[L4, F/W]How can I deal with SPEED???

K

Kenneth Kwon

n00b
Joined
Sep 3, 2015
Messages
13
Hello all,
I have a problem about Speed when accessing web servers..


[Circumstances]
Everything is OK, every packet flows well.
However, now I have focused on the speed...
That is, connection is ok

[Issues]
Whenever I connect or access the web servers, the access speed markedly slow.

However, it is fast sometimes...
That is, slow, fast, slow, fast --- continuous

[The data]
First, please see the below network structure.


original



[The things that I want to know]
As you can see the data, the structure is not complicated.
To tell the truth, I don't know what device is the problem.
and I also don't know what can I see in order to fix it?

I just want to know whether device's problem.
If so, how can I control it.

Regards,
SK
 
You have no logs or whatever which will make it impossible to help you but usually the DB-queries are the main issue unless your host app is incredably slow/inefficient it could also be your backend storage that doesn't cope (access time) with the amount of traffic you have.
 
Thank you for replying diizzy.
Then,, to tell the truth, my main task is verifying that "L4, FW are not problem in this issues."
hmmm, and,,. actually I bang my head against the wall.
Do you know how to see the logs in alteon 3408 switch?

Regards,
 
I would look at more of a historical reporting of CPU and Memory utilization of the switches.
 
Thank you @deaedius,
After checking CPU, Memory utilization, if there isn't a special things, what the next is?

Regards,
 
If your diagram is correct incoming traffic bound for the web servers flows through the ssg hits the alteon and then the WS query your DB servers back through the alteon, back through the ssg, and through the cisco. It may not be a complicated design but it is not a very good one. What kind of throughput are you seeing? What kind of inspection on the SSG?
 
Thank you for replying !
What kind of throughput are you seeing
=> Actually, I don't know how to see that.
I didn't measure the throughput and I also don't know how to measure..
Is it important thing?

What kind of inspection on the SSG
=> I just configured permitting the policies on the SSG (http, https, dns, so on)
 
Kenneth Kwon said:
To Nicklebon,
what is ideal network structure do you think?!
Click to expand...

My assumptions from your diagram are that you're using /28 though that is than clear. All your traffic flows are north. Your web server db queries should be going over a separate network with a separate security policy for starters.

As for throughput:

The best case firewall only throughput for your SSG is about 400Mbps. In your environment you will see less possibly a lot less depending on packet size, session establishment and tear down. If you are doing any sort UTM inspection on that traffic, and you should be, you will see way less throughput.

I will also add that I find it troubling that you have ha web servers and db servers yet have multiple single points of failure all throughout your network infrastructure, again assuming your diagram is accurate.
 
First check dns and remove 3rd party add servers if any temperately.
Those are the most common issues.
Next set up a static test page on the web server is it slow at the same time the dynamic content is slow?
Connect a laptop at different places, does it slow down depending on where you connect?
 
Open up a SMB share on the webserver and see if you can move/retrieve data off of it at a normal speed. If you can...great, if you can not, you should also look into MTU or Jumbo Frame errors as well. Login to the switches and looks for CRC errors, anything that could explain the behavior you are seeing.
 
You must log in or register to reply here.
Back
Top