Network fault analysis
First, the network application access slow
Fault Description:
(1) the same VLAN between the host within the network is very slow access speed, such as PING each other, the Network Neighborhood operations like file copy.
(2) main differences between VLAN, access speed is very slow.
(3) internal host can open the page, but very slowly.
The outer (4) within the network domain name host PING or DNS server, a larger return time.
(5) a variety of network applications appear intermittent phenomenon.
(6) the host opens a network service system, the response is very slow, and even suspended animation.
Faulty Classification:
(1) network packet loss
1) network device loss
2) network congestion
3) MTU configured properly
4) Network ***
5) misconfigured load balancing devices
(2) large network delay
Delay 1) apparatus
2 ) transmission range delay
3) loans delay
(3) application of slow response
1) TCP connection slow
2) application transaction processing slow
(4) related to the application server is slow to respond
1) DNS server responds slowly
2) database server slow response
3) other related services slow
Detailed fault causes and solutions:
Loss for the network device:
using Clay Backtracing network system uses multiport deployed in a network packet ends key comparison device, determining whether the device is a packet loss, packet loss and thus accurate positioning equipment.
Recommended Solution:
1) update the device configuration problems.
2) Replace the network device problems.
For network congestion:
using the Branch to network analysis system to monitor critical links back (usually export link) traffic occupancy, view network utilization is too high, if too many packets per second, packet size distribution is reasonable, such as the TCP session is normal.
Recommended Solution:
1) If the cause of network congestion is caused by P2P, viruses, etc. *** abnormal traffic, the need to control these flows.
2) If the cause of network congestion network bandwidth is too small, you should consider increasing network bandwidth.
MTU improperly configured for:
collecting key data link, view the transport department to use the MTU value network analysis system back, and then view the MTU devices on the network critical equipment.
Recommended solution:
set proper MTU.
For network ***:
Monitoring Branch to the network through the key link retrospective analysis system, real-time network *** abnormal network, according to the Bureau intelligent diagnosis, quickly determine whether there is an abnormality network network ***.
Recommended Solution:
Troubleshoot the address intelligent diagnostic judgments, closure.
For load balancing improperly configured device:
using the Branch to network analysis system back through multiport deployment, monitoring traffic after the distribution by load balancing to determine whether the equipment is used for load balancing packets assigned to the wrong cause link loss.
Recommended solutions:
rational allocation of load balancing policy
Large delay for the network:
the use of network branches were retrospective analysis system using multi-stage deployment system, ends in a network key comparison device packet transmitted TCP packet delay, delay caused by the analysis and the positioning device.
Recommended Solution:
1) update the delay caused by the configuration of the device.
2) Replace the initiator delay network devices.
For delayed transmission distance:
Analysis of TCP three-way handshake connection data packets at intervals to view the client network delay, server network delay, delay positioning location.
Recommended solution:
using multiple connections or influence other transport layer protocols, TCP to avoid network delays caused by transport.
For bandwidth-delay:
by analyzing the performance of TCP transmission, determine whether there is bandwidth-delay to see. By calculating the amount of data transmitted and the link bandwidth capacity, the bandwidth to determine the effects of transmission delay.
Recommended solution:
increase the network bandwidth
For TCP connection slow:
the use of Section retrospective analysis system to capture network data communication application, by defining the application directly view the three-way handshake delay, and the client, server delay, quickly determine the TCP connection is slow occurs on the client or server.
Recommended solution:
to enhance the transmission performance of the network transmission process.
For slow transaction processing applications:
the use of Section retrospective analysis system to capture network data communication applications, directly view the client requests time and server response time is defined by the application to determine whether there is an application server transaction processing slow response phenomenon.
Slow response for the DNS server:
the use of retrospective network analysis system to Section DNS traffic data capture, analysis DNS request and response packets, DNS server to see if there is the phenomenon of slow response.
Recommended Solution:
optimized DNS server hardware and software settings.
Slow response against a database server:
use Branch to network analysis system to capture retrospective database communication data, analyze the background database transaction processing request and response packets to see if there is the phenomenon of database transaction processing slow.
