Re: network tuning and performance troubleshooting
Message: 18 Date: Thu, 04 Jan 2007 18:05:27 -0500 From: Bob McIsaac [EMAIL PROTECTED] Doug Hardie wrote: On Jan 3, 2007, at 22:57, Bob McIsaac wrote: Problem: Browser status 'looking up address' for 10 seconds for any web page clicked. Slashdot takes almost a minute to load. But FTP performance is good and running a shoutcast stream is no problem. Sending mail via my ISP is slow. Investigation: - sysctl -a | grep net | less shows a ton of variables with values assigned. Ping of nameserver assigned by dhcp takes 0.5ms. Ping of freebsd.org = 90ms. Nothing obvious in loader.conf or rc.conf (defaults). /var/log/messages has only startup info. Question: - How to solve this thorny performance problem? -Bob- You might want to run tcpdump and monitor one of those slow loads. Include the timestamp in the output and see what it is doing during that time. I would tend to suspect DNS timeouts. tcpdump confirms there is a ten second delay as seen on the browser. 1. there are some UDP packets to/from the nameserver. 2. nothing happens for ten seconds 3. now there is a TCP connection tcpdump: listening on vr0, link-type EN10MB (Ethernet), 17:34:07.537419 proto: UDP (17) 192.168.1.102.53032 192.168.1.254.domain: 45959+ A? www.google.ca. (31) You ask 192.168.1.254 - presumably your gateway, and/or internal DNS server? - for www.google.ca's IPv4 address. 17:34:07.545218 IP proto: UDP (17) 192.168.1.254.domain 192.168.1.102.53032: 45959 6/7/4 www.google.ca. CNAME[|domain] It's a CNAME. Not sure if you got the right IP address there, though from the later (after delay) connect to google.com, I suppose so .. 17:34:07.545500 IP proto: UDP (17) 192.168.1.102.64463 192.168.1.254.domain: 45960+ ? www.google.ca. (31) Then you ask for www.google.ca's IPv6 address. Do you really want that? You get no response on that, but maybe you're prepared to wait for it, ie are you somehow relying on getting an IPv6 address, and if so, why? 17:34:07.868410 IP proto: UDP (17) 192.168.1.102.61375 192.168.1.254.domain: 48085+ PTR? 254.1.168.192.in-addr.arpa. (44) You then ask for your gateway's IP address, by name. Hmm. But you get no response to that query. Looks like you're about to wait for one .. ~4.6 seconds later you're still waiting, and you ask again .. 17:34:12.545947 IP proto: UDP (17) 192.168.1.102.54649 192.168.1.254.domain: 45960+ ? www.google.ca. (31) .. for that IPv6 address, and then you ask again .. 17:34:12.868866 IP proto: UDP (17) 192.168.1.102.55840 192.168.1.254.domain: 48085+ PTR? 254.1.168.192.in-addr.arpa. (44) .. for your gateway's IP address from its name. No answer. nothing happens for 10 seconds?? .. and then you appear to contact google.com successfully. 17:34:22.546051 (tos 0x0, ttl 64, id 226, offset 0, flags [DF], proto: TCP (6), length: 64) 192.168.1.102.52363 qb-in-f147.google.com.http: S, cksum 0x3aa5 (correct), 1762925400:1762925400(0) win 65535 mss 1460, nop,wscale 1, nop,nop,timestamp 1758025 0,sackOK,eol Are you obliged to use 192.168.1.254 for DNS? The queries aside (which it should quickly NAK if it doesn't handle them), it seems broken if it can't resolve it's own reverse DNS? Can you use your upstream provider's DNS server/s instead (ie in resolv.conf)? Is your IP fixed or DHCP-assigned? If the latter, with or without auto DNS assignment? Cheers, Ian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: network tuning and performance troubleshooting
Ian Smith wrote: Message: 18 Date: Thu, 04 Jan 2007 18:05:27 -0500 From: Bob McIsaac [EMAIL PROTECTED] Doug Hardie wrote: On Jan 3, 2007, at 22:57, Bob McIsaac wrote: Problem: Browser status 'looking up address' for 10 seconds for any web page clicked. Slashdot takes almost a minute to load. But FTP performance is good and running a shoutcast stream is no problem. Sending mail via my ISP is slow. Investigation: - sysctl -a | grep net | less shows a ton of variables with values assigned. Ping of nameserver assigned by dhcp takes 0.5ms. Ping of freebsd.org = 90ms. Nothing obvious in loader.conf or rc.conf (defaults). /var/log/messages has only startup info. Question: - How to solve this thorny performance problem? -Bob- You might want to run tcpdump and monitor one of those slow loads. Include the timestamp in the output and see what it is doing during that time. I would tend to suspect DNS timeouts. tcpdump confirms there is a ten second delay as seen on the browser. 