cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2218
Views
9
Helpful
10
Replies

Analyze Network Traffic in WAN Link...

hi all,

It is required to analyze traffic traverse through my WAN Link because users complained Network is slow.Once I put a continuous ping I cab see a huge latency delay(attached) . I enable the ip accounting and analyze the traffic , then I blocked some hosts using access lists. But still the problem prevails.

How should I approach this type of scenario. Is there any free tool which I can use to analyze the traffic in more advanced manner. I uses solarwinds realtime Netflow Analyzer. But I cannot get much details using that.

Please provide me a beetter way to approach this.

Thanks

latency.JPG

10 Replies 10

terrencepayet
Level 1
Level 1

Hi Harsha,

You can use PRTG. Its a great tool. You can add sensors based on your requirments. You can even enable the Netflow sensor, which will give you a graphical view of all ingress and egress traffics and its free.

HTH.

Regards,

Terence

Ganesh Hariharan
VIP Alumni
VIP Alumni

harsha senaratna wrote:

hi all,

It is required to analyze traffic traverse through my WAN Link because users complained Network is slow.Once I put a continuous ping I cab see a huge latency delay(attached) . I enable the ip accounting and analyze the traffic , then I blocked some hosts using access lists. But still the problem prevails.

How should I approach this type of scenario. Is there any free tool which I can use to analyze the traffic in more advanced manner. I uses solarwinds realtime Netflow Analyzer. But I cannot get much details using that.

Please provide me a beetter way to approach this.

Thanks

Hello Harsha,

Check the wanport setting if it is set with full duplex and 1000 Mbps what everaggred with your wan provider and as stated you can use tools like solar wind with netflow featue to analyse what type of traffic is actually flowing over the link.

Hope to Help !!

Ganeshh Iyer

Rate if it Helps ...

Hi Harsha,

Depending on the physical layout you can request your provider configuring netflow and have it exporting to whatever server or even laptop you want to within your network. There are many free tools available you can use to analyze the received statistics.

You can also configure that by yourself on your edge router and have it exporting to a laptop that has been plugged into a port temporarily.

Run NBAR discovery protocol when the network is not that much used (i would do out of important projects time  )..

it is a very good tool. Disable it during the day and then apply the QoS policies you better believe.

to be honest, NBAR should be run when you are having issues but be aware that it can have an impact on the router performances if the traffic is a lot. Maybe you can run it in peak times for 1 hour only the results are very useful because it's giving quite precise statistics about all the protocols it recognises

HTH

Alessio

phoenix3195
Level 1
Level 1

Hi,

You can run NBAR on your WAN interface which will give you quite good information incase you don't have NAT implemented. You can also use more complex ways such as copying all WAN traffic and send it back to a computer that has wireshark or commview.

Sent from Cisco Technical Support iPad App

Joseph W. Doherty
Hall of Fame
Hall of Fame

Disclaimer

The   Author of this posting offers the information contained within this   posting without consideration and with the reader's understanding that   there's no implied or expressed suitability or fitness for any purpose.   Information provided is for informational purposes only and should not   be construed as rendering professional advice of any kind. Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In   no event shall Author be liable for any damages whatsoever (including,   without limitation, damages for loss of use, data or profit) arising  out  of the use or inability to use the posting's information even if  Author  has been advised of the possibility of such damage.

Posting

Analyzing traffic might not be productive.  From your ping results, it looks very much like a FIFO bottleneck with a deep queue.  If it is, you might want to identify where that is and what you might do to mitigate it.

Hi All,

in my opinion analysing the data streams is essential in thi scenario. I don't know if all of you used NBAR, but it really gives a massive amount of info about the bandwidth usage and it seems that in this case it is required to know what is crossing the network in order to fight it. Aside the analysis, NBAR is providing also the possibility to have ready data to directly implement the right policy map in terms of  CAR,Policing,Shaping or simply re-marking.

By the way a less invasive method could be a 2-hour sniffing session with wireshark or whatever you have available. In one of the banks where i have worked this was a common method to diagnosis what was the cause of service deterioration. with a sniffing session you can even understand if your broadcast domains are too large or what kind of packets are on your network that you do not desire. Furthermore, you will know FROM where and TO where a pcket is going.

If NBAR (easy way and very accurate) is not feasible for some reason a remote SPAN could be the solution. If you prefer to install one hub is of course vene better (if you can have a few seconds of downtime)

HTH

Alessio

fb_webuser
Level 6
Level 6

I'd second netflow, but if you don't have a collector, you could span your traffic to a computer running wireshark to analyze there...

---

Posted by WebUser Mel Chandler from Cisco Support Community App

fb_webuser
Level 6
Level 6

Check cpu proc/ip input . Try span traffic analyze with wireshark. Chk with servic provider on any changes in paths.

Regards,

---

Posted by WebUser Brannon Lamoureux from Cisco Support Community App

fb_webuser
Level 6
Level 6

We featured your question on our Facebook pages. You can check out the responses here: http://www.facebook.com/CiscoSupportCommunity/posts/322627731161869

---

Posted by WebUser Cisco NetPro from Cisco Support Community App

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco