When you tcpdump, are you seeing any chicanery with the TCP window size? I assume you would have mentioned things like retransmitted packets and so on. No packet loss?
--Matt On Fri, Jan 24, 2014 at 11:57 AM, Nick Cammorato <[email protected]>wrote: > Hi everyone, > > I thought someone here might have some ideas, because I'm currently > stumped. For some background: I recently consolidated all of our "inside" > layer 3 onto our Juniper SRX 1400. Prior to this everything was scattered > across a few different devices with some point to point links. For the > most part, everything works as expected - pretty well. The exception being > why I'm mailing the list - VPN connections(via our ASA) to our internal > instances of atlassian confluence are suddenly excruciatingly slow. > > We have 2 confluence instances: a development/test instance and a > production instance, each of which live on a different VLAN/has a different > gateway. The exhbited behavior is: page loads of up to 30-40 seconds, > almost all most of which is a single batched ajax JS load - which is about > 300 -> 500kb or so and loads at a rate of 10kbps. This is new behavior. > > Traffic not over VPN is perfectly normal. > > Current topography looks as follows: > ASA(inside) --> SRX (ge-x/x/x.0) > Clients -(Ge)-> Client Distribution Switch --(2XGe VPC)--> Nexus Switches > --(2XGe VPC)--> SRX(ae0.1) > Confluence1 -(Ge)-> Distribution Switch --(2XGe VPC)--> Nexus Switches > --(2XGe VPC)--> SRX(ae0.2) > Confluence2 -(Ge)-> Distribution Switch --(2XGe VPC)--> Nexus Switches > --(2XGe VPC)--> SRX(ae0.3) > > And I've tested the following: > - The ASA was at one point cabled off the Client Distribution Switch with > the vlan dwelling on the agg interface, moving it had no effect. > - I've monitored traffic via an inline tap, tcpdumps at both ends, and a > tcpdump on the router itself looking for fragmentation, out of sequence > packets, etc. and seen nothing. > - I've done the above looking for DNS traffic to see if maybe there is an > nslookup issue somewhere, and nada. > - iperf shows normal bandwidth to the confluence servers themselves - > 10mbps or so from home. > - There don't appear to be any autonegotiation issues. > - No errors on any involved interface. > - No errors in apache, confluence or tomcat logs, regardless of log level. > - Software version of confluence has no effect. > > Now here's an odd thing, if I do a curl on one of the slowly loading > scripts, in isolation it loads at 10kbps or so - this is repeatable too, > daisy chain 10 loads of the same script and they will all load at 10kbps. > If I fork and run the curl twice or more in parallel, however, it loads > instantly. > > Anyone have any ideas before I start opening TAC/JTAC cases? > > Thanks, > --Nick > > > _______________________________________________ > bblisa mailing list > [email protected] > http://www.bblisa.org/mailman/listinfo/bblisa > -- "Today, vegetables... Tomorrow, the world!"
_______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
