routers

[hayesp]

Hi,

Can anyone help me out. We are running an inhouse application that runs over citrix and a 512K leased line. The thing is that the application is now running really slowly. We are rebuilding the citrix server at present but I just thought that someone might be able to tell me if it could be an issue with the router itself, which is a 1600.

Thanks in advance.

Paul

 

[labsonline]

Do you have any other types of traffic traversing this link? Perhaps WWW, FTP, Etc...

Think about priority queueing or LLC to give this Citrix traffic the highest priority. Let everything else get sent best effort.

This should alleviate some of the issues.

Sometimes QoS doesn't fix the issue. It's time like these when the only thing that can fix the issue is more bandwidth, but try the QoS first.

HTH,
Robert

 

[Syty]

All of this is good, but there is one question I don't see addressed. you had referenced that actual application resides elsewhere on your network. Have you tried putting that specific host in a dedicated broadcast/collision domain? Is it on the same segment with the other clients?

Not only do you have to be concered with the actual link usage by the requests coming through the router, but what about the basic physical problems like collision domains?

If the clients are using the router at 30-40%, no worries on the router side, ISPs have confirmed that 512/512 adn 25 users is OK. Personally I have to integrate a nationwide network and we have hundreds of Citrix servers. None of which have given me the same problem. A lot of that is due to the fact these servers are used implicitly for the applications that reside on them, or a reachback shortcut to the network share that hosts them. Again, this design supports server farms and dedicated bandwidth to the actual server that hosts the application.

What about media contention?

Bottom line in case I confused anyone,

CSMA/CD. You may not be overworking the router, but depending on your LAN structure inside, the application server may be dependant on Media Contention with regular user host workstations. If these people are checking mail at automatic regular intervals or accessing network shares, this will degrade your throughput extensively as the server must SHARE the bandwidth of the local subnet. Just because the router doesn't support 100 MB on the interfaces, doesn't mean that internally you cannot run 100MB from the server to the switch. Dedicating this segment will give the server full access to it's media. Let's the router worry about handling the amount of return traffic from the server.

Good Luck.

 

[baddos]

I think the hint to your problems lies in your reply...

"Haven't noticed it being slow on the LAN at all, but it will bypass the firewall (Symantec Gateway Security Appliance) and router if on the LAN. The slowdown seems to only happen during peak network activity time though because at night I can connect with virtually no latency at all. I have already tweaked the Citrix rule in the firewall to speed it up...turned off application data scanning and normal logging for that rule."

Does the Symantec Firewally have any reports to show interface, cpu, memory utilization?

 

[WesF]

No reports that I know of, but I'm sure it's possible in the OS, Linux, but I'm not real fluent w/ that OS.

I may have found the solution to our problem though. I noticed periodically throughout the day that our Internet connection seemed to have more lag despite the increase in bandwidth. We haven't maxed out the bandwidth since the upgrade. A few times when we experienced the lag I noticed the display on the front of the firewall showing the CPU usage at 100% and staying there for quite some time. I tried numerous config changes and may have finally found it. I had trace logging enabled on the SMTP Daemon. Since I turned it off the problem hasn't reoccurred.

 

[baddos]

Ah... Maybe the myDoom was helping your firewall stay busy.

 

[WesF]

Problem started way before myDoom came about. Luckily, I did have the tracelog feature disabled by the time it hit or I have a feeling my logs would have filled and my CPU would have been getting hit hard.