First PING very high
Updated: 24 Feb 2011 | 8 comments
This issue has been solved. See solution.
So one of our clients actually brought this to my attention.
They largely have a control network managing mine machinery etc and when something goes wrong they need to send updates to apps running on the machines at the different plants BUT due to this first PING being so high the line actually TIMES OUT when trying to reach a remote site. This then causes the package that is pushed to the site to fail.
My client is running SEP11 RU6MP1 and looks like this problem started in MR3 already as per the thread below.
https://www-secure.symantec.com/connect/forums/odd-first-outgoing-ping-always-high-sep
When NTP is disabled the problem goes away...
Any updates on this or theories or just ANYTHING?!?!
Discussion Filed Under:
Comments
Did you try...?
Hello,
As you said you have Symantec Endpoint Protection RU6 MP1
I found, the following KB article:
Ping response time increase with Symantec Endpoint Protection Maintenance Release 4 (SEP MR4) with Network Threat Protection compared to SEP MR3
http://www.symantec.com/business/support/index?page=content&id=TECH92040&actp=search&viewlocale=en_US&searchid=1298532080865
The above article surely looks old.
Did you try upgrading SEPM and SEP Clients to RU6 MP2?
I would recommend you do that and check.
I am sure, upgrading the SEPM and SEP will show you some results.
Just a small update:
"Symantec is aware of this issue and is currently investigating it."
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
Hi Mithun, Thanks for the
Hi Mithun,
Thanks for the quick response.
I only recently upgraded the site to SEP11 RU6MP1 and my next step will definitely be taking them to RU6MP2 but I didn't see this issue being mentioned in the release notes thus I'm not all that positive to be honest. I see that the KB you supplied mentioned that the problem was resolved in MR4MP2 already...I am running SEP11 RU6MP2, SEPM & SEP and have the same problem.
I did run a couple of tests with the policy on different configs but it looks like the same problem as mentioned in the previous thread.
I don't have knowledge of the internal workings of NTP but what looks at just the first packet that would make it spike like we are seeing, any ideas?
Yes. Correct.
Hello,
Yes, You are almost going on the right path.
NTP or Firewall seems to be the main cause.
Disabling Network Threat Protection causing the
a) ping response times to go back from ca 40 ms to 1 ms
b) CPU utilization to return to its normal "idle" level
Adding the ICMP ping source machine to "excluded hosts list" in Intrusion Prevention Policy resolves the issue with ping response times and CPU load
However, Symantec is aware of this issue and is currently investigating it.
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
I'll implement some
I'll implement some workarounds for the time being.
Thanks for the tips!!
Incase, if you think...
Hello,
Incase, if you think the answers helped you clearing your doubt. Please mark it as a "Solved".
You can also contact me anytime by sending me a private mail. :)
Thanks.
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
I'm seeing a similar issue
I'm seeing a similar issue with pings up to 4ms, somewhat increased CPU load but also throughput degraded -- on a gigabit I was getting several MB/s instead of up to 30-40 MB/s. This is on Windows 7 x64 SP1
Can I just check - this issue is still present in RU6MP2?
I haven't been able to test
I haven't been able to test in SEP11 RU6MP3. I was however able to check SEP 12.1 BETA 2 and it didn't give me any delays whatsoever. Something to look forward too.
Excellent.
Hello,
Thanks for the Feedback.
We all are looking forward for the same.
Anyone wants to know more about the SEP 12.1 BETA 2, please follow the links below:
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | SCTS | ITIL v3
Follow me on Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helped yo
Would you like to reply?
Login or Register to post your comment.