Issue with internet speed after adding Cisco to network - Page 2

Ricohit123 · ‎11-03-2011

Oki guys, ill try my best in explaining the issue we are experiencing. It all started with our company buying new Cisco Switch for around 20 000 dollars. As none of us knew anything about Cisco, we had a guy from our Branch in england to set it up for us. He came and did his job and then left day after.

Problems start showing up some days after he did his job. Main problem is our Internet speed. The internet speed has simply gone down to around 5% of what we had before. And while trying to solve the problem, it is simply making it even worse now. We think it is related to the Cisco switches we have installed in our network, but the guy in england is keep on saying that its something to do with the proxy server. I find it hard to believe as this proxy was in our network before the Cisco swithces, when everything was running fine.

Cisco switches we bought are as follows:

1 X WS-C3750G-24TS-S10

3 X C2960G-24TC-L

I think there is some routing issue in the Cores switch which is the 3750G. In the picture below you will see how our network is connected, its a little bit complicated but i will try to explain as much as possible. Remeber that i am not even drawing the 2960 switches because i have already connected directly to our 3750G switch and the problem still presisted.

I have a feeling that if you see the picture above, the internet traffic for some reason is trying to go thru the fiber communication towards our branches in europe, instead of going directly to the ISP router and then FW and out. Is there a way i can see how the traffic towards outer world is routed in Cisco Switch?

darren.g · ‎11-10-2011

Numan mastana wrote:

I thought that was the problem until i gathered some more information about my network. First of all i want to make clear what these different IPs are:

172.17.187.254 is our ISP router

10.145.193.193 is our router for communication towards Europe

172.17.187.249 is our Firewall

It works like this:

When a user types in www.cisco.com on his computer (with proxy enabled) , the following happens:

The request is send to our Core switch (3750G) which uses its route list and sends the request to our Firewall. Firewall and the proxy server has its own Vlan configured thru another switch where they are connected. Firewall sends request to proxy, and proxy does its job and sends the request back to Firewall, and then out to internet to resolve the DNS request and then back to Firewall. Now how the request goes back to the computer that sends the request to start with, is important here. In our Firewall, it is configured to use the ISP router as default gateway. We do not have the permision to change anything in the Firewall so we have asked our department in England to look at it, and change the default gateway to our Core Cisco switch.

I hope the explanation above gives you a picture of how our topology is.

Vlans dont have IP adrdress? I dont think they have local router, so they are using the routing list to find there way out.

By the way is there a software that can trace the traffic thru proxy and not our network? So if i tracert www.cisco.com it shows its way to internet and then back to the computer.

Your routing is *way* out of wack.

You have a mass of non-routable subnets (10.144.x.x networks) pointing to your ISP router, which, unless it knows otherwise, would drop the packets because you can't route 10.0.0.0/8 networks across the internet without encapsulation.

Your "default" route (everything which is *not* explicitely specified in your routing table - I.E. most of the Internet!) is pointing to your link to Europe, and a few networks pointing to your firewall (doing NAT/proxy, I assume).

The way it looks to me is that any request for a "live' internet address (I.E. ont not covered by one fo the specified RFC1918 addresses in your routing table) would go over your European link - which is why internt access is slow, because the vast majority of the IP addresses will fall into this category.

You really, really need to get someone who understands Cisco routing in to look at your switch - because it looks like the guy who configured/installed this switch/router either doesn't understand Cisco properly, or doesn't really know how your network functions.

According to what you've said, your default route (ip route 0.0.0.0 0.0.0.0

Cheers.

Ricohit123 · ‎11-11-2011

Thanks for answering my friend.

Can you explain how come most of the internet traffic is routed thru default gateway (Europe Link) when users are using proxy settings on their internet explorer? The proxy (172.17.......) is listed in the route list of our Core Cisco switch to point to our Firewall. So when a request of internet address is executed it should thru Cisco Switch go directly to our Firewall. Look at the route list below explaining this:

ip route 172.16.0.0 255.240.0.0 10.145.193.193

ip route 172.17.195.8 255.255.255.248 172.17.187.249

ip route 172.17.195.16 255.255.255.248 172.17.187.249

If i request for a internet address which is www.cisco.com (IP adress just example 212.244.24.26) over internet which has its proxy enabled 172.17.195.18. The request to the core switch wont be to find the 212.244.24.26 adress, it would rather be to find the proxy server (172.17.195.18) to resolve the www.cisco.com for me. And in the routing list, it is already listed that if someone requests for proxy server (172.17.195.18) it should point to Firewall 172.17.187.249. So i dont understand you saying most of the internet traffic pointing to default gateway.

darren.g · ‎11-13-2011

Numan mastana wrote:

Thanks for answering my friend.

