Investigate Network Load: Difference between revisions

From Allegro Network Multimeter Manual
Jump to navigation Jump to search
Access restrictions were established for this page. If you see this message, you have no access to this page.
Line 14: Line 14:


== Time Selection ==
== Time Selection ==
Now select a time view in the upper right corner, which is larger than your
Now select a time view in the upper right corner, which is a longer timeframe than the
interval to be examined:
interval to be examined:


Line 21: Line 21:
|}
|}


In our case, we are looking for events from this morning and I choose the last
In this case, we are looking for events from this morning and I chose the previous
day's view. Now select the time period in which the users have reported
day's view. Now select the time period in which the users have reported
problems by clicking with the mouse:
problems by clicking with the mouse:
Line 30: Line 30:


The Allegro's internal database now works with the selected time interval
The Allegro's internal database now works with the selected time interval
and you can investigate what problems there were here. The following points
so you can investigate what problems there were. The following points
are easy to clarify on the dashboard:
are easy to clarify on the dashboard:


* Do you know the TOP protocols?  Endpoints in the network often cause further traffic, such as large updates for Windows. By clicking on the protocol you can see which IPs caused this traffic.
* Do you know the TOP protocols?  Endpoints in a network can experience increased and unexpected traffic such as large Windows updates. By clicking on the protocol you can see which IPs generated this traffic.
* Do you know the TOP IP addresses? For example, there may be several backups running at the moment, which burden your link and the internal servers.
* Do you know the TOP IP addresses? For example, there may be several backups running at the same time, which burden your link and the internal servers.
* Do you know the TOP-MAC addresses? If, for example, a lot of multicast or broadcast traffic appears here, this can indicate loops or similar things, and a packet storm can place a heavy burden on the network.
* Do you know the TOP-MAC addresses? If, for example, significant multicast or broadcast traffic appears here; this can indicate loops or similar issues, and a packet storm can place a heavy burden on the network.
* Is there a high TCP retransmission rate of more than 3% compared to other periods? This indicates an overload of a network segment such as the WLAN or an end device.
* Is there a high TCP retransmission rate of more than 3 percemt compared with similar periods? This can indicate a network segment overload such as the WLAN or an end device.
* Is there extremely little or no network traffic during this period? This may indicate link problems, such as no connection to the Internet or to another network node.
* Is there extremely low or no network traffic during this period? This may indicate link problems such as no connection to the Internet or to another network node.


In our example, Dropbox showed up with a total of 900 MB data transfer.
In our example, Dropbox showed up with a total of 900 MB data transfer.
By clicking on "Dropbox" I can easily get an overview of who triggered this
By clicking on "Dropbox" I can easily see an overview of who triggered this
traffic:
traffic:


Line 47: Line 47:
|}
|}


Here the computer "nb-nina.allegro" has caused both upload and download
Here, the computer "nb-nina.allegro" generated both uploads and downloads
to dropbox with up to 40 Mbps. This can lead to user disruption caused by
to Dropbox with rates up to 40 Mbps. This can lead to user disruption caused by
the upload and download, allowing you to take further action.
the uploads and downloads, allowing you to take further action.


By clicking on the IP and then on the tab "Connections" you can sort the
By clicking on the IP address, then on the tab "Connections" you can sort the
connections by TCP retransmission:
connections by TCP retransmission:


Line 59: Line 59:
|}
|}


You can use the quantity of retransmission to estimate if there is a bottleneck
You can use the number of retransmission to estimate if there was a bottleneck
between the Allegro and the recipient and if more packets had to be sent again.
between the Allegro and the recipient and if more packets had to be retransmitted.
Here in our example there were 1.4% retransmissions at approx. 12 MBit/s
Here in our example, there were 1.4 percent retransmissions with an approx. 12 MBit/s
upload to dropbox. Probably the uplink was busy here and dropped several TCP
upload to Dropbox. Possibly the uplink was busy at this point and dropped several TCP
packets.
packets.


If you need a more detailed analysis, you can use the PCAP button to extract
If you need a more detailed analysis, you can use the pcap button to extract
the packets of a connection.
the connection packets.

Revision as of 11:54, 27 April 2020

Problem

How can you use the Allegro Network Multimeter to quickly and easily examine the load on a network? Let's take a practical example: multiple users complain that their network connection is sometimes very slow. This occurred again this morning between 9 and 10 o'clock, for example.

Dashboard

First we start with an overview in the dashboard. Open the web interface with your browser.

Ap-mm-dashboard.png

Time Selection

Now select a time view in the upper right corner, which is a longer timeframe than the interval to be examined:

Ap-mm-time-select-1-day.png

In this case, we are looking for events from this morning and I chose the previous day's view. Now select the time period in which the users have reported problems by clicking with the mouse:

Ap-mm-select-traffic-mouse.png

The Allegro's internal database now works with the selected time interval so you can investigate what problems there were. The following points are easy to clarify on the dashboard:

  • Do you know the TOP protocols? Endpoints in a network can experience increased and unexpected traffic such as large Windows updates. By clicking on the protocol you can see which IPs generated this traffic.
  • Do you know the TOP IP addresses? For example, there may be several backups running at the same time, which burden your link and the internal servers.
  • Do you know the TOP-MAC addresses? If, for example, significant multicast or broadcast traffic appears here; this can indicate loops or similar issues, and a packet storm can place a heavy burden on the network.
  • Is there a high TCP retransmission rate of more than 3 percemt compared with similar periods? This can indicate a network segment overload such as the WLAN or an end device.
  • Is there extremely low or no network traffic during this period? This may indicate link problems such as no connection to the Internet or to another network node.

In our example, Dropbox showed up with a total of 900 MB data transfer. By clicking on "Dropbox" I can easily see an overview of who triggered this traffic:

Ap-mm-dropbox.png

Here, the computer "nb-nina.allegro" generated both uploads and downloads to Dropbox with rates up to 40 Mbps. This can lead to user disruption caused by the uploads and downloads, allowing you to take further action.

By clicking on the IP address, then on the tab "Connections" you can sort the connections by TCP retransmission:

Ap-mm-connection-retransmissions.png

You can use the number of retransmission to estimate if there was a bottleneck between the Allegro and the recipient and if more packets had to be retransmitted. Here in our example, there were 1.4 percent retransmissions with an approx. 12 MBit/s upload to Dropbox. Possibly the uplink was busy at this point and dropped several TCP packets.

If you need a more detailed analysis, you can use the pcap button to extract the connection packets.

Retrieved from "https://allegro-packets.com/wiki/index.php?title=Investigate_Network_Load&oldid=2204"