[olug] Network performance analysis

Jeff Hinrichs - DM&T jeffh at dundeemt.com
Tue Nov 25 14:39:09 CST 2014


May have already done this, but have you changed the physical port used for
your LAN?  I've had specific ports go belly up/noisey before and simply
switching from that physical port to another (and taping off the bad one)
made life better.

-Jeff

On Tue, Nov 25, 2014 at 2:07 PM, Bill Brush <bbrush at gmail.com> wrote:

> Well I tried a firmware update for it last weekend, and it restarted
> as part of that.  A full powerdown would have been when we had a big
> power outage summer of '13.
>
> As an update, I have done a lot more testing.
>
> I have tested 3 vlan's, with different results.
>
> DMZ logging into the web page in the DMZ,  no retrans, no errors, fast
> response, as expected.
> LAN to DMZ, same operation, retrans errors, duplicate ACK's, slow response.
> WLAN to DMZ  same operation, no errors, fast response.
>
> The kicker is that the WLAN is a VLAN on the same switch as the LAN,
> so at least in that area, the switch is fine.
>
> I also moved the firewall link so that it goes through a separate
> switch.  Theoretically a client plugged into that switch,
> communicating with the DMZ would have no traffic going through the
> main switch.  The performance and packet capture on the client showed
> the same symptoms however.
>
> All of this makes me suspect that something is misbehaving on the LAN
> but nothing obvious is jumping out at me in the traces.
>
> Bill
>
> On Tue, Nov 25, 2014 at 1:54 PM, Rob Townley <rob.townley at gmail.com>
> wrote:
> > Care to share how long it has been since the switch was powered down?
> >
> > On Sun, Nov 23, 2014 at 10:43 AM, Bill Brush <bbrush at gmail.com> wrote:
> >
> >> Hey guys,
> >>
> >> Thanks for the input.  I have done some wireshark sessions and it
> >> appears as though there are a number of retransmission packets on my
> >> tests.  On this test we're just logging into a web page.
> >> Interestingly enough it doesn't seem slow if I login from the
> >> internet.  Next week I'm going to do some more packet captures.
> >>
> >> I beginning to suspect that my main switch may be having issues.
> >>
> >> Bill
> >>
> >>
> >> On Fri, Nov 21, 2014 at 5:08 PM, Matthew G. Marsh
> >> <olug4mgm at paktronix.com> wrote:
> >> >
> >> > Links internally work fine?
> >> >
> >> > Links to ISP website work fine?
> >> >
> >> > Basically if the "perceived" issue is slowness opening a link, and you
> >> > suspect networkish issues (DNS, Proxy, Inet, etc) then start local and
> >> work
> >> > towards remote.
> >> >
> >> > If even local opens up slow then you have either DNS or security
> software
> >> > issues.
> >> >
> >> > Also - try multiple methods:
> >> >
> >> > http://10.1.1.1/index.html  ; if you suspect DNS
> >> >
> >> > ftp://ftp.kernel.org  ; if you suspect proxy/security setings
> >> >
> >> > and of course you can play around with:
> >> >
> >> > smb://10.1.1.1/myfile
> >> >
> >> > just for kicks...
> >> >
> >> > BTW - better than any speedtest is to download a recent kernel from
> >> > kernel.org and use a watch... seriously provides a real world latency
> >> and
> >> > speed test unless of course you are on the 10G direct fiber link...
> >> >
> >> > The other lurking issue is latency. That is best addressed after you
> rule
> >> > out DNS/security/proxy/routing issues.
> >> >
> >> > in latency some easy tests are:
> >> >
> >> > ping -n -v -M time {your local gateway}
> >> >
> >> > then move outwards (also good for diagnosing ISP traffic patterns)
> >> >
> >> > And of course there is always tracepath if you suspect async routes...
> >> >
> >> > HTH.
> >> >
> >> >
> >> > On Thu, 20 Nov 2014, Bill Brush wrote:
> >> >
> >> >> Rob I'm painfully (agonizingly) aware of how many variables I'm
> >> >> dealing with here.
> >> >>
> >> >> To go into a little more detail, the raw speed seems fine for the
> most
> >> >> part.  We're seeing some traffic spikes on the internet link up to
> the
> >> >> limit, but it's rarely sustained.  A speed test at speedtest.net
> >> >> usually comes back at around 90% of our nominal speed for our link.
> >> >>
> >> >> The main "symptom" seems to be a lag in things starting to move.  So
> >> >> if you click a link it sits there and thinks about it, then moves.
> >> >> Sometimes this is a few seconds, sometimes it's over a minute.
> >> >>
> >> >> I'm going to set up a 30 day trial of Solarwinds bandwidth analysis
> >> >> pack and hopefully it will show me something.  My forays with
> >> >> Wireshark have not turned up anything obvious.
> >> >>
> >> >>
> >> >> On Thu, Nov 20, 2014 at 2:22 PM, Rob Townley <rob.townley at gmail.com>
> >> >> wrote:
> >> >>>
> >> >>> Bill,
> >> >>>
> >> >>> i feel your pain.
> >> >>>
> >> >>> Keep in mind "slowness" can be caused at many layers of the network.
> >> >>>
> >> >>> -physical tests to verify Cat6 compliance from (PC) patch cable to
> wall
> >> >>> plate thru cable run back to patch panel thru another patch cable (
> >> >>> network
> >> >>> switch).  This could be an electrician with a ~$2500.00? Cat6
> tester.
> >> >>> $per
> >> >>> wall plate
> >> >>>
> >> >>> -firmware on NIC / motherboard
> >> >>>
> >> >>> -device driver version
> >> >>>
> >> >>> -10Mbps half-duplex vs 1000Mbps FullDuplex
> >> >>>
> >> >>> -switch
> >> >>>
> >> >>> -vPro / IPMI
> >> >>>
> >> >>> -IPv6 vs IPv4 issues
> >> >>>
> >> >>> -DNS slowness or timing out
> >> >>>
> >> >>> -router
> >> >>>
> >> >>> -wireless channel (1 ,6, 11)
> >> >>> On Nov 20, 2014 12:20 PM, "Bill Brush" <bbrush at gmail.com> wrote:
> >> >>>
> >> >>>> Hello all.
> >> >>>>
> >> >>>> I don't post much, but I've been lurking around here for many
> years.
> >> >>>>
> >> >>>> I'm looking for help investigating complaints that our network is
> >> >>>> "slow".  I have a rudimentary knowledge of doing packet captures,
> and
> >> >>>> the basics, but an in-depth investigation is beyond my current
> skills.
> >> >>>>
> >> >>>> I inherited this network a couple years ago, and I will freely
> admit
> >> >>>> that prior to this I had never had to worry about my
> infrastructure so
> >> >>>> I have not checked for pre-existing issues.
> >> >>>>
> >> >>>> So is anyone in the Omaha area an expert at network analysis?  If
> it's
> >> >>>> your day job we can discuss your hourly rates.
> >> >>>>
> >> >>>> Thanks!
> >> >>>> Bill
> >> >>>> _______________________________________________
> >> >>>> OLUG mailing list
> >> >>>> OLUG at olug.org
> >> >>>> https://lists.olug.org/mailman/listinfo/olug
> >> >>>>
> >> >>> _______________________________________________
> >> >>> OLUG mailing list
> >> >>> OLUG at olug.org
> >> >>> https://lists.olug.org/mailman/listinfo/olug
> >> >>
> >> >> _______________________________________________
> >> >> OLUG mailing list
> >> >> OLUG at olug.org
> >> >> https://lists.olug.org/mailman/listinfo/olug
> >> >>
> >> >
> >> > --------------------------------------------------
> >> > Matthew G. Marsh
> >> > Special Email Addr for OLUG ;-}
> >> > Phone: (402) 932-7250
> >> > Email: olug4mgm at paktronix.com
> >> > WWW:  http://www.paksecured.org
> >> > --------------------------------------------------
> >> >
> >> > _______________________________________________
> >> > OLUG mailing list
> >> > OLUG at olug.org
> >> > https://lists.olug.org/mailman/listinfo/olug
> >> _______________________________________________
> >> OLUG mailing list
> >> OLUG at olug.org
> >> https://lists.olug.org/mailman/listinfo/olug
> >>
> > _______________________________________________
> > OLUG mailing list
> > OLUG at olug.org
> > https://lists.olug.org/mailman/listinfo/olug
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> https://lists.olug.org/mailman/listinfo/olug
>



-- 
Best,

Jeff Hinrichs
402.218.1473


More information about the OLUG mailing list