1. there are some UDP packets to/from the nameserver. 2. nothing happens for ten seconds 3. now there is a TCP connection tcpdump: listening on vr0, link-type EN10MB (Ethernet), 17:34:07.537419 proto: UDP (17) 192.168.1.102.53032 192.168.1.254.domain: 45959+ A? www.google.ca. (31) You ask 192.168.1.254 - presumably your gateway, and/or internal DNS server? - for www.google.ca's IPv4 address. 17:34:07.545218 IP proto: UDP (17) 192.168.1.254.domain 192.168.1.102.53032: 45959 6/7/4 www.google.ca. CNAME[|domain] It's a CNAME. Not sure if you got the right IP address there, though from the later (after delay) connect to google.com, I suppose so .. 17:34:07.545500 IP proto: UDP (17) 192.168.1.102.64463 192.168.1.254.domain: 45960+ ? www.google.ca. (31) Then you ask for www.google.ca's IPv6 address. Do you really want that? You get no response on that, but maybe you're prepared to wait for it, ie are you somehow relying on getting an IPv6 address, and if so, why? 17:34:07.868410 IP proto: UDP (17) 192.168.1.102.61375 192.168.1.254.domain: 48085+ PTR? 254.1.168.192.in-addr.arpa. (44) You then ask for your gateway's IP address, by name. Hmm. But you get no response to that query. Looks like you're about to wait for one .. ~4.6 seconds later you're still waiting, and you ask again .. 17:34:12.545947 IP proto: UDP (17) 192.168.1.102.54649 192.168.1.254.domain: 45960+ ? www.google.ca. (31) .. for that IPv6 address, and then you ask again .. 17:34:12.868866 IP proto: UDP (17) 192.168.1.102.55840 192.168.1.254.domain: 48085+ PTR? 254.1.168.192.in-addr.arpa. (44) .. for your gateway's IP address from its name. No answer. nothing happens for 10 seconds?? .. and then you appear to contact google.com successfully. 17:34:22.546051 (tos 0x0, ttl 64, id 226, offset 0, flags [DF], proto: TCP (6), length: 64) 192.168.1.102.52363 qb-in-f147.google.com.http: S, cksum 0x3aa5 (correct), 1762925400:1762925400(0) win 65535 mss 1460, nop,wscale 1, nop,nop,timestamp 1758025 0,sackOK,eol Are you obliged to use 192.168.1.254 for DNS? The queries aside (which it should quickly NAK if it doesn't handle them), it seems broken if it can't resolve it's own reverse DNS? Can you use your upstream provider's DNS server/s instead (ie in resolv.conf)? Is your IP fixed or DHCP-assigned? If the latter, with or without auto DNS assignment? Cheers, Ian Are you obliged to use 192.168.1.254 for DNS? ... This is the address from my ISP placed in /etc/resolv.conf during DHCP .. for that IPv6 address, and then you ask again .. 17:34:12.868866 IP proto: UDP (17) 192.168.1.102.55840 192.168.1.254.domain: 48085+ PTR? 254.1.168.192.in-addr.arpa. (44) .. for your gateway's IP address from its name. No answer. I did not select IPv6 during FreeBSD install and /etc/defaults/rc.conf defaults to off. According to the notes in /etc/hosts.allow, reverse lookup is done to mitigate hacker tricks. Thanks for the details. Is it possible that this is some kind of silent hardware-driver issue that confuses the system APIs? -Bob- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: network tuning and performance troubleshooting
Josh Carroll wrote: Problem: Browser status 'looking up address' for 10 seconds for any web page clicked. Slashdot takes almost a minute to load. But FTP performance is good and running a shoutcast stream is no problem. Sending mail via my ISP is slow. How about a large transfer over http with fetch or wget? Does it perform as well as an ftp connection? It could be a DNS problem. Try a dig of slashdot.org and see what the query time is: dig A slashdot.org | grep 'Query time' Run that a few times and see how fast it's resolving. It should be on the order of a 100ms or less, at least after the first query. Josh $ dig A slashdot.org | grep 'Query time' ;; Query time: 95 msec $ dig A slashdot.org | grep 'Query time' ;; Query time: 15 msec $ dig A slashdot.org | grep 'Query