1

The company I work for has very limited internet bandwidth in the office (~ 3.0MB). I believe that is 3 up and 3 down. Normally, the speed is sufficient, however, periodically it comes to a screeching halt and doing simple things like connecting to servers, running database queries and loading the intranet in a browser become near impossible.

To make matter worse, I am a remote employee connected via a VPN, so I get a compounded effect as all of my traffic in encrypted, slowing things down even more.

I suspect that either (a) users in the company are streaming movies/music, or downloading large files, consuming a lot of the bandwidth OR (b) there is a physical problem with network setup or hardware.

What tools or steps can I take to help identify the problem?

Thanks for the help!

Improve this question
1
  • What type of internet connection do you have? What type of router are you using? How many clients are connected locally? How many remotely? How many switches are you using? How long is the cable between the router and the ISP device? How long is it between the ISP device and the NID? Do all connections in the office get slow, or just some of them? Are there multiple subnets? Is the behavior the same across different subnets? What is the link rate/duplex settings on all your switches? on your clients? what MTUs are you using?
    – MaQleod
    Commented May 11, 2012 at 18:12

3 Answers 3

Reset to default
2

The best thing I can think(and the easiest way) on your specific case is to insert a router computer between the external internet router and the main distribution switch that could foward all the network traffic transparently(without anyone beyond you know that you are on the "middle" of the network receiving and sending all normal traffic of a normal work day). By doing this, install a sniffer software on this computer, such as wireshark, and analyze all the traffic protocols and data that are passing through the network(looking MAC and IPs which undesired packets are coming from and going to). There are another ways to do this without needing to insert a router computer on your network, such as looking on proxy or firewall logs if it were the case.

Improve this answer
5
  • Erm, wireshark is great for example if you want to filter out particular traffic or just get some stats, but I don't think I would be too happy using wireshark to look at ALL the traffic on a congested link as it would be a case of information overload.
    – Robin Gill
    Commented May 11, 2012 at 17:16
  • Wireshark is a great tool, but it is not ideal for this sort of work. It may be useful once the issue has been narrowed down a bit more, but I wouldn't start with it. For all we know, this is a layer one issue.
    – MaQleod
    Commented May 11, 2012 at 18:08
  • layer one = phisical problem? Matthew suspects it is some user using internet to download musics...
    – Diogo
    Commented May 11, 2012 at 18:15
  • @diogo, layer one could mean an MTU mismatch on that particular user, meaning that they could be causing all sorts of problems on the network. Or they could have a bad cable, that when stressed by a heavy download, causes issues. Layer one is ALWAYS the place to start.
    – MaQleod
    Commented May 11, 2012 at 18:18
  • In this case, the best way to find some problems on lower layers would be check for the number of TCP retransmissions or even testing a ping -t and look for packet loss. Actually, I would start this with wireshark..
    – Diogo
    Commented May 11, 2012 at 18:23
0

I suspect this question may be better suited to Server Fault.

However I have some thoughts:

Is the slowdown of things like file access happening on the office LAN as well as when accessing via WAN? If so, you need to have a real look at what it wrong with your network.

If it is just slow remote access, it could be that users are wasting the bandwidth preventing you from working, they may have legitimate work reasons for their internet access, there may be others like you all utilising the limited bandwidth, or maybe your router cannot encrypt VPN fast enough to keep up.

To eliminate the router your could set up a pfSense box as a replacement or beside your original VPN router to see if this helps.

Otherwise you need to see where the bandwidth is being eaten up. pfSense is nice in that you can install packages to see which users are using how much bandwidth.

If you have equipment capable of sending Netflow information, then you can find out more about which protocols are eating your bandwidth.

To detect abuse of the internet, it may be worth installing a monitoring//filtering device that can send you reports.

Also SNMP can be helpful - there are full blown packages that monitor all the compatible devices in your enterprise, or you can use something like Solarwinds free one to check real time stats for limited devices.

Improve this answer
2
  • Again, why does everyone jump to layer 3 right away? How do you know it isn't just a cable or port issue? an MTU mismatch? a device in the middle that is running at half duplex? or at 10mb link rate? You need to start with layer 1 and work your way through, otherwise you are just using a shotgun to try and peg a bird 600 yards away. You may get it, but mostly you'll just miss.
    – MaQleod
    Commented May 11, 2012 at 18:17
  • Read my reply - I said if there are internal problems/problems on the LAN, then there is something actually wrong on the network. Didn't elaborate on this side as the question didn't seem to be taking that direction.
    – Robin Gill
    Commented May 11, 2012 at 20:19
-2

Block all streaming traffic in the Router, block facebook and Youtube. then you will have more bandwidth, employee now use their smartphones to eat the bandwith. We did it because we were having the same issue.

Improve this answer
1
  • -1 I was asking how to find the cause of slowness. Blocking a bunch of traffic as a diagnostic tool is not a good idea. Social Media is an important part of our business.
    – Matthew
    Commented May 14, 2013 at 20:00

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .