Thank you for the reply. And I have some more info now.

I did play with L2 config and left it on, but L2 doesn't effect the speed. I have no control of ISP router, I can only call them and ask for some changes (to add, to remove, etc). Their engineers can not explain to me why they need the Loopback interface, but take a look at the output of SHOW WCCP ROUTER comand and part of router's configuration. May be this is the reason???

As you can see no Serial (Internet) interface is involved....

X.X.X.X - is Router's Ethernet0

Y.Y.Y.Y - is router's Loopback interface

Z.Z.Z.Z - is Router's serial interface

-CE-590#show wccp router

Router Information for Service: Web Cache

Routers Configured and Seeing this Content Engine(1)

Router Id Sent To Recv ID

Y.Y.Y.Y X.X.X.X 00007D5B

Routers not Seeing this Content Engine

-NONE-

Routers Notified of but not Configured

-NONE-

Router Information for Service: Custom Web Cache

Routers Configured and Seeing this Content Engine(1)

Router Id Sent To Recv ID

Y.Y.Y.Y X.X.X.X 00007D5B

Routers not Seeing this Content Engine

-NONE-

Router Information for Service: DNS

Routers Configured and Seeing this Content Engine(1)

Router Id Sent To Recv ID

Y.Y.Y.Y X.X.X.X 00007D5A

Routers not Seeing this Content Engine

-NONE-

Routers Notified of but not Configured

Router Information for Service: RTSP

Routers Configured and Seeing this Content Engine(1)

Router Id Sent To Recv ID

0.0.0.0 X.X.X.X 0001163F

Routers not Seeing this Content Engine

X.X.X.X

Routers Notified of but not Configured

-NONE-

Router Information for Service: WMT

Routers Configured and Seeing this Content Engine(1)

Router Id Sent To Recv ID

0.0.0.0 X.X.X.X 00000000

Routers not Seeing this Content Engine

X.X.X.X

Routers Notified of but not Configured

-NONE-

ROUTER:

interface Loopback0

ip address Y.Y.Y.Y 255.255.255.255

no ip directed-broadcast

interface Serial3/0

description LAX-DC2--S8/1:8

ip address Z.Z.Z.Z 255.255.255.254

no ip directed-broadcast

ip wccp web-cache redirect out

ip wccp 53 redirect out

ip wccp 91 redirect out

ip wccp 98 redirect out

interface FastEthernet0/0

description

ip address X.X.X.X 255.255.255.240

ip access-group 194 in

ip access-group 193 out

no ip directed-broadcast

ip route-cache same-interface

Thanks again for help

you would get better performance with redirect in on the inbound interface instead of redirect out.

With redirect out the router needs to perform 2 route lookups [one to identify outbound interface and one to redirect to cache] while only 1 is needed for redirect in.

Also, could you capture a sniffer trace of a fast download and a slow one.

Sometimes it is required to adjust tcp parameters on the cache and the sniffer trace is a good way to find out what to adjust.

Regards,

Gilles.

Hi Gilles,

Thank you for your reply.

I did ask the IP to do the changes to a Internal interface

interface FastEthernet0/0

description

ip address 204.102.252.145 255.255.255.240

ip access-group 194 in

ip access-group 193 out

no ip directed-broadcast

ip wccp web-cache redirect in

ip wccp 53 redirect out

ip wccp 91 redirect out

ip wccp 98 redirect out

ip route-cache same-interface

full-duplex

no cdp enable

but the result is the same.

This router has Loopback interface enabled:

interface Loopback0

ip address 137.164.39.35 255.255.255.255

no ip directed-broadcast

And SHOW WCCP ROUTER shows this interface instead of the IP address of serial Interface. Is that correct?

I also tried different speed test site http://netspeed.stanford.edu/

with the same result.

HI,

which HTTP traffic is problematic? I guess accessing the internet directly without any proxy so the browser sends a request to port 80 and not8080 which might be an upstream proxy in front of the internet.

I would do the following tests:

1) Depending on your DNS setup this can be an issue too. could you please only remove the DNS redirect and check again if the responses are slow while accessing a Web-page (only if your browser is able get DNS replies directly from your/an internet DNS-Server.

2) Verify that your CE is able to to DNS requests in a timely manner.

3) Another thing you could try is the following:

to check if the CE is working properly. Do a HTTP-proxy incoming port 3128. Configure your browser to use the following proxy: CEs-ip-address port 3128) and check how fast the respone is.

Please let us know about the outcome.

Cheers,

Joerg

Thank you all of you guys,

and let's me anser all your suggestions.

Yes, I checked all port config, all of them running 100 MB FullDuplex.

I had the same problem before with old version 4.2.x , and then I upgraded to 5.1.9 (with extra features such as DNS cache), so it is not DNS.

It's nothing to do with a PIX and other devices, because I had connected my laptop directly to that interface (PIX-out, Router-in, CE-590, with the same result,) ..So it is some wrong in configuration between CE and Router. Unfortunately, I have no access to the router-out interface, but I will try to capture traffic on in-out interface of CE on Monday (but I dout it will give some usefull info)

HI,

I miss the informations regarding the proxy test I mentioned which should give us clue if the HTTP-traffic arrives properly at the CE or not. This will tell us where to search for the problem (DNS, WCCP or the layer 2/3). Give it a try when using the CE as a "real" proxy. Have you checked for duplex miss machtes? Often a PC does proper autoneg (if you have configured autonegotiation) but Network devices not always work perfect.

Cheers,

Joerg

Hi Joerg,

Thanks for all your inputs.

All ports are configured manually for 100 FullDuplex. The problem is not in DNS services because it was the same behavior with old 4.2.x version which not supports DNS service.

But I did capture today (with Fluke OptiView) the traffic between CE and router's interface (internal). The files are too big to send it to you, but in short, when no WCCP, I can see the traffics mostly between a CE and our internal Proxy server. But when WCCP is enabled and no speed test is running, then all traffics is a CE's talks to all WEBs (all TCP handshaking with continuations, etc).When test is running I can clearly see negotiations between CE and the test side (DSLExtreme). So far don't know how to interpreter that. Looks like a normal behavior.

HI,

well where is the CE located I guess it's behind your internal Proxy right?

The traffic flows is like this if not pls correct it

PC->internal Proxy->Router(WCCP)->CE->Router->Fire-

wall->Internet

Is it possible that you configure your PC/Laptop to access the CE as proxy directly? I'm curios if this will give a performance lack or not. Btw it could still be a DNS problerm as the CE has to do DNS-Lookups if it want's to access a website except it has an upstream proxy but as far as I know it could happen, that the CE is nevertheless doing DNS-request to find out if it has to block the url or not (URL-Filtering). Btw is there any Virus-scanning, URL-Filtering or anything else in the way? I think no but I want that clear.

Another question can you do your speed tests with the IP-Address of DSLExtreme and not the "name" of DSLExtrem? What is the result if you do it that way?

Cheers,

Joerg

look at packet side - are they at MTU or below ?

Look delay between packets.

IS there the server or the CE responding after a higher delay than expected ?

Regards,

Gilles.

Hi to both of you - Joerg and gdufour,

Thanks a lot for all your inputs - I now really better understand what is going on…

Our path for the traffic is: PC->Internal Proxy->PIX525->CE-> ISP’s Router (WCCP)->Internet.

I checked all your suggestions and came to conclusion that I have some wrong configuration between CE and Router (WCCP). I created today a small VLAN, and connected together my laptop, CE, outside interface from PIX and inside interface from WCCP Router. Run different speed tests with the same results: unplugging the CE cable (or disabling WCCP on CE) increases the data transfer, connected it back (or enabling WCCP on CE) - reduces the speed. For my laptop I used as the gateway either the router's interface (204.102.252.145) or CE's interface (204.102.252.147) - the same result. With that configuration only CE and router communicate with each other (BTW, you are right, we have Virus-scanning hardware device, called before AV-Stripper, then Ositis, and now BlueCoat) and I did bypassed that device before (in the previous tests).

Looking at today's capture shown me that when I run the tests all traffics was between my laptop and test side, and was not intercepted by CE. (( Also I think I have seen the correct DNS request from CE to ISP's DNS server (130.150.102.100)).

On my reply – August 4, 2004, is shown router’s configuration, and I still don’t know what is the purpose of the loopback interface, which is shown in SHOW WCCP Router command.

the loopback is simply being used for wccp router id.

Like for ospf, the router selects the highest ip address or a loopback ip address.

The router id is not being used by the cache.

It's sole purpose is to identify the router.

Normally the cache should associate a physical ip address with the router id.

Traffic is sent to the physical ip address.

Regarding your test, did you try to disable wccp and use the cache as a proxy server as suggested by Joerg ?

Is there a way for you to put a sniffer trace on an ftp server for us to download.

I still would like a look at it if possible.

Also, if you find our help useful, please give us some points for the rating system.

[we don't do this for the points but it helps other people finding the right answer].

Thanks,

Gilles.

Hi Gilles,

Thanks for your explanation of loopback interface.

I placed the captured files here: http://www.lavc.edu/CE_Capture.zip

The names are self-explanatory: 11mb-slow connection, 22 mb-fast one , with the test running, and no-test running. If you need more – no problems. Didn’t have much time to spend on this issue today. Didn’t use CE as a proxy server because I need to call ISP and ask them to include another service ( 99? Am I right? ).

Anyway, I didn’t know about the rating, so I did rate today, but the problem is still not solved.

Yefrem