07-05-2012 09:59 PM - edited 03-04-2019 04:53 PM
hi all,
It is required to analyze traffic traverse through my WAN Link because users complained Network is slow.Once I put a continuous ping I cab see a huge latency delay(attached) . I enable the ip accounting and analyze the traffic , then I blocked some hosts using access lists. But still the problem prevails.
How should I approach this type of scenario. Is there any free tool which I can use to analyze the traffic in more advanced manner. I uses solarwinds realtime Netflow Analyzer. But I cannot get much details using that.
Please provide me a beetter way to approach this.
Thanks
 
					
				
		
07-05-2012 11:39 PM
Hi Harsha,
You can use PRTG. Its a great tool. You can add sensors based on your requirments. You can even enable the Netflow sensor, which will give you a graphical view of all ingress and egress traffics and its free.
HTH.
Regards,
Terence
 
					
				
		
07-06-2012 01:15 AM
harsha senaratna wrote:
hi all,
It is required to analyze traffic traverse through my WAN Link because users complained Network is slow.Once I put a continuous ping I cab see a huge latency delay(attached) . I enable the ip accounting and analyze the traffic , then I blocked some hosts using access lists. But still the problem prevails.
How should I approach this type of scenario. Is there any free tool which I can use to analyze the traffic in more advanced manner. I uses solarwinds realtime Netflow Analyzer. But I cannot get much details using that.
Please provide me a beetter way to approach this.
Thanks
Hello Harsha,
Check the wanport setting if it is set with full duplex and 1000 Mbps what everaggred with your wan provider and as stated you can use tools like solar wind with netflow featue to analyse what type of traffic is actually flowing over the link.
Hope to Help !!
Ganeshh Iyer
Rate if it Helps ...
07-06-2012 02:20 AM
Hi Harsha,
Depending on the physical layout you can request your provider configuring netflow and have it exporting to whatever server or even laptop you want to within your network. There are many free tools available you can use to analyze the received statistics.
You can also configure that by yourself on your edge router and have it exporting to a laptop that has been plugged into a port temporarily.
07-06-2012 04:10 AM
Run NBAR discovery protocol when the network is not that much used (i would do out of important projects time )..
it is a very good tool. Disable it during the day and then apply the QoS policies you better believe.
to be honest, NBAR should be run when you are having issues but be aware that it can have an impact on the router performances if the traffic is a lot. Maybe you can run it in peak times for 1 hour only the results are very useful because it's giving quite precise statistics about all the protocols it recognises
HTH
Alessio
07-06-2012 06:15 AM
Hi,
You can run NBAR on your WAN interface which will give you quite good information incase you don't have NAT implemented. You can also use more complex ways such as copying all WAN traffic and send it back to a computer that has wireshark or commview.
Sent from Cisco Technical Support iPad App
07-06-2012 10:04 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
Analyzing traffic might not be productive. From your ping results, it looks very much like a FIFO bottleneck with a deep queue. If it is, you might want to identify where that is and what you might do to mitigate it.
07-06-2012 11:51 AM
Hi All,
in my opinion analysing the data streams is essential in thi scenario. I don't know if all of you used NBAR, but it really gives a massive amount of info about the bandwidth usage and it seems that in this case it is required to know what is crossing the network in order to fight it. Aside the analysis, NBAR is providing also the possibility to have ready data to directly implement the right policy map in terms of CAR,Policing,Shaping or simply re-marking.
By the way a less invasive method could be a 2-hour sniffing session with wireshark or whatever you have available. In one of the banks where i have worked this was a common method to diagnosis what was the cause of service deterioration. with a sniffing session you can even understand if your broadcast domains are too large or what kind of packets are on your network that you do not desire. Furthermore, you will know FROM where and TO where a pcket is going.
If NBAR (easy way and very accurate) is not feasible for some reason a remote SPAN could be the solution. If you prefer to install one hub is of course vene better (if you can have a few seconds of downtime)
HTH
Alessio
07-06-2012 11:46 AM
I'd second netflow, but if you don't have a collector, you could span your traffic to a computer running wireshark to analyze there...
---
Posted by WebUser Mel Chandler from Cisco Support Community App
07-06-2012 01:47 PM
Check cpu proc/ip input . Try span traffic analyze with wireshark. Chk with servic provider on any changes in paths.
Regards,
---
Posted by WebUser Brannon Lamoureux from Cisco Support Community App
07-06-2012 01:47 PM
We featured your question on our Facebook pages. You can check out the responses here: http://www.facebook.com/CiscoSupportCommunity/posts/322627731161869
---
Posted by WebUser Cisco NetPro from Cisco Support Community App
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide