search cancel

Very slow access to all the resources in Israel if the client is in US

book

Article ID: 257155

calendar_today

Updated On:

Products

Secure Access Cloud

Issue/Introduction

We have very slow access to the Israel resources from clients located in US (taking minutes to load certain Web pages for example)

Israel/EU clients accessing the same resources do not see similar issues.

It does not seem to be related to the public internet - once affected users connect to VPN (both IL/US) to access local resources, all works as expected. The issue is only present in VPNless (/SAC) environment.

All Applications seem to be impacted.

Environment

SAC Applications.

Cause

Outbound channel was limited by QoS, causing delays of about 0.5-1s for RTT.
It did not affects local (Israel/ EU) connections, but drastically drop performance for overseas.

Resolution

Modified QoS settings on local router/firewall to avoid throttling SAC traffic.

Additional Information

We see slow response time from the HAR file … the fact that some of these connections take a long time to close out triggers a second issue where the browser is simply waiting for a connection to free up so that it can send the next request.

The TCP connection is quick, the SSL handshake is quick but the response time to get the Web response is slow as shown below:

PCAPs confirmed very slow responses on local hosts with a large number of retransmissions.

PCAPs on local network showed quick response times.

Troubleshooting between network nodes led us to the problem router/firewall.

Attachments