View
10
Download
0
Category
Preview:
DESCRIPTION
Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and servers since 1989. His background in financial networks includes design and implementation of trading floor networks. Tony has taught at local high schools, Colleges/Universities, Networld/Interop and many onsite private classroom settings to thousands of analysts.
Citation preview
© 2009 www.thetechfirm.com
Examining
How to start a Broadcast Analysis
Part 1
Tony Fortunato, Sr Network SpecialistThe Technology Firm
© 2009 www.thetechfirm.com
Why Bother
Broadcasts can cause;
Network slowdowns
Rebooting or Frozen PC’s
Unreliable WIFI
Unpredictable application or window client performance
Extra ‘space junk’ that you need to sift through when troubleshooting
I have seen10% broadcast storm ‘lock up’ WInterms, while a 90% broadcast storm did nothing
In most cases, a broadcast or multicast packet will result in an interrupt on your PC
© 2009 www.thetechfirm.com
How
People always ask me how could 10% packet rate cause an issue. Then I explain that we generated 2 loads with a traffic generator;
90 % broadcast rate No noticeable issue
10 % broadcast rate PC’s locked up or hung
Here are the number of theoretical number of packets you can generate, depending on packet size and media speed 90%, 1518 Byte packets on 100 MB link = 7,411 packets/second 10%, 64 Byte packets on 100 MB link = 19,531 packets/second
In many cases you can REDUCE broadcasts, not eliminate them
Bandwidth 64 128 256 512 1,024 1,518 1,544,000 3,016 1,508 754 377 188 127
10,000,000 19,531 9,766 4,883 2,441 1,221 823 100,000,000 195,313 97,656 48,828 24,414 12,207 8,235
1,000,000,000 1,953,125 976,563 488,281 244,141 122,070 82,345
© 2009 www.thetechfirm.com
Common Networks and Related Issues
• In some cases the math may reveal or explain some of your current issues• I still see many flat networks, everything on the same VLAN• There should be separate VLANS for minimally each technology
© 2009 www.thetechfirm.com
Sources of Broadcasters
Anything default protocol settings will send out extra broadcast or multicast packets Printers PC’s Routing Protocols Mis-configured standard PC builds
Example of excessive protocols IPX LLC or NetBEUI IPV6, if you are a V4 shop and vice versa STP, if you are not using spanning tree Teaming or load balancing protocols UPNP RIP New Microsoft Peer to Peer protocols
© 2009 www.thetechfirm.com
Now what? How can I find out if I have this problem, or clean it up?
Protocol Analyzer is the easiest tool to use. Start a capture from an idle PC and set a Stop Capture Trigger at 8 MB
Leave the PC alone – Go for lunch you deserve it ;b Come back, and lets review the trace file
© 2009 www.thetechfirm.com
Step 1 – What’s out there? For most people, step 1 involves looking at the screen and yelling, “HOLY @#$$@%
$” We’ll try another approach;
Go to Statistics -> Protocol Hierarchy
The hard part of this exercise is to have an idea or guess-timate of what protocols you think should be on the network
It s discouraging when I hear the analyst grumble, ‘I don’t know what that is, but there are only a few of those packets, so lets skip them’
I would hope now that you have the trace file, you can pick away at it whenever you have a moment
© 2009 www.thetechfirm.com
Step 2 – Pick a Protocol, Any Protocol this customer does not use IPX for anything, so this would be a good start.
In this case I know this customer does not use IPX for anything, so this would be a good start.
© 2009 www.thetechfirm.com
Step 3; Pick An Address, Any Address This is pretty easy now, the Fluke address is their Fluke Optiview , which leaves the
Lexmark mac address. Obviously this is a printer, but what is the IP address, so I can remotely fix it? Simply filter on the Lexmark mac address, and click on the IPV4 tab.
© 2009 www.thetechfirm.com
Step 4; FIX IT!!! Make sure your “limit to display filter” is checked off The .255 ip address is just a broadcast address Simply telnet or use a web browser to connect to the printer and clean it up In some cases, you can forward the IP’s to another department, who can do this
© 2009 www.thetechfirm.com
Examining
How to start a Broadcast Analysis
Part 1
Thank You
Tony Fortunato, Sr Network SpecialistThe Technology Firm
© 2009 www.thetechfirm.com
For additional educational videos on Open Source Network Tools, please click on the following …
http://www.lovemytool.com/blog/ostu.html
LoveMyTool.com – Community for Network Tools
Recommended