subnet), I get the following results (good):
Reply from 10.1.1.5: bytes=32 time<1ms TTL=128
Reply from 10.1.1.5: bytes=32 time<1ms TTL=128
Reply from 10.1.1.5: bytes=32 time<1ms TTL=128
Reply from 10.1.1.5: bytes=32 time<1ms TTL=128
While on Server A, if I ping ISA NIC 1 (internet subnet), I get the following results (bad):
Reply from XXX: bytes=32 time=379ms TTL=128
Reply from XXX: bytes=32 time=393ms TTL=128
Reply from XXX: bytes=32 time=455ms TTL=128
Reply from XXX: bytes=32 time=274ms TTL=128
Pinging ISA NIC 1, internet facing, should be <1ms.
All of the routing seems to work perfecting fine though. Server A can access the internet so I think my routing table is correct.
This also can't be a resource problem on the ISA server because it's a very beefy box and the CPU and memoyr usage is basically zero.
I'm really lost and I don't really know what else to look for.
Here is a tracert from Server A to ISA NIC 2 (internal)
1 <1 ms <1 ms <1 ms 10.1.1.5
Here is a tracert from Server A to ISA NIC 1 (internet)
1 1 ms 1 ms 1 ms 10.1.1.1
2 369 ms 339 ms 386 ms 10.1.1.5 (NIC 2)
3 437 ms 457 ms 506 ms XXX (NIC 1)
Help!
Answers
Hi,
Thank you for your update.
As far as I know, there is no option settings in ISA to limit the download rate. If the download speed through ISA server is really slow, I’d like to confirm the following:
1.Do you have installed some ftp software like Server-U ?
2.Do you have limit the speed on ftp server(Server-u)?
3.What is your outbound bandwidth? You should confirm whether the outbound bandwidth is being limited by your ISP.
If all of these are right, please also check the following and see if it works.
1.Change the link speed settings on the external interface of the ISA server to Auto Detect.
2.Change the link speed settings on the switch connected to the external interface of the ISA Server to Auto Detect.
3.Change the switch port
Regards,
Nick Gu - MSFT- Marked As Answer byNick Gu - MSFTMSFT, ModeratorMonday, August 03, 2009 1:49 AM
All Replies
Hi,
Thank you for your post.
Before going any further, I’d like to confirm the following:
1.How do you configure the NIC1?
( IP address: entered; Subnet mask: entered; default gateway: empty; DNS Server: point to internal DNS Server)
2.How do you configure the NIC2?
( IP address: entered; Subnet mask: entered; default gateway: point to ISP; DNS Server: empty)
Please check the above settings and correct it to see if it works.
Regards,
Nick Gu - MSFT- Hi, The only difference between what you have and what I have is that I have my internal DNS server set to the external NIC also. I just tried to remove it from the external NIC and I am still getting the same results.
I just dual-homed a server so that one NIC is inside of ISA and the other outside of ISA and there are major bandwidth differences. When accessing the FTP server going through ISA, I am gettings download speeds ~0.5MB. When accessing the FTP server bypassing the ISA, I am getting download speeds of ~13MB. Note that I am doing this test from my home internet provider which is different than our data center.
The connection to my ISP is a full GigE network. Every server is also connected at a GigE speed to the internal network.
Thanks Hi,
Thank you for your update.
As far as I know, there is no option settings in ISA to limit the download rate. If the download speed through ISA server is really slow, I’d like to confirm the following:
1.Do you have installed some ftp software like Server-U ?
2.Do you have limit the speed on ftp server(Server-u)?
3.What is your outbound bandwidth? You should confirm whether the outbound bandwidth is being limited by your ISP.
If all of these are right, please also check the following and see if it works.
1.Change the link speed settings on the external interface of the ISA server to Auto Detect.
2.Change the link speed settings on the switch connected to the external interface of the ISA Server to Auto Detect.
3.Change the switch port
Regards,
Nick Gu - MSFT- Marked As Answer byNick Gu - MSFTMSFT, ModeratorMonday, August 03, 2009 1:49 AM
