Tag Archives: traffic

Troubleshoot a Slow Network – Slow Server

Slow Server

How do we know the server is slow and the problem is not elsewhere?
Make a file transfer between any two other computers on the network. Compare the measurements with the server’s transfer rates.
What are the reasons for a slow server?
There are many reasons for a slow server. The server is many times the bottle-neck of a network. Here are a few reasons for a slow server:
An average, or below average network card, (you need good quality network cards for a server).
Server Network Card Underutilized. Connect your server on the backbone or on 1GB switch ports to make use of the high speed network card. You probably want to limit all your clients to transfer at 100Mb so that there is no traffic discrimination. If your server and switches support higher transfer rates, (10GB ports), make sure you make use of it.
Slow disks. Poor hardware is many times the main reason. Improper configuration, such as choosing the wrong RAID type, or not using write caching can be another reason.
Too many clients on a server. If too many clients make requests to the same single server this could overload the server and it will perceived as a slow network by the users. Measure your server’s performance on load using the performance logs and alerts and the system monitor in Windows. Usually the performance is changing over the course of a day based on the number of users who access the server at the same time. Sometimes adding another network card would be sufficient. Enabling cache writing on the SCSI card can help a lot, (make sure you install a cache battery), adding a new SCSI card and additional disks to offload the existing ones could be of help. Sometimes adding another CPU can make a difference, (if you have free CPU slots). Memory is very often the most used method of upgrading, but most of the times it is not the needed solution. Use the performance logs and alerts and the system monitor and compare with the recommended thresholds to determine what your bottleneck is.
Slow server response, (packet sniffer to determine the handshake time), Adjust the server’s configuration to optimize the handshaking time; (this is a fairly advanced optimization task).

This article is part of a five posts series regarding Network Troubleshooting.

Troubleshoot a Slow Network – The entire Network is Slow

The Entire Network is Slow

If the entire network or a part of the network is slow, this could be a strong suggestion for a faulty switch or a miss-configuration.

Poor network equipment
Usage of hubs is not recommended, (hubs are prone to collisions by design)
Cheap switches that cannot handle the total needed bandwidth. The switch’s chip can handle 100Mb/s for 12 ports, but the switch has 24 ports and all are connected. For low network usage this is not a problem, but if your network usage spikes, your switch will not be able to handle the bandwidth. The quick fix in such situation is to power off the switch for a few minutes and then power it back on.

A loopback is a network cable that has both ends connected to the same switch. If it’s a managed switch activating loop protection on all the ports could fix the problem. You can look on the switch’s log file for excessive broadcasts and isolate the two ports that are in loop. If you don’t have managed switches you can use a packet sniffer to determine if there’s a loop. A wrongly configured Spanning tree could cause a loopback.
FIX: Check all the patch-cord connections in the faulty switch. Check for patch-cords that have both ens into the same switch. Check for more than one patch-cord connecting the same two switches.
If you have cascaded switches it is normal to be slower for the devices in the cascaded switch but is not normal for the devices that are not cascaded. Check if any cascaded device is not connected on two ports on the wall, (usually the ports on the wall go to the network room). Your cascaded switch makes a loop into the upper level switch.

Bad Network Configuration
DNS issues
can cause a lot of slowdowns.
One common error is to use your ISP’s DNS server inside your Active Directory network. Your Active Directory computer members will try to resolve internal names by querying your ISP’s DNS. Those records don’t exist outside of your network.
Fix: For all of your Active Directory network clients remove any entries for your ISP’s and use only internal DNS servers. Configure your ISP’s DNS server as a forwarder on your AD DNS servers.

Network switching equipment wrongly connected is the reason of slow network for many small networks. Typically this happens when a small switch is connected to the router. When the switch becomes too small for a growing network, the first impulse is to connect the computers into the router directly.
: Install a switch that will accommodate all of the computers in the network. Disconnect any computers connected directly into the router.
Note: It is normal for the wireless connected computers to have slower transfer rate than the wired ones. Most of the wireless routers and adapters function at 54Mb per second. If your router is a modern router, (100 Mb or faster), and you still don’t get the expected transfer rates, you should revise your configuration as above.

Broadcast storm
You can efficiently detect a broadcast storm using a packet sniffer or a managed switch. With a packet sniffer you need to look for large numbers of broadcast/multicast (more than 20% of the total traffic it is an alarm signal). Locate the retransmission packets and search for the source MAC address. Disconnect the problem host.
If you suspect a broadcast storm in your network and you don’t have a managed switch or a packet sniffer, you can run download and upload tests by systematically disconnecting all of your computers in the network one by one. This is only practical in small network environment.

Virus Attack
A lot of connections originating from the same MAC address, to the same destination port, but for different destination address, and in short intervals.
Fix: Determine the source address of these connections and disconnect the suspect hosts. Run an antivirus scan on the computer before plugging it back. There are a few ways to determine the source of a virus. Use a packet sniffer, look on your managed switch for the ports with the most traffic and confirm it on the suspected computer by issuing the command “netstat -a -b”, (on a Windows machine). The command will show you which ports are active and which program, (executable), is using the ports.

This article is part of a five posts series regarding Network Troubleshooting.

Computer Network – Tools and Supplies

Punch down tool

Punch down tool – The punch tool is used to insert the network cable in the patch panel or similar connection panels. For a small network up to 7 devices you might not need it as you can easily connect all of your devices directly into the switch.

Keystone module RJ45

Keystone Jacks – The RJ45 keystone jack is the female connector, usually immobile, part of a network connection that is mounted on the wall or similar. It provides a network connection close to the device to be connected. A patch-cord is used to connect the device to the keystone jack.

There are many types of RJ45 keystones, some require a punch down tool to be used, and some are tool-les, providing a lever for insertion and a retaining clip to secure the connection. The keystone is also produced for various categories, (Cat 3 – Cat 7), make sure you buy the correct one.

Deep Surplus
Wire Stripper Twisted Pair Cable

Wire stripper / Knife – I am not a fan of the wire stripper because it always cuts a little of the wires. Most of the times, the cut is superficial and it doesn’t get to the wire. But sometimes the stripper will scratch the wires. Using a utility knife or cutting pliers, is a little more laborious but I prefer it as I get more control. Moreover the many crimper tools come with a cable stripper. Don’t use that one, it doesn’t work for round cables, it only works for flat cables.

Simple Cable Tester

Network Tester – This is not a must, but if you are doing this for the first time, it will save you a lot of troubleshooting. For professional network cabling an expensive Network Tool that can measure attenuation, cable length, category supported, etc…, it’s a must. You need to give your client a report with your measurement results.
For small DIY jobs a simple tester will do it.

Patch Panel

Patch Panel – This is beyond the purpose of this article since it applies to bigger networks.

Network Switch

Network Switching device – The switching device switches packets between the different devices on your network. Modern switching devices can make a virtual map of all of the devices in your network and route packets according to this map.

Older connectivity devices, such as network hubs, used to indiscriminately broadcast the packets on all of the ports and only the device which the packet belonged to would have accepted it. This design creates a lot of collisions and saturates the network with unnecessary traffic.

Network hubs, (two or more ports), or repeaters, (only one port), are used to increase the maximum of 100m, (333 ft), between two devices connected on an Ethernet segment. Every repeater adds up another 100m.