Troubleshooting slownest on the network

amb1s1amb1s1 Member Posts: 408
This happened to me last thursday when I received a called stating that one of our branches were having problems with their network running slow. I ran an extended ping and must of the reply were getting fast replies, but ones in a while I would see the reply responce jumping from 19ms to over 800ms. i did the ip cache flow to see which pc was creating all the traffic. Now, I'm not an expert on ip cache flow because I was able to see one PC that had the hightes flow, but I didn't know thats was the problem since I'm not an expert. At the end of the day, everything went back to normal, but I didn't have any real answer to why it was running slow. Now my question is how would you guys handle this issue and which tools do you use? Don't try to resolve the problem that I had since the problem was resolve, but how would you handle this? Like always thanks
David G.
http://gomezd.com <
My Tshoot test Blog
http://twitter.com/ipnet255

Comments

  • miller811miller811 Member Posts: 897
    amb1s1 wrote: »
    This happened to me last thursday when I received a called stating that one of our branches were having problems with their network running slow. I ran an extended ping and must of the reply were getting fast replies, but ones in a while I would see the reply responce jumping from 19ms to over 800ms. i did the ip cache flow to see which pc was creating all the traffic. Now, I'm not an expert on ip cache flow because I was able to see one PC that had the hightes flow, but I didn't know thats was the problem since I'm not an expert. At the end of the day, everything went back to normal, but I didn't have any real answer to why it was running slow. Now my question is how would you guys handle this issue and which tools do you use? Don't try to resolve the problem that I had since the problem was resolve, but how would you handle this? Like always thanks

    There are several tools you can use depending on the connectivity to the remote locations. We go on the router at the main, and check the logs, look at the T1's for errors, if it is a MPLS multilink we look at the bundle to make sure non of the links are disabled. We do the same on the remote connections, logs, T1s, multilink...We use NETQoS and can look at current and historical data on any of our remote connections. This will show us utilization, errors, etc, it can drill down to specific applications, connections, users. If you are connected via VPN, you are at the mercy of the internet.
    I don't claim to be an expert, but I sure would like to become one someday.

    Quest for 11K pages read in 2011
    Page Count total to date - 1283
  • BroadcastStormBroadcastStorm Member Posts: 496
    I use Orion Solarwinds it's not free but you can evaluate it, it gives me a good reading/graph of current utilization of our internet line or wan link such as mpls, it will dig down on per port on a switch/router, and give you informations on what ip address and what application is hogging the bandwidth.
  • AlanJamesAlanJames Member Posts: 230
    You can use on of the many tools that support netflow, solar winds etc

    If you don't have this solutions in place, you can use NTOP and span a port to achieve the same results, or use a cisco IOS service such as turning on "ip accounting" on the interface, then "show ip accounting" to be able to view the counters incrementing on what ip address.

    Don't forget to check layer 1,2,3 is ok before you start looking at bandwidth etc

    - You can check for errors on the line "show int se0/0"
    - check the uplinks to other switches for interface errors
    - clocking issues?
    - show logs for int resets
    - check layer 2 is ok?
    - layer 3 path is ok?

    But if it was just a temporary thing and you don't have the tools in place, you can see the bandwidth utilization from "show int xx" tx and rx rate.
    Then turn on IP accounting, to see what the problem device was :D
  • SteveO86SteveO86 Member Posts: 1,423
    If your IOS supports it check the top talkers.. See who is generating the most traffic.

    As mentioned check for interface errors.

    Solarwinds has a free netflow analyzer. I would also start there to see what protocol and hosts are generating the most traffic.


    If link utilization is not a problem, check the CPU on the router and some logs on the router.

    If nothing there, see if the clients are experiencing the issue with a particular server.
    My Networking blog
    Latest blog post: Let's review EIGRP Named Mode
    Currently Studying: CCNP: Wireless - IUWMS
Sign In or Register to comment.