Investigate Network Load: Difference between revisions

← Older edit

Investigate Network Load (view source)

Revision as of 09:11, 23 May 2025

434 bytes added , 23 May

no edit summary

Markus.Geissler

70

edits

@@ Line 3: / Line 3: @@
 the load on a network? Let's take a practical example: multiple users
 complain that their network connection is sometimes very slow.
-For example; an event between 9am and 10am.
+For example; an event between 11am and 12pm.
 == Dashboard ==
@@ Line 9: / Line 9: @@
 Open the web interface via a browser.
-[[File:Allegro Default Dashboard.png|1000px|Allegro Network Multimeter Dashboard]]
+[[File:Investigate_network_load_dash.png|1000px|Allegro Network Multimeter Dashboard]]
 == Time Selection ==
@@ Line 16: / Line 16: @@
 {|
-| [[File:Ap-mm-time-select-1-day.png|300px|thumb|right]]
+| [[File:Investigate_network_load_time_select.png|300px|thumb|right]]
 |}
-In this case, we are looking for events from this morning and I chose the previous
+In this case, we are looking for events from this morning. Now select the time period in which the users have reported
-day's view. Now select the time period in which the users have reported
 problems by selecting (click 'n drag) such section with the mouse:
 {|
-| [[File:Ap-mm-select-traffic-mouse.png|600px|thumb|right]]
+| [[File:Investigate_network_load_time_drag.png|600px|thumb|right]]
 |}
@@ Line 31: / Line 30: @@
 are easy to clarify on the Dashboard:
-* Do you know the TOP protocols?  Endpoints in a network can experience increased and unexpected traffic such as large Windows updates. By clicking on the protocol you can see which IPs generated this traffic.
+* '''TOP protocols:''' Endpoints in a network can experience increased and unexpected traffic such as large Windows updates. By clicking on the protocol you can see which IPs generated this traffic.
-* Do you know the TOP IP addresses? For example, there may be several backups running at the same time which burden the link and internal servers.
+* '''TOP IP addresses:''' For example, there may be several backups running at the same time which burden the link and internal servers.
-* Do you know the TOP MAC addresses? If, for example, significant multicast or broadcast traffic appears here; this can indicate loops or similar issues, and a packet storm can place a heavy burden on a network.
+* '''TOP MAC addresses:''' If, for example, significant multicast or broadcast traffic appears here; this can indicate loops or similar issues, and a packet storm can place a heavy burden on a network.
-* Is there a high TCP retransmission rate of more than 3 percent compared with similar periods? This can indicate a network segment overload, such as from the WLAN or an end device.
+* Is there '''extremely low or no network traffic''' during this period? This may indicate link problems such as no connection to the Internet or to another network node.
-* Is there extremely low or no network traffic during this period? This may indicate link problems such as no connection to the Internet or to another network node.
-In our example, Dropbox showed up with a total of 900 MB data transfer.
+{|
-By clicking on "Dropbox" I can easily see an overview of who triggered this
+| [[File:Investigate_network_load_top_statistics.png|1000px|thumb|right]]
-traffic:
+|}
+Let’s check by clicking on ‘Top protocols during selected interval’ for the cause of the slow connection.<br>
+In our example, the ‘SSL’ protocol showed up with a large amount of packets transferred in the selected timeframe.
+{|
+| [[File:Investigate_network_load_top_protocol.png|1000px|thumb|right]]
+|}
+By clicking on ‘SSL’ under ‘Protocol’ you can easily see an overview of who triggered this traffic:
 {|
-| [[File:Ap-mm-dropbox.png|600px|thumb|right]]
+| [[File:Investigate_network_load_protocol_statistics.png|1000px|thumb|right]]
 |}
-Here, the computer "nb-nina.allegro" generated both uploads and downloads
+Here, in our example, on machine did a large download of 6 GB, which can lead to user disruption.
-to Dropbox with rates up to 40 MBit/s. This can lead to user disruption caused by
+By clicking on an IP address or clicking on ‘Connection details’ under ‘Go to’, you can further investigate the causes and even look into the IP’s connections:
-the uploads and downloads, allowing you to take further action.
+{|
+| [[File:Investigate_network_load_ip_statistics.png|1000px|thumb|right]]
+|}
-By clicking on the IP address, then on the tab "Connections" you can sort the
+Under the ‘Connections’ tab you will find all connections the selected IP has made in the selected timeframe and you can even see the amount of TCP retransmissions that have been made<br>
-connections by TCP retransmission:
+(to see the TCP retransmissions you might have to enable this option in your filter).
 {|
-|
+| [[File:Investigate_network_load_connections.png|1000px|thumb|right]]
-[[File:Ap-mm-connection-retransmissions.png|600px|thumb|right]]
 |}
-You can use the number of retransmission to estimate if there was a bottleneck
+You can use the number of retransmission to estimate if there was a bottleneck between the sender and the receiver and if more packets had to be retransmitted. <br>
-between the Allegro Network Multimeter and the recipient and if more packets had to be retransmitted.
+Is there a high TCP retransmission? This could indicate an overload of the network segment or an WiFi device.<br>
-Here in our example, there were 1.4 percent (6MB of 448,2MB) retransmissions with an approx. 12 MBit/s
+If you need a even more detailed analysis, you can use the pcap button to extract the connection packets.<br>
-(upload) to Dropbox. Possibly the uplink was busy at this point and dropped several TCP packets.
-If you need an even more detailed analysis, you can use the pcap button to extract the connection packets.
+{|
+| [[File:Investigate_network_load_download.png|1000px|thumb|right]]
+|}