Can you explain how come most of the internet traffic is routed thru default gateway (Europe Link) when users are using proxy settings on their internet explorer? The proxy (172.17.......) is listed in the route list of our Core Cisco switch to point to our Firewall. So when a request of internet address is executed it should thru Cisco Switch go directly to our Firewall. Look at the route list below explaining this:

ip route 172.16.0.0 255.240.0.0 10.145.193.193

ip route 172.17.195.8 255.255.255.248 172.17.187.249

ip route 172.17.195.16 255.255.255.248 172.17.187.249

If i request for a internet address which is www.cisco.com (IP adress just example 212.244.24.26) over internet which has its proxy enabled 172.17.195.18. The request to the core switch wont be to find the 212.244.24.26 adress, it would rather be to find the proxy server (172.17.195.18) to resolve the www.cisco.com for me. And in the routing list, it is already listed that if someone requests for proxy server (172.17.195.18) it should point to Firewall 172.17.187.249. So i dont understand you saying most of the internet traffic pointing to default gateway.

The proxy server still has to look at the global routing table, unless it has its own.

So directing your clients to the proxy and then letting the proxy filter the packets befopre it sends them out will just fall back to your original default route - which sends the packets via Europe.

If your proxy server has a different default route to everything else (I.E. if it has your Internet gateway hard-coded into it somewhere), then it'd work - but not unless that is the case.

What you're saying is *not* how routing works - there isn;t any magic "if you ask for this address you get that one" as you describe above - routing simply tells the packet where to go - it doesn't change it any way - the concept you are talking of is known as NAT, and is a whole different level of complexity.

The way it works is this

Client sends request to www.cisco.com (212.244.24.26) to its default router.

The default router looks in its routing table for an entry which matches either the defined address, or a subnet which includes this address. If it finds an entry which matches, then the packet is forwarded to the specified destination.

In this case, since your routing table does NOT contain either an explicit host route to 212.244.24.26 or a route to the network tis address is on - 212.244.24.0/24 - the default router for the client will forward the packet to the router which is listed as ITS default router - which in your case, scrolling way, way back up to the top, is 10.145.193.193 - or your link to Europe.

It doesn;t matter what your proxy does UNLESS the proxy device has either an explicit route to 212.244.24.26 or a default route to some destination OTHER than 10.145.193.193 - the packet is going to go via Europe.

I can't do much more than to repeat my earlier advice - find someone who knows networks (and, more specifically, Cisco) and get them to look into your routing.

Cheers.

Ricohit123 · ‎11-15-2011

Thanks for the reply. All respect to what you are saying, but i am still not convinced on that :-)

My explanation about internet traffic going thru our proxy is even more confirmed with a test we did recently. We did a test with moving the proxy server out from the Vlan of Firewall and connected it directly into the coreswitch. So we had this proxy completly detached from the Firewall. Doing this gave us almost 30 times faster internet which is about what we are paying the ISP for. We did not do anything with the routing table of our Core Switch and just shifted our proxy directly into the core switch. So with the same routing table, everything was so much faster, confirming that routing table of Cisco is not the culprit, even though i thought it was to start with. We think it has something to do with the Firewall. Something is wrong with the routing table of our firewall.

darren.g · ‎11-15-2011

Numan mastana wrote:

Thanks for the reply. All respect to what you are saying, but i am still not convinced on that :-)

My explanation about internet traffic going thru our proxy is even more confirmed with a test we did recently. We did a test with moving the proxy server out from the Vlan of Firewall and connected it directly into the coreswitch. So we had this proxy completly detached from the Firewall. Doing this gave us almost 30 times faster internet which is about what we are paying the ISP for. We did not do anything with the routing table of our Core Switch and just shifted our proxy directly into the core switch. So with the same routing table, everything was so much faster, confirming that routing table of Cisco is not the culprit, even though i thought it was to start with. We think it has something to do with the Firewall. Something is wrong with the routing table of our firewall.

You know, there's an easy way to confirm this situation.

From any Windows machine, in a command prompt, type the following

C:\> tracert www.google.com

Then type

C:\> tracert

Pick a host you know is in Europe, across your slow WAN link for the second option.

Post the results from both so we can compare them.

Cheers.

Ricohit123 · ‎11-16-2011

I have already tracert but the thing is, when you tracert for example www.google.com, it will not take into account the fact that we are using proxy. My understanding is that let us suppose in internet explorer, if i use 172.17.195.10 as proxy server on port 8080, i should rather tracert this IP address to find its way out then trying to tracert www.google.com. So if i tracert www.google.com it wont reflect the actual route as it simply does not know that proxy is used. This is atleast what i have heared from my senior IT-consultants.

darren.g · ‎11-17-2011

Numan mastana wrote:
I have already tracert but the thing is, when you tracert for example www.google.com, it will not take into account the fact that we are using proxy. My understanding is that let us suppose in internet explorer, if i use 172.17.195.10 as proxy server on port 8080, i should rather tracert this IP address to find its way out then trying to tracert www.google.com. So if i tracert www.google.com it wont reflect the actual route as it simply does not know that proxy is used. This is atleast what i have heared from my senior IT-consultants.

So run the traceroute from the server running the proxy and see what you get.

If you're going to insist that there's nothing wrong according to your consultants (who are the ones who installed the mess in the first place), then there's not a lot of point in continuing this thread. There have been half a dozen people who ahve said the same thing I've said - which is that your default route is WRONG - and you continue to disbelieve it.

You've about exhausted my care-factor here, and since you're not prepared to conclusively prove what I'm suggesting may be the problem is indeed the cause, I don't see the point in continuing any further discussion.