time' ;; Query time: 7 msec $ dig A slashdot.org | grep 'Query time' ;; Query time: 11 msec $ fetch -v [1]http://www.freebsd.org/ports/growth/status.png looking up [2]www.freebsd.org connecting to [3]www.freebsd.org:80 requesting [4]http://www.freebsd.org/ports/growth/status.png local size / mtime: 4725 / 1163039436 remote size / mtime: 4725 / 1163039436 status.png100% of 4725 B 53 kBps $ fetch -v [5]http://www.kde.org/screenshots/images/3.5/01-welcome.png looking up [6]www.kde.org connecting to [7]www.kde.org:80 requesting [8]http://www.kde.org/screenshots/images/3.5/01-welcome.png remote size / mtime: 185546 / 1145367871 01-welcome.png100% of 181 kB 177 kBps $ The numbers above seem sensible for 'dig' but fetch is not reporting the looking/connecting time which is seconds more than the download time. On google.maps the screen is divided into a grid and it takes a few seconds to fill in each one. I always thought it was a single image. References 1. http://www.freebsd.org/ports/growth/status.png 2. http://www.freebsd.org/ 3. http://www.freebsd.org/ 4. http://www.freebsd.org/ports/growth/status.png 5. http://www.kde.org/screenshots/images/3.5/01-welcome.png 6. http://www.kde.org/ 7. http://www.kde.org/ 8. http://www.kde.org/screenshots/images/3.5/01-welcome.png ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: network tuning and performance troubleshooting
Doug Hardie wrote: On Jan 3, 2007, at 22:57, Bob McIsaac wrote: Problem: Browser status 'looking up address' for 10 seconds for any web page clicked. Slashdot takes almost a minute to load. But FTP performance is good and running a shoutcast stream is no problem. Sending mail via my ISP is slow. Investigation: - sysctl -a | grep net | less shows a ton of variables with values assigned. Ping of nameserver assigned by dhcp takes 0.5ms. Ping of freebsd.org = 90ms. Nothing obvious in loader.conf or rc.conf (defaults). /var/log/messages has only startup info. Question: - How to solve this thorny performance problem? -Bob- You might want to run tcpdump and monitor one of those slow loads. Include the timestamp in the output and see what it is doing during that time. I would tend to suspect DNS timeouts. tcpdump confirms there is a ten second delay as seen on the browser. 1. there are some UDP packets to/from the nameserver. 2. nothing happens for ten seconds 3. now there is a TCP connection tcpdump: listening on vr0, link-type EN10MB (Ethernet), 17:34:07.537419 proto: UDP (17) 192.168.1.102.53032 192.168.1.254.domain: 45959+ A? www.google.ca. (31) 17:34:07.545218 IP proto: UDP (17) 192.168.1.254.domain 192.168.1.102.53032: 45959 6/7/4 www.google.ca. CNAME[|domain] 17:34:07.545500 IP proto: UDP (17) 192.168.1.102.64463 192.168.1.254.domain: 45960+ ? www.google.ca. (31) 17:34:07.868410 IP proto: UDP (17) 192.168.1.102.61375 192.168.1.254.domain: 48085+ PTR? 254.1.168.192.in-addr.arpa. (44) 17:34:12.545947 IP proto: UDP (17) 192.168.1.102.54649 192.168.1.254.domain: 45960+ ? www.google.ca. (31) 17:34:12.868866 IP proto: UDP (17) 192.168.1.102.55840 192.168.1.254.domain: 48085+ PTR? 254.1.168.192.in-addr.arpa. (44) nothing happens for 10 seconds?? 17:34:22.546051 (tos 0x0, ttl 64, id 226, offset 0, flags [DF], proto: TCP (6), length: 64) 192.168.1.102.52363 qb-in-f147.google.com.http: S, cksum 0x3aa5 (correct), 1762925400:1762925400(0) win 65535 mss 1460, nop,wscale 1, nop,nop,timestamp 1758025 0,sackOK,eol ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: network tuning and performance troubleshooting
Problem: Browser status 'looking up address' for 10 seconds for any web page clicked. Slashdot takes almost a minute to load. But FTP performance is good and running a shoutcast stream is no problem. Sending mail via my ISP is slow. How about a large transfer over http with fetch or wget? Does it perform as well as an ftp connection? It could be a DNS problem. Try a dig of slashdot.org and see what the query time is: dig A slashdot.org | grep 'Query time' Run that a few times and see how fast it's resolving. It should be on the order of a 100ms or less, at least after the first query. Josh ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
