Improve company productivity with a Business Account.Sign Up

x
?
Solved

Network droping packets

Posted on 2016-08-02
4
Medium Priority
?
64 Views
Last Modified: 2016-08-03
Hi Guys,
My network was working fine, for instance pings to servers were not drop and under 1ms.
All of the sudden in a ping to a server in my LAN I'm seeing huge delays, for instance "time=152ms"

I have 3 main VLANs namely
VLAN 1: For all my users
VLAN 20: For VoIP
VLAN 50: For some video recording security cameras and server
VLAN 88: For all my servers. (The servers are in a VMware Cluster).

These are my tests using a host in VLAN 1: (10.10.70.53)

ping 10.10.70.4
Reply from 10.10.70.4: bytes=32 time<1ms TTL=64
As a matter of fact any IP in this VLAN is under 1ms.

ping 10.10.88.10
Reply from 10.10.88.10: bytes=32 time=149ms TTL=63

ping 10.10.50.10
Reply from 10.10.50.10: bytes=32 time=150ms TTL=127

I just tested and the ping times are back to <1ms for everything.
As far as I can tell this lasted for about 1 hour.

My Opinion:
It looks as if there is a program in a computer somewhere generating absurd quantities of traffic in the network.

My Question:
If I'm right How can I identify the culprit?

One weird thing though is why there was no delay while pinging inside the VLAN 1?

Thanking you in advance,
Cargex
0
Comment
Question by:cargex
  • 2
  • 2
4 Comments
 
LVL 13

Expert Comment

by:Bryant Schaper
ID: 41739797
I would suspect your router/layer 3 switch that is handling the inter-vlan traffic.  What kind of device is this?  We can maybe isolate the traffic source,
0
 

Author Comment

by:cargex
ID: 41739858
It is a Cisco 3750 Stack.
I was asking around and I think I found the culprit, it was a Video Editor that was saving his work as he was making changes in a network folder.

But I would like pretty much to know what tools can I use to identify a computer that is creating excessive traffic in a LAN.

This time I was lucky but in the future I would like to be able to pinpoint the culprit without the asking around part.
0
 
LVL 13

Accepted Solution

by:
Bryant Schaper earned 2000 total points
ID: 41739900
that would make sense.  You can use a few tools, some will recommend wireshark, however no a fan, and you have Cisco so that opens up a bit more too.

You can start with the full nms solutions like prtg, solarwinds or manageegine OpManager.  PRTG and OpManager have a free tier that may work for you.  They have SNMP hooks and give the details of traffic per port and such.  Good for proactively monitoring and sending alerts.

But I would start at the switch, you can use a "show interface summary" and look at RXBS and TXBS, same data as a "show interface gig1/0/" would give, but for all interfaces so you can spot it.

You can also setup netflow, would have the check the 3750, my 3560 does not have support.

Another useful one is "show processes cpu" and read the first line, it shows 5 minute utilization and will let you know if the device is getting hammered.

We recently had an issue with the backups killing the network, we saw high CPU on the router, and then used IP top-talkers to see what device was sending/receiving all the traffic, it was the backup server, and the intervlan traffic was killing us midday, so we moved that to a layer 3 switch off the 2921 router.  Routers just dont do it as fast, they are designed to talk to the edge network
1
 

Author Closing Comment

by:cargex
ID: 41740597
Thank you very much Bryant, your information is really helpful.
0

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question