I need help with reconfiguring a network

I just started as IT Manager at this company and things are in a bit of a mess. They are running 6 servers and have about 60 nodes on a subnet. The servers go into a DLink unmanaged gigabit switch and the other nodes connect to various stacked unmanaged switches which then connect into the Dlink. This is a rough idea of what I am looking at:

Internet -> T1 modem/router -> Cisco Pix 515e -> DLink switch -> 6 Servers (file servers, application servers, web server, exchange server)
                                                                Various switches ->all other pcs, printers, etc

We have been struck with intermittent internet outages and slowed connections to the servers and other nodes. I am open to suggestions at this point. I was looking at changing the DLink backbone switch out with a higher quality managed gigabit switch and then replacing the other switches with higher quality 24 or 48 port managed switches. How does this sound?
Who is Participating?
Rich RumbleConnect With a Mentor Security SamuraiCommented:
If new switches fix the issue, then there was something wrong with the current switches and or their config's. The switches you currently have seem quite capable of supporting a decent amount of users and traffic. If the only real slowness is access to the internet, then it's very possible that your T1 (typically a 1.5 meg circuit) could be saturated with traffic, perhaps from someone running Kazaa or other P2P like bittorrent, there could be a spam bot on the network or open relay on your SMTP server...

If the problem is overall network slowness, lan and internet, I think you could hire a consultant to trouble shoot the issue quite quickly with such a small network.
A managed switch will help you to control your network more than an unmanaged one to be certain, but again, if your servers and pc's aren't using much bandwidth, then stepping up to a gig won't really hurt or help.

Switches, well cisco's at any rate, are pretty smart about routing. If you have server1 and server2 both plugged into switch1, and server1 wants to talk to server2, once the connection is made, the traffic only goes over the backplane of the switch, not through the default gateway. It's in essence a direct connection, the traffic will be switch port to switch port... the backplane of a switch is the fastest part of the network as it should be. If you have slowness between server1 and server2 connected to the same switch (regaurdless of blade or location on the switch) then your going to want to look at things like speed/duplex on the switch and servers nic settings. If that doesn't help, then perhaps you should replace the switch. You may want to replace or place a nic in the servers to rule out the servers nic's being bad first, or moving the servers to differnet switches and seeing what happens.

I think it'd be irresponsible to just throw hardware at the problem before having the network fully trouble shot. At a minimum mirror the port that the pix is using to connect to the switch and get an idea of the ammount of traffic being sent to the internet, using ntop perhaps. Cacti could also use snmp to monitor that port with out any need to mess with mirroring or port spanning. My ultimate suggestion, should you not posess the knowledge or have anyone at the office who does know, hire a reputable network engineer to have a look at your network and or setup the tools that might help you better understand what might be going on.

If that's not an option, come in on a weekend or stay after hours, turn off all the users pc's and see if the issue persists... start turning them back on one by one. If possible do the same for the servers. I'd look for P2P software on users pc's and or possible "zombie" infections.
Thats where I would start.  If you company has the money then replace all the switches in one go and see if that made any difference to the internet outages and slowed connections.

If not then I would try and replace one of the switches and see if that made any difference to the PCs that are connected to that switch.

I would monitor the slow connection situation to see if there is a pattern.  Check the performances of the servers at the time of slowness.  Does the slowness effect PCs that are just on one particular switch or all switches?  Do you have too many users that use alot of bandwidth all on one switch?

With the internet outages, I take it that you have checked with your ISP that they did not have any problems at that time.  If not are you able to plug in a non domain machine into the Cisco Pix to make sure that the Pix is not the problem or even the T1 modem/router?

Sure others will come up with better ideas ;)
sounds like you have some bottle necks in your switches. Does the Dlink Switch have multiple 1 GB uplinks? i'm assuming it doesn't from what i hear it doesn't, and if it's an older model...probably not. This is the main problem i see. Your uplinks from Switch to Switch SHOULD be 1 GB in a well constructed 10/100 network.

All your switches in the 'various' group are all 8-24 ports (I assume) and they all respectively share a 10/100 mbs uplink to your D-link switch. So, basically you have 8-24 ports sharing one 10/100 uplink port to your D-link for EACH switch. Not really good and definately could create some bottlenecks.

If your D-Link switch doesn't have multiple GB uplink ports, I recommend replacing that with one that does, along with your other switches so that EACH switch has a 1 GB uplink port to your main (D-Link) switch. Make sense?

Basically you could get two quality 48 port switches, each with 1 GB uplink ports and go with that. If cost isn't a issue, for your "main" switch, i would get one with multiple 1 GB uplinks (2-4). That way, if you need to add another switch as your network grows......just plug into the 1 GB uplink with another 1 GB uplink compatible switch. I haven't priced or researched the latest models, but i would think you should get what you need from a HP procurve or similar. Heck, D-link may vary well have a newer model with these capabilities...i'm just kinda a HP fan.

Bottom line is the 1 GB uplink ports.... make sure the new ones you buy have enough of them.  

*they do offer newer high end switches and have ALL 10/100/1000 ports. These will run a few thousand dollars. I say this because virtually ALL new computers have 1 GB network cards available. Something to keep in mind while your upgrading. 1GB networks are going to be the de facto standard in the next few years i'm hoping.

As far as managed and unmanaged goes...that's your call how much control you want.

Hope this helps
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

How many 'various' switches do you have?
Nzarth has some good ideas about monitoring the bandwidth and so forth, but if you have MANY 'various' switches i'd just move forward with the upgrade. You can spend ALOT of time and headache trying to do monitor bandwidth. Depends on your budget and your management's 'moving forward' mentality basically. You still have bottlenecks from your 'various' switches to your D-link if they ain't (yes i know, ain't ain't a word) 1 GB uplinks.
Here is what we have for our network.

Backbone is a Layer 3 GigaBit switch.
100Mbps Edge switches.

PIX can 515e can handle data upto 188Mbps. So you can ideally connect it to a Gigabit port.

Since you have only 60 nodes, you can easily do with one subnet.(No need for subnetting)

As for you current situation, the Internet Outage could be due to the fact that all the load is on your D-link switch.
Whenever their is a huge data transfer from your file server, D-Link switch will overload and will cause internet outage.

Just a test if you could do it. Try can connect PIX internal interface to one the edge switch. Now browse internet from a PC connected to same switch. You would notice that even if other would feel internet slow, this machine can browse easily. But where is you DNS server located. If its on one the server, this test won't work. You need external DNS server. Use your ISP DNS server for test.

Rich RumbleSecurity SamuraiCommented:
You have to start with basic trouble-shooting, period.  What are the commonalities of the speed slowness? Is it local only, is it internet access only, is it both?
Logon to the switches and router, look for simple speed and duplex mis-matches. A common problem is with auto-negotiate not detecting correctly on switches and or the PC's. If your switches are mostly 10/100 speed, then start "hard-coding" every PC/Server nic to 100/FullDuplex and make sure the switch port is set the same. Hubs cause many collisions if the devices with any other setting than HalfDuplex... so if you have PC's on a hub, they should be half (10 or 100 depending on the speed of the hub) and that is the same for the link from the hub to the switch, it should also likely be set to HD.
You should also check ports for errors, clear the counters, and look for rapid increments on the switches/router/pix.

Gig schmig... if you have cause to use GIG, like on a back-up machine, use it there. It's not necessary to use gig all over, and if you come no where near 10 megs or 100 megs a second... why spend the cash? You can use tools like Cacti to help you gauge what your switch/router ports are seeing as far as traffic. http://cacti.net/ There is also ntop
http://www.ntop.org/overview.html (linux is free, win32 costs $$) However here is a free win32 Ntop port: http://www.openxtra.co.uk/products/ntop-xtra.php
Ntop will do more of a protocol break down (smtp, pop, http) where cacti will just do overall utilization.

Then if you see that you can justifibly need gig, get gig. If you only need it for a select few boxes, get a smaller gig switch or two. Having your NIC set to 1000/MB, if your not going near or above 100/MB, won't appear any faster than 100/MB. Same hold for 10 megs, if you don't go over 7-8 megs, switching to 100 won't make anything seem faster, nothing will change. 100 is more of a standard than 10, and it's not much more overhead so it matters little, just and FYI.
Why not make your life simpler and just start off with common networking best practices and go from there. It's your call how much troubleshooting you want to do, but from your description it is obvious you have bottlenecks with internet and servers/nodes ALL being slow. How much are you getting paid and the number of hours you spend troubleshooting -vs- costs of a few new switches that will improve your network performance. Is it worth your time? Maybe it is... More feedback needed about your network.

I personally haven't ever experienced the autonegotate problem in the past 8 years. If you still have hubs in your network....an even better reason to upgrade hardware.

Hope this helps
quahitisAuthor Commented:
Thanks for the help guys! I am going to put together two proposals for replacing the switches.
The first and least expensive, 2 X HP ProCurve Switch 2650 -  48 ports with gigabit uplink ports into a HP ProCurve Switch 2824 20-port gigabit managed switch with 4 dual-personality ports. I think this would work very nicely and is pretty cost efficient.
The next one is, 2 X ProCurve 2848 48 port switch with 44 10/100/1000 ports and 4 dual-personality gigabit ports into a HP ProCurve Switch 2824 20-port gigabit managed switch with 4 dual-personality ports.
How do these sound?
Rich RumbleSecurity SamuraiCommented:
I think if you posed this question in the networking TA you'd get the same response. It's more of a networking question than a security one
Sounds like a good step forward. Depending on what excatly your company does, an all GB network may be overkill. If you do alot of engineering with CAD or other large files like videos going over your network, then 44 port GB switch may be a very good investment. If you only do email/internet and less intensive stuff, then i'd say at this point a 44 GB switch would be overkill. Never the less, having fewer switches with more ports and fast uplinks can only help.

I'd still like to know a few more things. Just how many 'various' switches you have and it they are in fact all 10/100? are they all switches or are there some hubs? I'd also like to know if you nave you checked basic stuff like DNS and DHCP scopes? I assumed as an IT manager you have. Did this slowness all of a sudden happen? or has it been going on since you got there?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.