IOS Trend Micro content filtering in Asia

gordonaaa · ‎11-05-2010

Hi,

I have a 2811 running 12.4(24)T2 with Trend Micro content filtering located in China.

It is configured with both category filtering as well as local filtering.

Web site load times are unreasonably slow. If I add a site to the local whitelist (so that it doesn't access trend category server), page loads are much quicker. A page that may take 30 seconds to load would then take 10. (using firefox extension to measure load times)

It is caching as I can see cached URLs with "show policy-map type inspect zone-pair urlfilter cache detail", but it's still extremely slow when filtering.

parameter-map type trend-global global-param-map
server trps.trendmicro.com
cache-size maximum-memory 128000
cache-entry-lifetime 8

The 2811 points to trps.trendmicro.com which I think is located in the US. Ping times are in the 400-500 ms range

ping trps.trendmicro.com

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 216.104.8.100, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 404/409/412 ms

Is there an asia-pac server to which I can point to?

Are there any other options (cachinng or other) to help with the speed of filtering?

-Gordon

Panos Kampanakis · ‎11-05-2010

Gordon,

I don't think there is an Asia located server. trps.trendmicro.com resolves to a couple of ip addresses but I think they are both hosted in US West coast. Indeed slowness in the response could be the cause of this.

I would suggest to check the "sh policy-map type inspect zone-pair urlfilter" showing slow response times and does it show cached pages. Just to make sure they are working.

I hope it helps.

PK

gordonaaa · ‎11-05-2010

Thanks PK,

It is hitting the cache, however the roundtrip times to the trend server is dog slow.

Trend URL Filtering is ENABLED

Trend server : trps.trendmicro.com(port: 80)

Current requests count: 7

Current packet buffer count(in use): 15

Maxever request count: 597

Maxever packet buffer count: 200

Total cache hit count: 5763854

Total requests sent to URL Filter Server :3198776

Total responses received from URL Filter Server :3194323

Total error responses received from URL Filter Server :96

Total requests allowed: 2128453

Total requests blocked: 39930

1min/5min Avg Round trip time to URLF Server: 4607/5966 millisecs

1min/5min Minimum round trip time to URLF server: 1108/1108 millisecs

1min/5min Maximum round trip time to URLF server: 8468/16952 millisecs

Last req round trip time to URLF Server: 3236 millisecs

Do you think there's any solution like setting up a local trend mirror or equivalent? Or do you know of any plans of expanding the filtering servers to overseas?

-gordon

Panos Kampanakis · ‎11-05-2010

Tough to answer.

I am not sure about plans for a server in Asia.

As for static solution, no, because the router needs to ask Trend for each HTTP GET and there is no local server that can provide that functionality. 2.5sec that you have response time for every GET is going to slow down your pages.

So I believe we got to the root cause of this. I am afraid we don't have a good solution either though.

I will let other people to chime in if they have any other ideas.

Rgs,

PK