Tag Archives: switch

Troubleshoot a Slow Network – Slow Server

Slow Server

How do we know the server is slow and the problem is not elsewhere?
Make a file transfer between any two other computers on the network. Compare the measurements with the server’s transfer rates.
What are the reasons for a slow server?
There are many reasons for a slow server. The server is many times the bottle-neck of a network. Here are a few reasons for a slow server:
An average, or below average network card, (you need good quality network cards for a server).
Server Network Card Underutilized. Connect your server on the backbone or on 1GB switch ports to make use of the high speed network card. You probably want to limit all your clients to transfer at 100Mb so that there is no traffic discrimination. If your server and switches support higher transfer rates, (10GB ports), make sure you make use of it.
Slow disks. Poor hardware is many times the main reason. Improper configuration, such as choosing the wrong RAID type, or not using write caching can be another reason.
Too many clients on a server. If too many clients make requests to the same single server this could overload the server and it will perceived as a slow network by the users. Measure your server’s performance on load using the performance logs and alerts and the system monitor in Windows. Usually the performance is changing over the course of a day based on the number of users who access the server at the same time. Sometimes adding another network card would be sufficient. Enabling cache writing on the SCSI card can help a lot, (make sure you install a cache battery), adding a new SCSI card and additional disks to offload the existing ones could be of help. Sometimes adding another CPU can make a difference, (if you have free CPU slots). Memory is very often the most used method of upgrading, but most of the times it is not the needed solution. Use the performance logs and alerts and the system monitor and compare with the recommended thresholds to determine what your bottleneck is.
Slow server response, (packet sniffer to determine the handshake time), Adjust the server’s configuration to optimize the handshaking time; (this is a fairly advanced optimization task).

This article is part of a five posts series regarding Network Troubleshooting.

Troubleshoot a Slow Network – The entire Network is Slow

The Entire Network is Slow

If the entire network or a part of the network is slow, this could be a strong suggestion for a faulty switch or a miss-configuration.

Poor network equipment
Usage of hubs is not recommended, (hubs are prone to collisions by design)
Cheap switches that cannot handle the total needed bandwidth. The switch’s chip can handle 100Mb/s for 12 ports, but the switch has 24 ports and all are connected. For low network usage this is not a problem, but if your network usage spikes, your switch will not be able to handle the bandwidth. The quick fix in such situation is to power off the switch for a few minutes and then power it back on.

Loopback
A loopback is a network cable that has both ends connected to the same switch. If it’s a managed switch activating loop protection on all the ports could fix the problem. You can look on the switch’s log file for excessive broadcasts and isolate the two ports that are in loop. If you don’t have managed switches you can use a packet sniffer to determine if there’s a loop. A wrongly configured Spanning tree could cause a loopback.
FIX: Check all the patch-cord connections in the faulty switch. Check for patch-cords that have both ens into the same switch. Check for more than one patch-cord connecting the same two switches.
If you have cascaded switches it is normal to be slower for the devices in the cascaded switch but is not normal for the devices that are not cascaded. Check if any cascaded device is not connected on two ports on the wall, (usually the ports on the wall go to the network room). Your cascaded switch makes a loop into the upper level switch.

Bad Network Configuration
DNS issues
can cause a lot of slowdowns.
One common error is to use your ISP’s DNS server inside your Active Directory network. Your Active Directory computer members will try to resolve internal names by querying your ISP’s DNS. Those records don’t exist outside of your network.
Fix: For all of your Active Directory network clients remove any entries for your ISP’s and use only internal DNS servers. Configure your ISP’s DNS server as a forwarder on your AD DNS servers.

Network switching equipment wrongly connected is the reason of slow network for many small networks. Typically this happens when a small switch is connected to the router. When the switch becomes too small for a growing network, the first impulse is to connect the computers into the router directly.
Fix
: Install a switch that will accommodate all of the computers in the network. Disconnect any computers connected directly into the router.
Note: It is normal for the wireless connected computers to have slower transfer rate than the wired ones. Most of the wireless routers and adapters function at 54Mb per second. If your router is a modern router, (100 Mb or faster), and you still don’t get the expected transfer rates, you should revise your configuration as above.

Broadcast storm
You can efficiently detect a broadcast storm using a packet sniffer or a managed switch. With a packet sniffer you need to look for large numbers of broadcast/multicast (more than 20% of the total traffic it is an alarm signal). Locate the retransmission packets and search for the source MAC address. Disconnect the problem host.
If you suspect a broadcast storm in your network and you don’t have a managed switch or a packet sniffer, you can run download and upload tests by systematically disconnecting all of your computers in the network one by one. This is only practical in small network environment.

Virus Attack
A lot of connections originating from the same MAC address, to the same destination port, but for different destination address, and in short intervals.
Fix: Determine the source address of these connections and disconnect the suspect hosts. Run an antivirus scan on the computer before plugging it back. There are a few ways to determine the source of a virus. Use a packet sniffer, look on your managed switch for the ports with the most traffic and confirm it on the suspected computer by issuing the command “netstat -a -b”, (on a Windows machine). The command will show you which ports are active and which program, (executable), is using the ports.

This article is part of a five posts series regarding Network Troubleshooting.

Corporate Antispam Solutions

Linux Mail Servers or other SMTP servers

Hexamail Guard
Kaspersky Anti-Spam Enterprise Edition
Declude MailProtector
Ruckus MailFILTER
Vorras Classifier
GWAVA for Novell GroupWise
Trend Micro

Exchange

MailSite MP Email Gateway Software
Symantec Premium AntiSpam
Hexamail Guard
MailFender for Exchange Server
iQ.Suite
Pro Exchange Spam Smacker
XWall
modusGate™ MS Exchange Anti-Spam Gateway
GWAVA for Microsoft Exchange
Trend Micro

Windows

BCware NoSpam
Pinjo
DynaComm i:mail
MAILsweeper Business Suite
SpamBolt
Surf Control
AlliGate
Spam Sleuth Enterprise
NetIQ MailMarshal
Visnetic MailScan
Omniquad Mailwall
Lightspeed Total Traffic Control
SMTPTrap
Philter
Fluffy the SMTPGuardDog
Catch!
IDRSMTPProxy
Spam Manager Professional
MailMax
eTrust Secure Content Manager
Leon
mxORB
GWGuardian
Rockliffe MailSite MP
ADVmserve

Gateway (Appliance or Installable Software)

Astaro Security Gateway
Alligate (Windows)
IMGate (FreeBSD 7)
Symantec Brightmail Gateway
iQ.Suite (Windows \ ISA)
Axway MailGate (Linux)
XWall
Active SMTP
ModusGate Antispam Appliance
MXtreme
Cloudmark Authority
SpamTitan
MailFoundry
iForce Mail Firewall
Barracuda Networks
Roaring Penguin CanIt Appliance
SpamKiller 3000 series Appliances
Watchguard Spamscreen
Arska Mailwall
Bizanga

Domino

M-Switch Anti-Spam
Symantec Premium AntiSpam (Exchange and Domino)
SpamSentinel
MIMEShield    

Service (Third party Hosted MX) – Subscription Based

SpamSentinel
MailSite MP Email Gateway Software
Declude MailProtector
Postini (Now a Google service)
Mxpolice
SPAMfighter
MXGuarddog
CudaMail
Remote Anti Spam
GFI MAX MailProtection