What could be causing these outbound data spikes in the UK?
Hi all
I monitor my customers internet connections with PRTG and I am seeing spikes in outbound data. It seems to be affecting about half of the connections I am monitoring. It has been noticed because it saturates the upstream on some ADSL circuits providing VOIP, dropping calls.
I have a customer with two networks, 1 voip and 1 data. strangely, the bandwidth peaks affect both at the same time. Then I noticed that it affects other customers at the same time! I considered whether it is my monitoring platform, but some customers don't have them. Attached are some graphs, with pink being the outbound data usage.
The graphs show outages as a series of red dots, but I don't know if the line is down or whether it is simply that the upstream data is saturated so the usage data gets lost or the monitoring software times out before the SNMP response gets there.
So for the purposes of this, please view the high upstream data and the outages as the same thing. You will see that the times correlate across all the graphs, approx 9:05, 9~:30-9:45
Any suggestions as to what it is or even better - any ideas to prevent it would be greatly appreciated.
The routers are all Cisco 867VAE, 887VA or 2821 and I use SNMP to monitor them.
Experts-Exchange-Graphs.pdf
I monitor my customers internet connections with PRTG and I am seeing spikes in outbound data. It seems to be affecting about half of the connections I am monitoring. It has been noticed because it saturates the upstream on some ADSL circuits providing VOIP, dropping calls.
I have a customer with two networks, 1 voip and 1 data. strangely, the bandwidth peaks affect both at the same time. Then I noticed that it affects other customers at the same time! I considered whether it is my monitoring platform, but some customers don't have them. Attached are some graphs, with pink being the outbound data usage.
The graphs show outages as a series of red dots, but I don't know if the line is down or whether it is simply that the upstream data is saturated so the usage data gets lost or the monitoring software times out before the SNMP response gets there.
So for the purposes of this, please view the high upstream data and the outages as the same thing. You will see that the times correlate across all the graphs, approx 9:05, 9~:30-9:45
Any suggestions as to what it is or even better - any ideas to prevent it would be greatly appreciated.
The routers are all Cisco 867VAE, 887VA or 2821 and I use SNMP to monitor them.
Experts-Exchange-Graphs.pdf
The dotted lines just mean no data is available.
That can happe if your PRTG monitor is down, there is no traffic possible between your PRTG node & object of interest
SNMP responses got dropped, no answer was sent back, no request was receved on remote, link down...
At least something to look into.
You may need to collect ping times as well.
The Spikes can be anything, file transfers, mail transmission, web bursts.
you may need to investigate with a packet sniffer like wireshark or something like it.
That can happe if your PRTG monitor is down, there is no traffic possible between your PRTG node & object of interest
SNMP responses got dropped, no answer was sent back, no request was receved on remote, link down...
At least something to look into.
You may need to collect ping times as well.
The Spikes can be anything, file transfers, mail transmission, web bursts.
you may need to investigate with a packet sniffer like wireshark or something like it.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I found the source of the problem. It is another host using SNMP to query the router which resulted in High CPU and loss of connectivity.
while there were a couple of tidbits to interpret the graphs, there was no hint at the problem or how to identify the cause
while there were a couple of tidbits to interpret the graphs, there was no hint at the problem or how to identify the cause
QoS, bandwidth reservation for VOIP is a way to mitigate...issues.
The phones in use, can someone plug a personal system to the phone's pc port and could explain this spike in one location.
Unfortunately looking at graphs means little and provides no context on what might be going on, it mere confirms a spike in utilization.....