Have a strange one trying to nail down here.
A pc at a remote branch (across a full p-to-p T-1) has extremely slow responses accessing the internet. The PC does use a proxy server to handle the internet requests. There is virtually no load in the T-1 and the issue seems to clear up sometimes. The users at the main site don't experience slowness to the same internet sites while using the same proxy server. To me it really looks like something with the proxy server, but then how do you explain the fact the users at the headquarters don't experience the issue. Also several other branch sites may be experiencing this same issue while other branch locations are not. Could this be a MTU issue or something else? It's strange that users at the main site don't experience the issue, and while the issue is happening the T-1 links to the remotes are at less than 5% utilization. There is nothing fancy no nating or anything with the devices configs.
I did perform a packet capture (see attachment) from the proxy server (10.101.4.19) of the clients request (10.122.59.11) and see gobs of TCP retransmissions.
Any advice from to point me in a direction would be greatly appreciated.
have you looked at the latency between the remote site and the proxy server when access is slow
what are the ping response times like
i assume the main office has a layer 2 connection to the proxy so routing isn't an issue here but is it an issue from the remote sites
are you running any kind of authentication on the proxy to authenticate users
hope this helps or at least gives you something to think about
ps - have you captured on the local pc at the same time as on the proxy so you can compare?
I have looked at latency between the remote site and the proxy server and it is very low when the issue hapening, like 20ms to 30ms round trip times.
The main office has a L2 connection to the proxy server.
Remember that if you disable and don't use the proxy from a client at the remote site internet browsing is very fast and normal.
What makes it strange is the fact that when users at the remote site are having the issue, users at the main site are not even though they are using the same proxy server and there is virtually no load and excellent latency between the remote site and the proxy server.
The proxy server is utilizing authentication, but it's still strange the main office users don't expereince the issue when the remote users do.
I have captured on a local pc and seem to get the same results as capturing on the proxy server "lots of retransmissions".
Could an MTU issue cause this in the direction of proxy to client or vice versa?
BTW, I'm unable to open your attachment, my PC considers it corrupted.
However, when you note ". . . gobs of TCP retransmissions.", such will generally kill TCP performance. So much so, it could also explain your "virtually no load" to "less than 5% utilization" on the T-1.
Try to find the cause of all the TCP retransmissions.
Looks like something on your PC at the browser level.
1. you send GET to Proxy
2. Proxy replies that it needs you to enter Name/Password
---2 seconds pause, PC does not reply or confirms TCP reception ---
3. Proxy retransmits - why didn't you confirmed packet
4. PC retransmits GET to proxy
So... possible reasons.
A. problems on L7.
1. Try using browser that supports proxy authentication, like (uh.. i hate to say it) MSIE.
2. Try using different OS.
3. Different users, different PCs...
On the other hand it also looks that there is a big problem on TCP level - your PC does not seem to care to confirm reception/reply in time. I'd look at your PC. If the TCP options/timers are different than that of a proxy
C. Group policy. There is a small possibility that this is happening because of admin group policy in your active directory domain container.
Thanks for your reply. Some more info that may help.
The users at the remote sites are using IE6.0. Also the weird thing is it has been know to happen intermittently. Sometimes the users will experience slow browsing (like taking google.com 3 to 5 minutes to pull up the page). And it has also seemed normal and fast.
Just some more info for you.
pompeychimes makes a good point
can you identify a single host on one of the remote networks and tell the proxy not to authenticate traffic from that host to any site or tell the proxy to allow all users on the remote site to have unauthenticated access to a single single safe site, i.e. google, bbc, ramones.com etc
when access slows get the users to try access to the unauthenticated site
hope this helps
When we bypass the proxy all internet surfing is very fast low latency. So common knowledge would point to the proxy. The weird thing is when the remote sites are experiencing the slowness through the proxy users at the main site/location don't seem to experience this slowness through the same proxy. Not knowing how Microsoft ISA works I wonder if maybe there is an authentication rule based on subnets thats somehow been overlooked for the remote sites.
We placed a TAC call with Cisco to have them bless the configuration. From an ip connectivity standpoint they cleard the configuration and seem certain it's something related to the proxies. They looked back at similar cases and found that adjusting the "tcp retransmision timeout" helped the issue. Does this seem correct?