Well the Sonicwall engineer did find it rather quickly, maybe 30 minutes into the call, after going through the whole issue. So our oddity now is we received word from our carrier they have MTU = 9216, so we should be able to set 9000 MTU. The Sonicwall (5500) only allows 1500 MTU, but I still cant even get that. My highest MTU I can set right now is 1376 (or so). What I did find is the client has a 100MB fiber uplink with an Ethernet convertor box, Im wondering if that box is causing the issue. We have several procurves that I could vlan out a fiber port but they only do 1GB fiber not 100MB so I don't get any uplink.
We do have ICMP enabled on the firewall and I will turn it off as a test, I never heard that having ICMP enabled would cause that, but for the 1 minute it takes to test is worth it. Luckily our new 1GB fiber from a different carrier is coming in this week, so we are back in business and going to leave it for the next few days until we make the transition. The new carrier provides us a QinQ layer 2 bridge and gives us an Ethernet handoff instead of a fiber handoff. Thanks everyone for the tips/comments. From: Rohyans, Aaron [mailto:[email protected]] Sent: Sunday, August 29, 2010 7:40 AM To: NT System Admin Issues Subject: RE: Bandwidth problems Perhaps your Firewall is responding ICMP Packet-Too-Big messages from your provider and/or transit systems. Or, perhaps is using a path-MTU-discovery mechanism. I'm somewhat surprised that the Sonicwall engineer hadn't seen MTU issues like this. They are very common with VPNs - and although that's not what you're dealing with here. the same principles apply. Have you tried turning off/blocking ICMP at your outside interface (more than just Echo/Ping) to see if the problem goes away? Aaron T. Rohyans Senior Network Engineer CCIE #21945 DPSciences Corporation 7400 N. Shadeland Ave., Suite 245 Indianapolis, IN 46250 Office: (317) 348-0099 Fax: (317) 849-7134 [email protected] http://www.dpsciences.com/ "I want an Anti-Virus system that sends Arnold back in time to kill the hacker as a small child before he invents the virus..." "There are 10 kinds of people in this world... those who can read binary, and those who can't" From: Lists - Level5 [mailto:[email protected]] Sent: Thursday, August 26, 2010 3:57 PM To: NT System Admin Issues Subject: RE: Bandwidth problems We have internal IPS/IDS, and mail filters already setup. We have tracked down the issue with Sonicwall today, apparently our MTU size is fluctuating. It was set to default 1492, I lowered it to 1404 and then this command : ping google.com -f -l 1400 worked just fine, however an hour later it would come back saying needed to fragment the packet, so now we are running with an MTU of 1360 or 1366 or something . Very odd problem, we are migrating away from the current provider and the powers that be are wondering if this is being done purposefully. Sonicwall engineer said he doesn't recall seeing an MTU size working for 10-15 mins then suddenly be too big. From: Andrew S. Baker [mailto:[email protected]] Sent: Thursday, August 26, 2010 12:11 PM To: NT System Admin Issues Subject: Re: Bandwidth problems You don't NEED the security stuff? Can I ask why?!? ASB <http://XeeSM.com/AndrewBaker> (My XeeSM Profile) Exploiting Technology for Business Advantage... <http://www.wisestamp.com/email-install?utm_source=extension&utm_medium=emai l&utm_campaign=footer> Signature powered by <http://www.wisestamp.com/email-install?utm_source=extension&utm_medium=emai l&utm_campaign=footer> WiseStamp Image removed by sender. On Thu, Aug 26, 2010 at 11:38 AM, Lists - Level5 <[email protected]> wrote: Rich, all the security stuff is disabled, we didn't need it anyway but I took it off as a precaution the other day. From: Richard Stovall [mailto:[email protected]] Sent: Wednesday, August 25, 2010 12:19 PM To: NT System Admin Issues Subject: Re: Bandwidth problems Do you have any of the SonicWall security services or content filtering licensed and enabled? Have you cranked up alerting to tell you if the SonicWall might be blocking something because of one of those services? That 5500 should be powerful enough to handle quite a bit of throughput. On Wed, Aug 25, 2010 at 11:55 AM, Level 5 Lists <[email protected]> wrote: I have been troubleshooting a bandwidth problem where connections are dropping. We ran some different tests like speedtest and pingtest as well as a trial of visualware. Everything points to tcp max delay (300ms) being a major issue and suggests packet loss. I have run some tracerts for the ISP and they say its not their side. I tend to believe them a little because if we unplug our Sonicwall and go directly the problem goes away. As a test I rolled out a new Sonicwall 5500, reconfigured it and the problem still exists. We are jumbo framed enabled internally, and our procurve mgmt software has some intermittent issues throughout the network but nothing specific. Does anyone have any good tools they could recommend to test internal connectivity, the few tools i see just test speed which seems to be running just fine (qcheck). Thx ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- You are currently subscribed to ntsysadmin as: [email protected]. To unsubscribe click here: http://lyris.sunbelt-software.com/u?id=64553.325aa6c3c4ae87208d38a87100290cd 1 <http://lyris.sunbelt-software.com/u?id=64553.325aa6c3c4ae87208d38a87100290c d1&n=T&l=ntsysadmin&o=9078340> &n=T&l=ntsysadmin&o=9078340 (It may be necessary to cut and paste the above URL if the line is broken) or send a blank email to leave-9078340-64553.325aa6c3c4ae87208d38a87100290...@lyris.sunbelt-software. com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- You are currently subscribed to ntsysadmin as: [email protected]. To unsubscribe click here: http://lyris.sunbelt-software.com/u?id=8142875.a9cf90b99baa17cb4fcf8293a59eb3b1&n=T&l=ntsysadmin&o=9078815 or send a blank email to leave-9078815-8142875.a9cf90b99baa17cb4fcf8293a59eb...@lyris.sunbelt-software.com
<<image001.jpg>>
