Denial of service and bottlenecks: Bandwidth utilization series

Denial of service and bottlenecks: Bandwidth utilization series

Carrie Higbie, Contributing writer

A time-out is as bad as a malfunctioning circuit. In the case of a bottleneck, packets can time-out. Anyone that uses the Internet has probably at one time or another entered in a Web site and received an error that the site was down. This does not always mean that the site is, in fact, down. It may very well mean that the machine the site is hosted on is busy or lacks the resources to handle all of the demands. It may also mean that due to a slow link or over-busy link, the timeout was exceeded and an error was returned to the sending station. Denial of service attacks work by flooding a device with so many packets that real traffic cannot get through.

The importance of managing bottlenecks is now evident. The best network can be crippled by bottlenecks. Bottlenecks can occur at the router, WAN link, server network card, or on a segment that is prone to retransmissions. Bottlenecks are a bit easier to troubleshoot, because there will generally be a pattern of complaints. For instance, many users complaining about not being able to reach various Web sites will cause you to look at the devices between the user and the internet. This can include switches, hubs, firewalls, routers, CSU/DSU's, and the WAN link itself.

    Requires Free Membership to View

    Login

    SearchEnterpriseWAN.com members gain immediate and unlimited access to breaking industry news, best practices for designing and managing Wide Area Networks, WAN Security, and more -- all at no cost. Join me on SearchEnterpriseWAN.com today!

    Kate Gerwig, Editorial Director

    By submitting your registration information to SearchEnterpriseWAN.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseWAN.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

RMON statistics are helpful.

There is no real replacement for a good analysis tool. If you need to analyze packets you should obtain a packet analyzer. There is a lot of information contained in this data. The analysis of which is outside of the scope of this document, but you should find an explanation for these items in the documentation that came with your product. These statistics may also be available in the management software supplied or purchased specifically for your switch.

Statistics that you will want to review are the percentage of utilization, errors and number of packets. Utilization that continues above 60% may be an indication that the circuit or other device needs attention. If you have a segmented network or the ability to create a VLAN (virtual LAN – smaller segment created out of the same physical LAN defined in the switch) you may notice that the packets and utilization are much greater on one segment than another. Balancing the segments as much as possible will help with some bottlenecks and traffic issues. This also holds true for your electronics gear. You will not want to put voice switches on the most heavily used switch.

Bottlenecks can generally be found at any single point of failure on a network. In other words, any device that will cause your network communications to fail, such as a server, firewall, router, etc. is a logical point to inspect for bottlenecks. The most common problems causing bottlenecks are lack of bandwidth, workstations or servers with multiple protocols loaded causing too much traffic, overtaxed servers, undersized network segments, and frequent retransmissions. In today's networks there are several means to correct these problems. Servers can house multiple network cards providing additional access points. VLANs as mentioned above can virtually separate networks into specific traffic segments. While these can be a pain to administer, they may provide some traffic relief without a costly upgrade. Faster switches, running at full duplex instead of hubs, create a faster communication channel. Adding gigabit or 10 gigabit capabilities on the backbone of the network will increase throughput. A proper cable plant can correct a multitude of problems as well.

 

Carrie Higbie has been involved in the computing and networking industries for 25+ years. As the Global Network Applications Market at The Siemon Company, Carrie supports the end-user and electronics communities. She participates with the IEEE, TIA and various consortiums for standards acceptance. She has extensive background in all aspects of networking and application development as a consultant, project manager, and Fortune 500 executive and has taught at a collegiate level. She speaks at industry events and has published several articles and whitepapers globally. Carrie holds an MBA and MSBA. Carrie is an expert in TechTarget's Searchnetworking.com, SearchEnterpriseVoice.com and SearchDataCenter.com forums and is on the board of advisors. She writes a weekly column on a variety of topics. She is the President of the BladeSystems Alliance. Carrie has won the "Communication News" Editor's Choice Award for the last two years.

This was first published in February 2009

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

Back to top