Then recommend specific programs:
optimize your database server hardware and software configurations, optimize the database operation script.
Other related slow response:
the use of Section retrospective analysis system to capture network data communication applications, analysis of transaction processing request and response packets other related services to see if there is the phenomenon of slow transaction processing.
Recommended solutions:
optimization related services hardware and software configurations.
Second, the network, the application can not access
Fault Description:
(1) can not communicate with the internal host, such as web, mail, QQ, FTP and so can not be used with any Internet applications.
(2) within the network host nowhere PING DNS server, domain.
(3) within the network can host on QQ, but can not open the page.
(4) host within the network can not access a particular network application services.
Cause of the malfunction classification:
(1) network unreachable
1) physical link interruption
2) network equipment downtime
3) severe packet loss
4) Denial of Service ***
5) routing unreachable
6) strategy interrupt
(2) do not apply up to
1 ) application downtime
2) application denial of service
3) strategy interrupt
(3) application not responding
application failure
(4) related application is not responding
1) DNS server not responding
2) database server can not connect
3) other related services can not connect
Detailed fault causes and solutions:
For the physical link is broken:
by PING locate breakpoints, view network equipment and physical link status, to determine whether there is a link outage.
Recommended Solution:
restore connectivity link.
For network devices down:
by positioning PING breakpoints, view and physical link state of the network device, the network device determines whether there downtime.
Recommended Solution:
restore normal operation.
For serious loss:
the use of Section retrospective analysis system to monitor critical network link, view link TCP data stream if there is a large number of retransmissions, if any, show that there are a lot of packet loss in the network. Determine whether there is a lot of PING packet loss by the target host. Analyze packets captured simultaneously by the positioning device segment loss.
Recommended Solution:
1) If the cause of packet loss is caused by P2P, viruses, etc. *** abnormal traffic, the need to control these flows.
2) If the cause of packet loss is a device loss, consider reconfigure or replace.
Denial of service ***:
use Branch to network analysis system to monitor critical links back through the intelligent alarm system to quickly determine whether there is a denial of service within the network ***, *** and quickly locate the source.
Recommended Solution:
Positioning *** sources, and blocked them.
The routing unreachable:
use Branch to network analysis system to monitor critical links back to analyze whether the destination is unreachable CMP packet capture to exist in the package. Analysis of the target address routing unreachable by tracert command.
Recommended Solution:
update the router's routing configuration.
Strategy for the interruption:
Branch to the network using the retrospective analysis system using multi-stage deployment system, in a network security devices at both ends of the packet comparison, positioning the endpoint to see if the visit is due to firewalls and other security equipment control strategies to block the application communication.
Recommended Solution:
accessing the device for modifying firewall control strategy.
For application downtime:
the use of Section retrospective analysis system to capture network data communication applications, custom applications and application monitoring, timely warning by an alarm when ing applications with downtime occurs.
Recommended solutions:
application service status check on the server side.
Application for denial of service:
According to Section intelligent alarm view and locate, produce *** address.
Recommended solution:
by DOS / DDOS, etc. *** *** locate and block the source.
For application failure:
the use of Section retrospective analysis system to capture network data communication application, customizable application and the application for long-term monitoring, you can view the application request and response status, if the server does not appear in response to a request, the server issues that may arise.
Recommended Solution:
Work check the status of the application, to find BUG applications, or restart the application, reboot the server.
For DNS server is not responding:
the use of Klein retrospective network analysis system DNS traffic data capture, analyze the relevant DNS request and response packets to see if there can not resolve application DNS service does not address the situation properly, resulting in the application server can not connect.
Recommended Solution:
Check the DNS server hardware and software, restore DNS service.
Unable to connect against the database server:
use Branch to network analysis system to capture retrospective database communication data, analyze the relevant database request and response packets, see if the database server is not responding, making it impossible to provide normal transaction processing.
Recommended Solution:
Check the configuration database services, database services to ensure normal.
Unable to connect for other related services:
the use of Section retrospective analysis system to capture network data communications applications, transaction processing analysis of other relevant servers.
Recommended solutions:
optimization of hardware and software-related services and policy setting, ensure the proper provision of services.