- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: HTTP Slow Out Of VMS Through Firewall-1
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2009 01:05 AM
тАО06-10-2009 01:05 AM
HTTP Slow Out Of VMS Through Firewall-1
I'm in the middle of setting up a BL860 cluster on VMS 8.3-1H1. Everything works as expected, except HTTP.
Apache (CSWS) is serving up a static page of about 100K, but can take 10 minutes to transfer. When we look at the data coming over, we can see it writing incredibly slowly.
The data goes through Firewall-1, the new cluster is in a private LAN to stop any uneanted traffic from escaping.
Other IP protocols are fine. If I access the same page from within the LAN, it's also fine, so that rules out the network card/link. I've also loaded the page into IIS and accessed that through the firewall, which again is fine, so it seems to rule out problems with HTTP filtering.
We think there could be a problem related directly to Firewall-1 and the size of the packets VMS is presenting. I've got another PIX firewall that I could try, but the pass-thru module attached to the blades seems to refuse to negotiate down to 10/100, so we have to use hardware capable of gigabit.
I know this is a long shot, but I wondered if anyone else has come across anything similar, or could give me a clue where I coud start looking and tweaking parameters?
Cheers, Rob.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2009 02:13 AM
тАО06-10-2009 02:13 AM
Re: HTTP Slow Out Of VMS Through Firewall-1
not much help but you're probably best off putting this in the network forum.
fwiw
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2009 05:18 AM
тАО06-10-2009 05:18 AM
Re: HTTP Slow Out Of VMS Through Firewall-1
I've seen a few firewalls crater exactly like this (including having protocol-specific speed differences), either due to the volume of data or due to the overhead of firewall-based inspections. Check the rules and settings and processing and NAT here, as a start.
Check with Check Point here first, or shop around for better bandwidth with another widget.
Ignoring the issue around setting the speed (which is generally via LANCP in OpenVMS I64) this looks to be the firewall.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2009 05:42 AM
тАО06-10-2009 05:42 AM
Re: HTTP Slow Out Of VMS Through Firewall-1
May be ICMP or other counters indicates something.
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2009 10:08 AM
тАО06-10-2009 10:08 AM
Re: HTTP Slow Out Of VMS Through Firewall-1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2009 10:11 AM
тАО06-10-2009 10:11 AM
Re: HTTP Slow Out Of VMS Through Firewall-1
Could you also define slow ?
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-10-2009 11:06 PM
тАО06-10-2009 11:06 PM
Re: HTTP Slow Out Of VMS Through Firewall-1
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-11-2009 12:34 AM
тАО06-11-2009 12:34 AM
Re: HTTP Slow Out Of VMS Through Firewall-1
Wilm, this is the original definition of slow from my first post :-
"Apache (CSWS) is serving up a static page of about 100K, but can take 10 minutes to transfer. When we look at the data coming over, we can see it writing incredibly slowly."
I'll give the netstat test a try as well.
Rob.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-11-2009 01:34 AM
тАО06-11-2009 01:34 AM
Re: HTTP Slow Out Of VMS Through Firewall-1
Also check "route print" (=ucx sho rout). May be a bad route is taken (traceroute on VMS, no idea how to do it on PC).
I also had once that 2 devices had the same IP address. 1 was behind the firewall but was able to get the arp request. It answered
but then the other node with the same IP answered too. This caused very slow communications (packets needed to be resend).
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-11-2009 03:13 AM
тАО06-11-2009 03:13 AM
Re: HTTP Slow Out Of VMS Through Firewall-1
I suggest a first step toward diagnosing this is to get a trace of the affected connection. My preference is to use WireShark, as it can produce a dump file that can then be sent to whomever needs to view it.
I would also try a variety of experiments (all with the LAN monitoring in place) with different file lengths to see where the "shoulder" actually is.
- Bob Gezelter, http://www.rlgsc.com