On Friday 25 October 2002 17:38, Ken Price wrote: > My colo provider provides IP addresses and expects routing much like a T-1 > data provider. I get 4-5 "WAN" IP addresses and 32 "PUBLIC ROUTABLE" IP > addresses. Their enterprise router expects another router (customer > provided) to handle this forwarding. In this role, I currently use a > RedHat 7.3 box with 2 NICs, simply with IP forwarding enabled. No special > rules or shaping. Straight forward enough, and it's always worked without > a hitch. Behind this router, I have another RedHat box acting as a NAT > Firewall which protects my server farm. Now my problem. We've recently > developed an application that makes outgoing requests to other websites and > returns data. I'm noticing a serious lag in the amount of time it takes for > this data to return to the server vs. our development environment in the > office which uses a much slower internet link. > > If I test from the production RH7.3 "router", all data is returned > extremely fast. If I step back to the NAT firewall, or further back into > the server farm, I get serious delays. ICMP does not seem to reflect this > problem, I'm assuming because of it's small packet size. Could MTU size be > an issue here? All of my firewalls and routers use the default 1500 MTU > size and the network is all 100Mbps up to the OC-48 internet backbone. Am > I missing some router configuration? I've tried adjusting the MTU size on > the router with no change in results. > > Any suggestions on where to go with this? If I have a tcp delay, I always check the dns config. In many cases, there is no reverse dns lookup of the ip-address so the other hosts waits for the dns-timeout before allowing the connection. So, has your ip-address a reverse dns entry? Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/