Smooth Communication on all Channels

Who doesn't know it: A conference call has started, but a conversation partner connection is fraught with video delays and indistinct words; these errors occur repeatedly, the network administrator is contacted. In order to find the error in the multitude of network activities, it helps to "look into the cable" and analyse the connections over network Layers 2 to 7 and their associated packets. Therefore protocols like TCP, SIP, RTP or SSL are examined. 

Heterogeneous applications and services take up the bandwidth of a network connection. Multiple participants and services share a data transmission rate that can be too narrow in sum. When users access uplinks of up to 1 GBit/s, this is a significant increase compared to previous years. However, the amount of data to be transferred has also increased with the complexity of applications. Backup, chat, email, telephone and video all run over the same connection and compete with each other. Staff can also connect their own devices and use data-hungry applications. Modern measurement technology for network analysis makes the activities, bottlenecks and disturbances in the network visible to enable detailed investigation and evaluation.

Accessibility of services

In many organisations, text-based communication such as individual or group chat is often used in addition to email. Most users accept that the there are finite delays when using email. With chat on the other hand, a user expects immediate delivery of a message. A user may not understand the long wait for a reply, since the conversation is often short and brief. A network administrator can determine whether it is due to a technical problem if the conversation stalls more than once. 

With a dedicated network analysis tool, the network administrator can find the IP address of the chat user and display the corresponding TCP connection protocol data. The TCP connection data are responsible for establishing, checking and terminating the connection. The network analyser detects how long the handshake took in each direction. This makes it clear whether there are latency problems. If services are virtualised, there can be quality problems with the virtual machine which often operates according to the best-effort principle and processes applications in an equal manner. If you launch a backup, delay is less important. However, a chat session is enhanced when the performance is more timely. If the service runs via a virtual machine, a network administrator can determine the fact from the handshake times. If they are too long, the virtual host is not allocating sufficient computing resource to the virtual machine. This proves that the virtual machine is overloaded and cannot handle requests in line with the application and the demands of the user.

If data was transmitted via TCP, the other user's computer should confirm receipt after a short time. If the response time is erratic or delayed, this could be due to network congestion between the server and the client. If the TCP response time increases and fluctuates significantly, then the chat server is either under heavy load or the connection is slow. It is the same for the client-direction. If the response time is very long and the confirmation is erratic, then the chat client or the route is overloaded. A smart network analysis tool helps to keep track of the times of the connections. TCP retransmissions should be considered if the chat user cannot log in at all, the connection is always interrupted or delays are noticeable. Multiple duplicate packets indicate overloaded network components.

If there is poor client or server connection, examining TCP handshakes, TCP response times and reviewing the TCP retransmissions can reveal the root cause of the problem. 

Detecting load peaks

If TCP response times are not constant, this may be due to fluctuating network load. Did the network have too much load to process due to unfavourable conditions or are there recurring overloads? With the help of burst analysis, a network administrator can recognise if it is repetitive and caused by systematic load peaks. Burst analysis is a good indicator of network quality and shows the percentage of load on a connection over a given time interval. A burst describes the effect of a large number of transmitted data packets in a short period without a pause, comparable to a traffic jam on the road. But what causes the congestion? For example, extensive requests can saturate the connection and trigger delays to other applications. Data transfers, e.g. from fast SSD hard drives, can hog the entire network capacity. Or, a large number of emails are in competition with updating an individual's smartphone. Additional services such as chat and VoIP may also be running. If there was a data jam for even a millisecond, a switch, router or firewall may  buffer or discard existing or incoming packets. This is normal in networks, but it can become problematic and cause services such as chat or VoIP to be disrupted. With the help of a smart network analyser, these load peaks can be displayed. Burst analysis detects which service has sent overly large data streams or triggered traffic at the time of the load peaks.

A network administrator can solve many problems by assigning Quality of Service (QoS) rules. To do this, the network administrator must know which services are used in their own network. QoS describes methods to improve network quality. This is handled via additional bandwidth, bandwidth reservation or packet prioritisation. The specified measures should be monitored and thereby confirm the desired result. Increasing transmission capacity is not always the right solution. In many cases, it is advisable to partition individual services into classes and then allocate them a corresponding bandwidth. Here, the chat programme could be placed in a class with video. In addition to the logical separation, physical separation of the services is an additional option. The telephone network and VoIP should be assigned as a high priority or a dedicated service.

Examine SIP and RTP carefully

Voice and video services as telephony (VoIP) and video conferencing are widely used applications in everyday business life. SIP and RTP are the most frequently used protocols for voice transmission. Session Initiation Protocol (SIP) is responsible for setting up, controlling and terminating sessions. The SIP standard is relatively mature, text-based and can be expanded as required. With a powerful analysis tool, calls and their metadata can be displayed in the SIP statistics section. If a VoIP call is rated as poor quality, this can be traced by a network administrator in the analysis tool. Indicators are the bit rate, sample rate, codec information and other audio parameters. The audio data is processed via RTP (Real-Time Transport Protocol). The RTP packet rate shows whether a connection was dropped or whether the rate was constant. Packets transmitted twice or discarded are also measured and displayed. RTP packets have sequence numbers. If sequence numbers are missing, it can be assumed that there has been packet loss. The reason may be due to a burst or a connection problem. It is also often reported that the conversation partner could not be consistently understood. Audio data is transported in RTP blocks via UDP which is a connectionless transport protocol. In contrast to TCP, it does not receive any confirmation for guaranteed packet delivery. These packets are sent at intervals of 20 or 30ms. Sometimes, UDP packets are not received consistently. Even a difference of 20ms can lead to acoustic problems. An analyser can be used to find out whether this is the case or whether another problem has led to the impaired speech quality. A powerful network analysis tool can display the time stamp, packet loss and the differences in runtime, otherwise known as jitter. To measure jitter, analysis accuracy in the millisecond range is required.

Take a look at video telephony

In addition to VoIP, video telephony, web meetings and webinars are popular forms of communication that soak up network bandwidth; these applications are time-critical. An error usually occurs when the service is needed most. A user complains of choppy sound or jerky images. In the event of problems, the network administrator is called in order to find a solution within a short time. The the network administrator may check the network service connections. Microsoft Teams and Skype are often used in today's business environment. These applications establish SSL-secured connections to their servers. A Skype analysis is difficult, but not impossible. Via TCP connections it is possible to carry out a control traffic diagnosis. With a smart analysis appliance, TCP response times, retransmissions, TCP Zero Window and other indicators can be accurately displayed. Encrypted Skype traffic functions over RTP. The RTP header is unencrypted and provides information about packet loss, latency and jitter. The audio and video content is fully encrypted. Skype utilises dynamic codecs and negotiates independent packet rates. A state-of-the-art network analyser can display many indicators to ensure good SSL connections: the response time for the SSL handshake, the first response time for encrypted SSL data, SSL server name and country code. From this it can be deduced for example, whether the route to a Skype server is the cause of high latency or whether specific SSL connections are rejected.

Many communication services share the bandwidth over a network connection. Problems such as load peaks and broken connections can be investigated using various parameters. Connections, protocols and packets are made visible with professional measurement technology for network analysis. They can also be used to examine traces of past sessions (pcap). Precise measurement and specific analysis can help a network administrator to quickly identify errors and restore services to the benefit of all users.