Monitoring network traffic on DSL lines

nel

I was wondering if anyone had any info on tools which can monitor private lines. Now we use netflow for our mpls lines but we also have some DSL soloutions to smaller remote offices (with around 10 users or so) which use a broadband solution instead of a mpls lines to connect to our main office - mainly due to cost.

Apparently netflow does not support this. Anyone have any idea's on any tools which might?

We need to monitor the line because users are constantly complaining the line is slow etc but we have nothing in place to do so.

All suggestions welcome - both free and paid for.

Cheers

APA

ip acccounting.... but that's really low-level....

SNMP monitoring??? That will show you bandwidth utilized but not what is chewing through the bandwidth....

I'm surprised netflow isn't supported???Where did you find that info????

nel

Its just what i was told about our purchase of netflow from my boss.

Does anyone know if cacti or nagios would work on these lines?

malcybood

alright nel long time no speak...how are things?

What speed is the ADSL and you mentioned 10 users? that's quite a few on an ADSL link tbh and remember if they're using VPN client software that eats a chunk of bandwidth.

So firstly what solution are they using;

is it a private ADSL utilising a BT IP stream network?
public ADSL where the users connect via VPN client software on their PC?
Site-to-Site VPN using a SOHO router with IPSec capabilities?

Also bandwidth utilisation may not give you the answer you're looking for, it also depends what applications they are complaining are slow? They will tend to say "everything" but I'd bet my bottom dollar (or pound) on it that it is not everything and it's the application they use most frequently (unless it is just a simple case of the link being rammed).

Can you give more info on that side of things?

If all users except one log out of the network and one person is working is it slow? Build up userbase one at a time and see if performance degrades.

The biggest issue with ADSL circuits is the contention ratio and the circuits being rate adaptive and can't be controlled by the provider. You may consider a different solution that is less expensive than a leased line such as SDSL.

Compuware Network Vantage is a good tool where you can drill down into sites / specific workstations to analyse what applications they're using and how much traffic is being passed over the link, bandwidth utilisation, latency / jitter for voip etc. There are also products from Solarwinds & HP that do the same thing but I'm not as familiar with them. These products are commercial.

You could setup MRTG but it's a pain in the ass to setup for the first time and I'm not sure it's going to solve your problem.

Cheers
Malc

nel

Hi malcolm,

Yeah its been a while! Things are good - i'll drop you an email.

As for your questions...

There using a 8mb Pasdsl line. The main issue they have is the speed of the RDP sessions to our central TS's and the email is slightly sluggish when being sync'd to our central exchange.

Ive already spoke to them regarding all users logging out and logging back in etc and we are trying to establish a time to do so but there's so many different deadlines etc its going to be hard! but like i say im hoping to do this later on in the week.

I originally thought it maybe to do with the contention ratio as we have constant "slow" issues with several sites who use this soloution. We have upgraded some when recommended to a mpls line and there has been an improvement in performance - although at a significant raise in cost. Due to the rise in costs we are having to justify it as the other was a one off. So i was hoping if i can at least get some decent bandwidth utilisation data from the line - hopefully we will back up our claim..

malcybood

nel wrote:

Hi malcolm,

Yeah its been a while! Things are good - i'll drop you an email.

As for your questions...

There using a 8mb Pasdsl line. The main issue they have is the speed of the RDP sessions to our central TS's and the email is slightly sluggish when being sync'd to our central exchange.

Ive already spoke to them regarding all users logging out and logging back in etc and we are trying to establish a time to do so but there's so many different deadlines etc its going to be hard! but like i say im hoping to do this later on in the week.

I originally thought it maybe to do with the contention ratio as we have constant "slow" issues with several sites who use this soloution. We have upgraded some when recommended to a mpls line and there has been an improvement in performance - although at a significant raise in cost. Due to the rise in costs we are having to justify it as the other was a one off. So i was hoping if i can at least get some decent bandwidth utilisation data from the line - hopefully we will back up our claim..

I assume you mean Private ADSL and not Public?

I'd say your best bet is to try and use PRTG then if it's a case of proving the bandwidth utlisation is excessive. Download the freeware/trial and install the freeware version when prompted; http://www.paessler.com/prtg/

You will need to have SNMP strings from the remote routers if they're capable of it.....what make model of router do these sites have?

In PRTG create a new device and add a bandwidth utilization sensor specifying the SNMP string. After you've setup SNMP correctly you'll be able to see live utilisation on the remote device.

Again this depends if the router is capable of SNMP and wether you have strings setup.....and if the devices are fully managed / you have access to them or not.

Any questions give me a shout

APA

Symptoms sound like an MTU\MSS type issue....

Have you altered the MTU (dialer interface) and MSS (LAN interface) to cater for the additional headers used by PPPoE\PPPoA??

PPP Headers = 2 bytes
PPPoE Headers = 6 bytes
IP headers = 20 bytes
TCP headers = 20 bytes

MTU = 1492
MSS = 1452

Ensures no unneccessary fragmentation is occuring due to too large packets.....

This link goes onto suggest that optimum MTU for PPPoE is 1454 as it allows for lower protocol overheads resulting in higher throughput for user\s

http://www.mynetwatchman.com/kb/ADSL/pppoemtu.htm

Let me know if you need more info... or require the PPPoA optimum config..... I can't remember the PPPoA overheads off the top of my head but I shall go review them now....

BTW - I use PRTG for basic bandwidth monitoring of all my WAN links.... awesome tool.. .if you can get your company to buy the latest edition which is PRTG Network Monitor 7.... I just conducted the upgrade a few weeks ago and the latest edition is the ducks nuts!!!!!

Also Netflow should work fine over your ADSL links.... I'm 100% certain I use it on a few of my links only when necessary....... as I don't net the netflow traffic always chewing ip bandwidth on the ADSL links.... my symmetric links however have consistent netflow happening...

Hope this was of some help to you!!!

tiersten

It isn't going to be speedy with all 10 users all sharing the uplink on ADSL .

_maurice

In regards to that mynetwatchman site, like literally under 24 hours ago I was researching the optimal PPPoE MTU and stumbled upon that site. My jaw dropped; what a coincidence! Get out of my brain!

APA

oh you better believe it.... I'm all up in your head biatch...

nel

Hi guys,

Sorry for the late reply...

btw i meant private adsl.

Now ive setup prtg and have configured the snmp settings etc and i am now recording bandwidth utilisation OK now. im thinking if this can then surely netflow can?..i'll have to have a look at that but ive only got limited access!

Anyway looking at the utilisation there is alot of spikes for incoming traffic although its not maxing all of the time but it does peak at 800k. As for the uplink the most it has peaked at is 200k but usually it is floating around 20-40k at best. but from a look at the stats there is alot more data coming in then there is going out?

Do you think it will probably be a contention ratio issue? What kind of contention ratio do you usually get on Padsl lines?

As for the MTU there it is set as 1492 but on the ethernet interface there is no MSS set.

malcybood

nel wrote:

Do you think it will probably be a contention ratio issue? What kind of contention ratio do you usually get on Padsl lines?

With Private ADSL lines it depends, it can be rate adaptive which means it establishes the contention ratio upon connection to the DSL network along with circuit speed etc like getting a 3Mbps connection on an 8Mbps circuit.

The typical ratio's on ADSL circuits are 20:1 between the NTE and the POP, and can then be controlled by the ISP within their "cloud" to i.e. 1:1, but your provider will be able to confirm this and depends what service you took from them.

Can you run a packet sniffer on site such as Wireshark by mirroring the the switch port that the router LAN connects to see what the traffic flows are?

To be honest it looks like the ADSL doesn't do the job for latency intensive apps such as terminal services (with multiple users), just like it wouldn't for voice over IP.......I'm no expert in TS but when you google terminal services ADSL a whole bunch of other forums come up with people experiencing these issues.

It may be something that needs to be tweaked in Terminal Service to optimize performance?

Just for the record we installed a new WAN network recently where our "big" remote sites had 2 circuits one primary and one backup and we setup policy based routing to route email traffic up the backup ADSL link. When we checked the utilisation of the backup link it was consistently taking around 15% utilisation hit for email traffic alone however we get alot of large email attachments through in PDF and CAD format!

Out of interest have you recently put these sites on ADSL or recently rolled out TS to these sites and migrated from a full desktop PC client? Since when have the users been complaining and what changed at that time or is it a classic "it's always been slow"?

malcybood

just a thought you mention that the upload utilisation is at 200k it may only be operating at 200k!

I would say get a client PC on site to do a broadband speed check if possible at a few sites such as

http://www.broadbandspeedchecker.co.uk/

Get the up/down speed of the link and compare to what you're seeing in PRTG

APA

Have you set the MSS on the ethernet interface yet?

ip tcp-adjust mss

You need to have that set.....

Please post your config if you are unsure where to put it.......

Many people have had the issue of extermely slow ADSL throughput due to excessive fragmentation happeningdue to the packets being to large....

nel

Hi guys,

Ive set the MSS on the ethernet interface at the weekend so im going to monitor performance throughout this week. Spoke to the providers and there is a 20:1 ratio on the line. By the sounds of it its a common issue to get lag whilst using TS over a padsl link.

Sounds like an upgrade to an mpls line would be best bets but i dont know how thats going to go down seen as though there's quite a difference in price.

As for the traffic the main stuff is TS traffic, email and http.

We have quite a few smaller sites using these padsl issue's and there is always complaints of delay etc so its nothing new - its just no one has really bothered looking into it...until now of course!

redwarrior

From my experience, RDP (remote desktop protocol, which is what it sounds like you have going with Windows users remoting back to a windows server at HQ) is a bandwidth hog as well as a PITA to license properly for terminal services. However, unless you have Citrix gurus or the like running around, you may be stuck with it.

nel

redwarrior wrote:

From my experience, RDP (remote desktop protocol, which is what it sounds like you have going with Windows users remoting back to a windows server at HQ) is a bandwidth hog as well as a PITA to license properly for terminal services. However, unless you have Citrix gurus or the like running around, you may be stuck with it.

We arent looking to get rid of TS's because thats what our production system runs on ...i think they would prefer a line upgrade instead of the entire system dont you?

mgeorge

Well as A.P.A said you must have ip tcp adjust-mss 1452 on your lan interfaces of your router or you will have excessive framentation at the router. Often times when this happens you'll notice that some PC's on the lan will not load certain websites or that TCP sessions will be dropped randomly. If you do not use this command you can manually set all MTU's on internal network devices to 1492 and the problem will be soved that way as well.

I'm not sure how you have the DSL configured rather you are using a WIC-1ADSL, HWIC-1ADSL or you are using a bridged modem into one port of the router and have a pppoe dialer interface configured, either case if you are using the router as the pppoe client then you can apply netflow policies to the Dialer interface. most 12.3 versions only allow you to apply the policy inbound though. If the router is running 12.4 you'll be able to do ingress/egress.

What software do you use for Netflow monitoring? Solarwinds? If so then I have done this before.

nel

We use the Manage engine netflow analyser package.