Network speed slow down over distance and time – Upgrades needed? (REVISED)

215 pts.
Tags:
Bandwidth
Domain Controller
Network performance
Throughput
I apologize for the double post, but I didn't do my tags right. --------------------------- Hello all, I am a relatively new IT staff member of a few months. My title is Tech Support Specialist, but the business has only one IT staff member on this site (engineer/maintenance turned IT) and he pretty much does anything and everything involving IT and so I am expected to as well. I have a certificate in networking and an associates in web management. I am currently still going to school for my bachelors in computer science with a concentration in database technology. This is my first real work experience in IT so please bare with me. I have been asked recently to research and report whether we need a large upgrade to our network, which to my knowledge has been in place for several years and rarely upgraded unless something physically quits working, or else how we can improve our bandwidth. We kind of have a 3 week deadline in which to gather this information for the next year as well and I only come to the plant 3 days a week as I am currently part-time. Cable - We currently have a fiber optic backbone running the length of the building. The rest of the wiring is Cat5 to the PCs, printers, servers, etc. The length of our building is about the size of a city block. I think my boss referenced about 3,000 square feet of space, but I can double check that. We are in an industrial environment where the ceilings are at least 25 feet high and away from any equipment and this is where all of the cabling is run. We do have things such as presses, cutters, and posters. (In the paint/paper industry) So I am not sure if EMI is a large factor or not. All of our wires are run without conduit. Server - We currently have one server on site running Windows Server 2003. I believe that this server is our domain controller as well as our file and print server, but I am not 100% sure on this and can also find this out. This server went live in March of this year and so our systems administrator who is located a few states away is new on administering it as are all of the IT staff members involved from our corporate location and here. Currently not all of our users are using roaming profiles, only some. Our systems administrator is slowly moving users over as she goes as she is migrating their documents and settings from their PCs to the server. I think the current batch file that all of the users are using to map the file server drive was mapping to an old drive or something before, but the systems administrator recently cleaned it up to try and help a user who randomly has issues with mapping the file drive. Our main server/DC is backed up on the DC from our corporate. Switches and Hubs- We have a menagerie of brands and models. We have 6 SynOptics LattisHubs, 4 CISCO CatalystXL switches, a procurve switch, a dell power connect switch, and an ADTran TSU. There are a few more items, but they are up in the ceiling and when I did my inventory I was told not to really worry about them so I don't have any information on them right now. OSs- We have a Unix server at our corporate where we use DataGeneral to run most of our accounts operations. Everyone connects through a terminal program on WinXP Professional SP2 machines. Then we have our local file server for office files etc. Our main network speed problem is that throughout the day as more users log on to work the network slows down. It is less noticeable in the IE browser, but definitely noticeable with download speeds. Accessing files doesn't seem to be a big problem as of yet, but that is probably because not everyone is on the file server yet. The problem gets worse at the other end of our plant away from our main com room. I also noticed when downloading a file to a computer out on the plant floor that the download speed steadily decreased over time. The biggest complaint that I hear is when accessing the DataGeneral. It tends to bog down a lot. I am not sure if that is a problem on our end or on corporates end. It could be our end since we obviously have some issues with network slow down, but it could also be the Unix term server at corporate. Recently our systems administrator installed NTop onto a Windows XP Pro PC to monitor network traffic. We can generally see who is using the most network resources with it, but I haven't played around with it enough to know what more it can tell us. Is there any network monitoring open source software that you might recommend more? Something more detailed? How can we increase the speed of our network? Do we need to upgrade our hardware such as newer switches to replace old switches/hubs? If so, are switches better than hubs? What about moving to an all fiber optic network? Do we even need to do that, or would just upgrading some hardware, or configuring the hardware help? I'm not sure if all of our hubs/switches are managed, but I can find out. Thanks in advance for your help. I'm not sure of what questions to ask my boss off of the top of my head as this is my first time dealing with this, but if you need any information I don't have, I will definitely find out. Erin
ASKED: September 24, 2008  12:35 PM
UPDATED: September 30, 2008  5:40 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

Well… they wiped out my answer to your other posting. So, let’s try this again.

This is one of the best detailed questions I have seen on here in a long time. Well done!

1. Unless there is some type of traffic filtering device or service like <a href=”http://www.websense.com”>Websense</a> or <a href=”http://www.8e6.com”>8e6</a>, then I suspect the users are chewing up lots of bandwidth listening to internet streaming music or watching videos. I had the same problem on my network and the 8e6 solution greatly improved network performance. You also need to implement an appropriate network use policy and ensure the users understand what the network can and cannot be used for. I really hope that there is not any peer-to-peer sharing being done on your company network.

2. The Ntop machine is a good start in identifying how the network is being used. However, it is important that the sensor be placed in the right spot on the network. By this I am saying that if the Ntop machine is just connected to a switch port, then it is only seeing broadcast traffic and is not seeing the whole LAN picture. The sensor should be placed between the LAN and the WAN router. This can be done several different ways:

a. implement a mirror/span port on the switch to mirror the traffic from the port where the router is attached to the Ntop sensor.
b. place a hub between the LAN switch and the router and attach the sensor to this same hub. Remember hubs are half-duplex so right there you do introduce some network issues that may not have existed before.
c. purchase and install a network tap. This is not a cheap solution, but it is an effective solution. See my blogs on network taps for more details (<a href=”http://itknowledgeexchange.techtarget.com/it-trenches/hello-world/”>blog 1</a>, <a href=”http://itknowledgeexchange.techtarget.com/it-trenches/researching-network-taps-an-end-to-network-blindness-part-2/”>blog 2</a>, <a href=”http://itknowledgeexchange.techtarget.com/it-trenches/researching-network-taps-an-end-to-network-blindness-part-3/”>blog 3</a>, <a href=”http://itknowledgeexchange.techtarget.com/it-trenches/researching-network-taps-strike-1-part-4/”>blog 4</a>, <a href=”http://itknowledgeexchange.techtarget.com/it-trenches/researching-network-taps-implementation-day-part-5/”>blog 5</a>)

3. You mention a “menagerie” of network devices. This is pretty normal for an organization that has not had consistent IT support or organized direction (no criticism intended). This is also highly likely a major cause of the network performance issues. The hubs should be definitely replaced with switches. You should get managed switches so you can see how they are performing and see issues like speed and duplex mismatches (which probably exist on your current network). I would recommend finding a local HP or Cisco reseller who also provides network health check services. Engage them for a health check on your network. See if you can negotiate the service so that some of the labor charges from the analysis can be put toward any network support services if/when you purchase LAN equipment from the vendor. This will help make the sell to your management that you have found a partner who cares about supporting your organization.

I would be glad to discuss the situation further with you and you may make contact with me through the ITKE moderator. Good luck and let us know your discoveries and resolutions.

Discuss This Question: 10  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • erin0201
    Thank you so much for your response. I am looking into the Websense and 8e6 right now. I will also read through your network tap blogs. By what you are saying in regards to the Ntop. Couldn't we just hook the pc running ntop to the wan router directly instead of to the switch (if there are ports available that is)? -- Sorry to sound dumb here, but I'm not really sure which router/switch is which yet. I am planning to find that out as well. I know that the cables come in to room and to a patch panel and from there go to the switches/hubs. We do have some hubs in the com room as well, would making sure that pc is hooked in through a hub rather than a switch do the trick for network monitoring? Thanks again for your help thus far. I will keep in touch as I go through this new information. :) - Erin
    215 pointsBadges:
    report
  • Labnuke99
    You could hook the ntop machine to the WAN router, but again you would need to mirror the traffic to this port so the ntop machine can measure it. I would not recommend this configuration. It would not be the best use of the router's processor or memory to do this activity. You could use the hub between the LAN and the router but note that the connection between the LAN and the router will go to half-duplex (think of a walkie-talkie - the device can either talk or listen, it cannot do both at the same time). The configuration would be something like this: WAN router \\ HUB == ntop machine // LAN switch The hub is a shared medium access. This means that all devices attached to it see all traffic from all devices on that hub. It is also what is called a collision domain. Collisions occur on shared Ethernet networks when two nodes on the ‘network’ start transmitting data at exactly the same time and the two frames collide. This becomes a because stations will have to wait before they can transmit data. This has an impact on network performance and causes timeout and packet loss issues. This is why the network tap is the preferred solution. The WAN router is likely attached to either a T1 serial interface or maybe a DSL modem/router attached to a standard phone line. It depends on what service you have from your network provider.
    32,960 pointsBadges:
    report
  • erin0201
    After asking some questions I have found that our systems administrator has already routed the port on the switch to monitor the traffic from the router so we should be good with the Ntop. We are definitely looking into replacing the lattis hubs with switches so that should help things quite a bit. I am making sure to look for managed switches for better control. We are also looking into Untangle as an open source product which handles web filtering, antivirus, firewall, etc so that we can actually control the types of files being utilized. Also, my boss sent out an e-mail last week letting everyone know that streaming of music or video for personal use is no longer allowed. For now, we're relying on the users to be honest. Currently we have in place CA's (e-trust) antivirus and secure contact manager, but the secure contact manager is not completely configured as our systems admin ran into some issues with it and does not like how it works. We're not completely happy with our antivirus or the secure contact manager, so we are looking into other options such as Untangle. I've also run across another antivirus called ClamAV that I am keeping an eye on as they work to incorporate real-time scanning. I am utilizing this at home along with Spyware Terminator pretty effectively, but an all in one solution would be best for the business. Are there any other ways to help increase the bandwidth/speed of the network that I could do before we obtain the switches, or is our best bet to implement the switches and see if things improve? Thanks for your help! Erin
    215 pointsBadges:
    report
  • Labnuke99
    It sounds like you are making some good progress! Well done. Wireshark is a good tool for digging into the traffic on the network. It can show you how much broadcast traffic is happening and maybe other issues. Take a look also at the router and LAN switch port where it connects, see if they are taking any errors. Look at the WAN side of the router. It could be a poor connection to the provider and they would need to call the carrier to work on the issue. You could have someone come in and test/certify your cable plant to see if it is truly CAT5 or above. That's about it until you can get the hubs replaced by switches. Also, remember that speed is not capacity. It could be that your network capacity (bandwidth) has hit its limit so users are reporting a speed problem. It's like saying there is a speed problem at rush hour when it is really a capacity issue because all of the lanes are full and traffic is not moving efficiently. I would recommend staying away from CLAMAV in a company environment. Maybe use it as a backup scanner. You should use something like the ETrust, McAfee, Symantec or enterprise solution meets the needs of the organization (e.g. reporting, managed update distribution, etc.)
    32,960 pointsBadges:
    report
  • erin0201
    It looks like we're having a slow down problem at the other end of our building. I am going to take a look at some point today at the switch/hub or whatever it is that is stuck in the ceiling near those offices and see what that is for sure and then see what it's all connected to in that other com room. I have another quick question for you. How do you find out if a switch or hub is managed or not and what the IP address is? Do I just take my laptop down there and plug into the device, or? Are there any programs to use for this? Thanks for all of your help thus far. Great advice! Erin :)
    215 pointsBadges:
    report
  • Labnuke99
    Unless the device has an IP address on the local network it may be very difficult to find using scanning tools. Angry IPScanner is one of the best fast tools for scanning hosts and services. Lots of folks use nmap as another tool in their toolkit. It is more full featured and is likely overkill for you at this point. Angry IPScanner will scan a given range of IP addresses and specified ports. Usually managed hubs or switches are listening on port 23 (telnet), 80 (http) or 443 (ssl). Scan your subnet for devices listening on these ports. You may be surprised at your findings. There could be users hosting websites on their computers that they do not even know about. Another way to discover if a device is managed or not is to look at the device. Look for a console port. On Cisco devices this typically a RJ45 connection. Linksys switches use a 9-pin serial connection. These console ports are typically serial ports so you will need a terminal program and a serial cable. Cisco ports are typically 9600,8,n,1. The Linksys is 38400,8,n,1. Other devices are different so may need to either test various settings or find documentation. I would connect to the device on the serial port and see if you can get any response in your terminal program. Some people like hyperterminal but I use Teraterm SSH. Another good terminal program to have in your toolkit is puTTY. If you can shut the switch/hub down and restart it, then you can see any messages that go by during the POST tests at bootup. This will also give you an idea of configuration. Good luck in your investigation today.
    32,960 pointsBadges:
    report
  • erin0201
    We actually have Accuterm for terminals which works pretty well. I'm not sure if I'll be able to restart that switch/hub or not. I'm not even sure what it is. My boss doesn't know what it is and so I don't know if he put it in or if one of the IT members from corporate put it in years and years ago. Thank you for the insight on connecting to the managed switches. I was thinking they would be like home networked switches in that they would in fact have an IP address and be accessible through that. But why make it that easy right? :) Thanks again! Erin
    215 pointsBadges:
    report
  • Labnuke99
    It is possible that the devices may have a 192.168.x.x address by default. You could set your laptop to an address in this range and also scan the subnet using Angry IPScanner. I typically have a virtual machine set to that subnet just for this purpose. I fire it up and scan away.
    32,960 pointsBadges:
    report
  • erin0201
    Well I think the issue is either a port on the small 8 port hub in the ceiling, or user error. I forgot to actually try his connection before I messed with the hub since I just took his word for the issue. I swapped the cable on the hub with another port that was inactive and went to test his computer and it works fine. I am thinking it might be an issue of wireless adapter fighting with LAN connection. I've had the issue with my laptop before where you get connection problems by having both trying to connect. I normally shut my wireless card off when I'm connected to the lan to avoid issues. The user told my boss last night that his wireless card was turned off and so it couldn't be the problem. Unless he turned it on today for some reason, then it was not turned off last night and so it is a real possibility that the issue was with the wireless card and the onboard LAN NIC fighting for control etc. ;) I've jotted down a small switch to replace that hub as an upgrade option as well. That should definitely help improve things for them. :) I never thought of running a virtual machine to scan addresses in a different range. I might just do that. Thanks for the tip. :)
    215 pointsBadges:
    report
  • jgranzow
    This looks like old discussion but i couldn't help but notice the possibility of a hub instead of a router, ya that would be a major problem but no uses hubs realistically anymore even in 2008. More likely you are processing way too much bandwidth though one domain old Server (by server I mean Hardware). Yes you do need to Upgrade your System. If the Server has that kind of load on it, and its 2003 or older its junk, get new equipment. Your Network performance will improve dramaticly.
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following