Hi,

I hope that there is someone out there that can point me in the right direction concerning a frustrating issue I have been having with my router hardware and our company network?

I’ll start with a bit of background history to get you up to speed with our configuration etc.

My company comprises of 30ish users all running on XP SVC PK3 aside from two users that have Vista SVC PK2. (These machines have had ivp6 protocol disabled in the NIC, as per recommendation from Zen support). We use a Compaq Proliant ML370GS Server (192.168.16.100) with 2003 O/S (no ISA server yet but, plans to install one in the New Year) and a 3Comm Baseline 2948-SFP Plus switch. We have a second server (192.168.16.2) running alongside the Proliant that is being used to terminate the VPN clients logging in remotely. This box is due to become the ISA. The main server acts as the DHCP and DNS server. The preferred DNS address is pointing back to 192.168.16.100. Up until a few days ago the ADSL+ service, provided by Zen, was working fantastically. However, when I upgraded the existing Netgear DG834GT router to a Draytek Vigor 2820n router the entire network and Internet browsing came to a grinding halt. 30ish complaining users and 1 stressed out admin!!!

Typically the issue was web pages would not load up unless they were constantly refreshed by pressing F5. Sometimes even this wouldn’t help on some sites. I noticed that when downloading large files I.E, MS Office SVC PK 2, the download speed was not impaired. We were getting up-wards of 5mbps. Also users were reporting that any emails with attachments were not being delivered or received or there were huge delays in emails being received / delivered. A good example was an email that was received by the exchange server with a time stamp of 15:16 and was finally delivered into the users inbox at 17:16, this particular email had no attachments associated with it either.

I pre-configured the Vigor in an isolated network environment to ensure it was configured correctly before going live with it. The plan was to simply unplug the RJ11 & RJ45 from the Netgear and plug directly into the Vigor for a seamless swap over.  The first thing I noticed was; when attempting to log into the admin console of the Vigor from the server it was so slow it was unusable. However, I could log in from my workstation and navigate the options relatively quickly.

The few port forwarding rules we use were setup OK, as was the VPN access, as we terminate on the 192.168.16.2 server.

The Proliant has two NIC’s bonded together as a Team using HP’s utility which in turn are plugged into the 3Comm switch. The second server has just one LAN cable to the switch and the Vigor is connected to the switch also. So the overview is:

1.       ADSL+ to Vigor

2.       Vigor to switch

3.       Switch to Proliant

4.       Proliant to switch

5.       Switch to users

All the users’ firewalls are disabled by default and IE8 is the preferred browser by choice. Needless to say that all machines have the latest service pack and Microsoft updates installed.

After spending an hour on the Draytek support line, @75p a minute, they assured me that the router had been configured correctly. They even remoted on and checked all the settings and surmised that the fault lay within the LAN.

A further call to Zen support highlighted that when pinging known addresses there were definite delays in the packets being sent. Using a ping path command from the server you could see the 1^st hop from the router was instant, 212ms to the 2^nd 220ms to the 3^rd 176ms to the 4^th and three Astrix’s for the 5^th where it was failing to resolve the DNS address. Below are the results when using the Netgear router. (Obviously no issues with this test and unfortunately I didn’t capture the Vigor results)!

>pathping 212.23.3.100

Tracing route to dns.lb.mbr-roch.zen.net.uk [212.23.3.100]

over a maximum of 30 hops:

  0  james-pc05.JAMES.LOCAL [192.168.16.134]

  1  192.168.16.254

  2  losubs.subs.dsl1.kp-leeds.zen.net.uk [62.3.85.17]

  3  ae0-112.cr1.kp-leeds.zen.net.uk [62.3.85.177]

  4  lotze-ae2-0.hq.zen.net.uk [62.3.80.69]

  5  epictetus-ge-0-0-0-11.hq.zen.net.uk [62.3.82.66]

  6  dns.lb.mbr-roch.zen.net.uk [212.23.3.100]

  7  dns.lb.mbr-roch.zen.net.uk [212.23.3.100]

Computing statistics for 175 seconds...

            Source to Here   This Node/Link

Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address

 0 james-pc05.JAMES.LOCAL [192.168.16.134] 0/ 100 =  0%

 1    0ms     0/ 100 =  0%     0/ 100 =  0% 192.168.16.254  0/ 100 =  0%  

2   37ms     0/ 100 =  0%     0/ 100 =  0%  losubs.subs.dsl1.kp-leeds.zen.net.uk [62.3.85.17] 0/ 100 =  0%

3   38ms     0/ 100 =  0%     0/ 100 =  0%  ae0-112.cr1.kp-leeds.zen.net.uk [62.3.85.177] 0/ 100 =  0%  

4   40ms     0/ 100 =  0%     0/ 100 =  0%  lotze-ae2-0.hq.zen.net.uk [62.3.80.69] 0/ 100 =  0%

5   39ms     0/ 100 =  0%     0/ 100 =  0%  epictetus-ge-0-0-0-11.hq.zen.net.uk [62.3.82.66] 0/ 100 =  0%   |

6   38ms     0/ 100 =  0%     0/ 100 =  0%  dns.lb.mbr-roch.zen.net.uk [212.23.3.100] 0/ 100 =  0%

7   38ms     0/ 100 =  0%     0/ 100 =  0%  dns.lb.mbr-roch.zen.net.uk [212.23.3.100]

Trace complete.

So the diagnostic path I have followed so far is:

1. Re-set the Vigor to factory defaults and updated to the latest firmware 3.3.3 Append A.
2. Set the MTU to 1440.
3. Isolated the network and brought each PC on-line in sequence to see if a rogue PC was dragging the network down.
4. Configured a standalone PC to Zen’s DNS address to bypass servers DNS settings. (No noticeable positive effect).
5. Asked an independent person using a PC outside our network to telnet our port 25, which failed with the Vigor, but passed with the Netgear.
6. Monitored all traffic using Wire Shark Packet Sniffer to look for excessive dropped packets or collisions.
7. Diagnosed network using Look@Lan.
8. Diagnosed switch with 3Comm's utilities.
9. Invited Draytek (Expensive) to check hardware settings.
10. Invited Zen (Thorough) to walk through the logical approach.

Hi Mike,

No.1 After reading your story and trying to unpick the issues presented one thing that definitely rings bells with me is the bonded NIC's.

Quote: The Proliant has two NIC’s bonded together as a Team using HP’s utility which in turn are plugged into the 3Comm switch.

ANS:- One area I think you should definitely go back & check is the bonded NIC's because this could be a possible source of the problem i.e. it could be a bottleneck in your network, it could be slowing packet transmissions down if the NIC's are not working correctly in unison. You should check transmission speeds for traffic either side of the bonded connection.

**Another area of concern is the disabling of IP version 6 (yes! I know zen say disable this but I disagree because if it is allowed or enabled it means any network that can use IPV6 can take advantage of this protocol. Agreed not many will at this time but there is no harm in allowing it).

**What is your networks default gateway IP address? & are you completely certain all LAN clients are pointed correctly to the DG. Sorry! if this seems a dumb question but I'm trying to follow the things you've said in your posting.

**YES! I agree it could be a DNS related problem too, have you checked & double checked ALL your DNS servers settings & DNS records are pointing to the correct locations? What DNS BIND version does your DNS server use do you know?

**Have you checked & double checked the Draytek Vigor's specifications to make sure its designed to work with your particular line (i.e. is it set up to use the correct modulation type) are you on standard ADSL i.e. DSL MAX BT upto 8megs service or are we talking about ADSL2+ as in BT's 21CN upto 24megs service?

**On further reflection on all this, if the network speed has slowed down but is still working. Another area you should investigate is "packet size" Bear in mind that using the OSI, ISO severn layer network model data as to be translated at each of the layers (i.e. data frames, datagrams, data packets,etc) so with this in mind. If your data packets are now the wrong size for the current network set up i.e. if the packets are the wrong size meaning too large or over sized this would certainly slow data transmission down >>>>which takes me all the way back to router modulation type because if the router has the wrong modulation type settings for the network that might cause problems. Thus check the modulation type settings in the routers configuration set up (admin) pages. i.e. login into the router & check this.

Ivan

IP Address:            192.168.16.100

Subnet Mask:        255.255.255.0

Default Gateway: 192.168.16.254

Preferred DNS:      192.168.16.100

Alternate DNS:      192.168.16.2

Interestingly I ran a diagnostics which returned an error on both adapters

It would appear that the bind version hasn’t been set.

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\mike.hilton>nslookup

Default Server:  james-dc01.james.local

Address:  192.168.16.100

> set class=chaos

> set type=txt

> version.bind

Server:  james-dc01.james.local

Address:  192.168.16.100

DNS request timed out.

    timeout was 2 seconds.

*** Request to james-dc01.james.local timed-out

> >

**Have you checked & double checked the Draytek Vigor's specifications to make sure its designed to work with your particular line (i.e. is it set up to use the correct modulation type) are you on standard ADSL i.e. DSL MAX BT upto 8megs service or are we talking about ADSL2+ as in BT's 21CN upto 24megs service?

ANS:- Our ISP service is ADSLMAX upto 8mbps which we are achieving around 5mbps. Both Draytek & Zen have confirmed that the 2820n should be suitable for our ADSL.

Hi Mike,

Well after reading your very careful & detailed reply, I can honestly say there is nothing remarkable that jumps out & smack's one between the eyes here. The most obvious things remain the bonded NIC's which you have stated failed one or more parts of the diagnostic testing. I definitely think this is the area to focus down on. Given the cost of network adapters if you have one or more faulting cards its not going to cost mega bucks to whip them out & replace them if need be.

**The fact that one or more NIC's failed the diagnostics speaks volumes Mike.

**The only other thing I would comment on is that your name resolution process is rather slow at 2seconds. DNS look up's especially where the servers are on the local network should be in milli seconds not seconds. Once again check the configuration of your DNS servers, & secondly check that each client computer is configured (pointed) to the Primary & Secondary DNS & they all have the correct Default gateway IP address too.

Let me know how you get on, I shall be very interested to know if my comments have been of any help?

Regards Ivan

Thanks Ivan,

I plan to investigate the NIC cards in more detail during the Christmas break, where I can down the system and play with network to my hearts content without attracting the wrath of the users.

After running the diagnostics the system wanted a reboot so it could install the missing drivers for the adaptor. The exact message read: ‘Diagnostics terminated prematurely due to a system error. It is likely that the adaptor driver is no longer loaded. Please reboot the system!’

So on Saturday Eve I duly complied; only to find that it killed the network link and all external connectivity. Guess what I was doing on Sunday morning?

Essentially it had reset the adaptor protocol to obtain IP addresses automatically. I restored the Team and assigned the manual settings and proved connectivity. Minor panic over and the Boss could get his emails again! (Phew)!

I’m still unconvinced that this is solely the cause of the Vigor issues, but I certainly agree it does seem to be a likely place to focus my attention on.

I will update you with my results when I get the chance to start pulling bits apart.

Attached are some screen grabs for you, it may help you visualise the network/DNS setting better? Note Fig 1.2 shows the diagnostic error message.

Fig.1.0

Fig 1.1

Fig 1.2

Fig 1.3

Fig 1.4

Cheers, 

Mike