# Strange "lag?" issue - SOLVED

## Akaihiryuu

I just set up a new Gentoo server/router to replace my aging 7 year old one.  Mainly for SATA and gigabit support (since the old one had a 160 gig PATA hard drive that has been in use 24/7 for 7 years, I didn't know how much longer it would last, and I wanted much more space), although having a more modern processor is nice too, stuff compiles really fast now.

Everything seems to be working fine as far as I can tell.  I copied most of my .conf files (BIND, DHCP, Apache, Samba, etc) from the old system, since to those programs nothing outwardly changed (same IP addresses, same interface names, same domain, etc).  However, my roommate mentioned this to me today, and I've noticed it as well.  All websites seem to have  1-5 second delay before they load.  I don't remember this happening before.  At first I thought it may have just been DNS lag, but I did a couple of host lookups of random domains I hadn't looked up before, and I am not seeing any DNS lag.  As far as I can tell, it only seems to be websites.

There is nothing out of the ordinary in the kernel logs whatsoever.  I've run speeds tests and even the test at pingtest.net with excellent results.  I just have no explanation for this strange lag.  At this point I have no idea where to even begin to look, or even if the server is the cause.  Has anyone ever run into anything like this before?

```
Chain INPUT (policy DROP 265K packets, 31M bytes)

 pkts bytes target     prot opt in     out     source               destination

 3902  351K ACCEPT     all  --  any    any     localhost            anywhere

  11M   45G ACCEPT     all  --  any    any     192.168.0.0/24       anywhere

 123K   43M ACCEPT     all  --  any    any     anywhere             anywhere             state RELATED,ESTABLISHED

   15   780 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:8022

   12   664 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:1069

    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:2069

Chain FORWARD (policy DROP 17 packets, 5702 bytes)

 pkts bytes target     prot opt in     out     source               destination

6007K 2060M ACCEPT     all  --  any    any     192.168.0.0/24       anywhere

5473K 2768M ACCEPT     all  --  any    any     anywhere             192.168.0.0/24

Chain OUTPUT (policy ACCEPT 194K packets, 305M bytes)

 pkts bytes target     prot opt in     out     source               destination
```

```
Chain PREROUTING (policy ACCEPT 636K packets, 65M bytes)

 pkts bytes target     prot opt in     out     source               destination

 3225  162K DNAT       tcp  --  eth1   any     anywhere             anywhere             tcp dpt:16880 to:192.168.0.7

   11   480 DNAT       tcp  --  eth1   any     anywhere             anywhere             tcp dpt:51961 to:192.168.0.7

   63  3177 DNAT       tcp  --  eth1   any     anywhere             anywhere             tcp dpt:63903 to:192.168.0.7

    0     0 DNAT       tcp  --  eth1   any     anywhere             anywhere             tcp dpt:25900 to:192.168.0.7

 2202  106K DNAT       tcp  --  eth1   any     anywhere             anywhere             tcp dpt:34306 to:192.168.0.7

    0     0 DNAT       tcp  --  eth1   any     anywhere             anywhere             tcp dpt:21679 to:192.168.0.7

  122  6124 DNAT       tcp  --  eth1   any     anywhere             anywhere             tcp dpt:10000 to:192.168.0.7

    0     0 DNAT       tcp  --  eth1   any     anywhere             anywhere             tcp dpt:20000 to:192.168.0.7

Chain INPUT (policy ACCEPT 10982 packets, 712K bytes)

 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 13164 packets, 1268K bytes)

 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 13920 packets, 1392K bytes)

 pkts bytes target     prot opt in     out     source               destination

 345K   31M MASQUERADE  all  --  any    eth1    192.168.0.0/24       anywhere
```

```
options {

        directory "/var/bind";

        // uncomment the following lines to turn on DNS forwarding,

        // and change the forwarding ip address(es) :

        //forward first;

        //forwarders {

        //      123.123.123.123;

        //      123.123.123.123;

        //};

        listen-on-v6 { none; };

        listen-on { 127.0.0.1; 192.168.0.1; };

        // to allow only specific hosts to use the DNS server:

        //allow-query {

        //      127.0.0.1;

        //};

        // if you have problems and are behind a firewall:

        //query-source address * port 53;

        pid-file "/var/run/named/named.pid";

        forward only;

        forwarders {

                209.18.47.61;

                209.18.47.62;

                };

};

zone "localhost" IN {

        type master;

        file "pri/localhost.zone";

        allow-update { none; };

        notify no;

};

zone "0.0.127.in-addr.arpa" IN {

        type master;

        file "pri/127.0.0.zone";

        allow-update { none; };

        notify no;

};

zone "internal.lan" IN {

        type master;

        file "pri/internal.lan.zone";

        allow-update { none; };

        notify no;

};

zone "0.168.192.in-addr.arpa" IN {

        type master;

        file "pri/192.168.0.zone";

        allow-update { none; };

        notify no;

};
```

Last edited by Akaihiryuu on Sat Feb 18, 2012 2:23 am; edited 1 time in total

----------

## Akaihiryuu

I want to add that the ONLY slowdown I've observed is HTTP access to any internet site from a masqueraded machine.  There is no evidence of any slowdown on the server itself...CPU usage is very low, it usually sits around 99.7% idle.  It has 8 gigs of RAM, and very little is used except for disk cache so no issues there.  I have Squid installed, but it is not configured, and the service is not running.

I'm at a loss, the ONLY thing I can even possibly thing of is something in the netfilter setup in my kernel.  But everything else works fine, including online games and bittorrent, so I don't see how.  It's also possible that this is an ISP issue and it's all in my head, but my roommate has noticed it as well, and there does seem to be a change vs the old server.

----------

## Akaihiryuu

I found the problem.  For some bizarre reason, my ISP was setting my MTU to 576, and I am assuming that the MTU mismatch and the resulting fragmentation was causing the website lag.  The odd thing is, if they are doing it now they would've been doing it before when I was using my old server (I never had it configured to ignore MTU).  I am curious though, why an MTU mismatch would cause this with one server but not the other.

I just changed my MTU to 1500 and told dhcpcd to ignore MTU from this point forward, so it should be solved.

----------

## PaulBredbury

Maybe (I'm guessing) due to this option:

```
net.ipv4.tcp_mtu_probing=1
```

In /etc/sysctl.conf

----------

