Last week, once again go to the customer site to troubleshoot network problems, albeit in the wrong shot numerous times and again, but I feel quite representative, so write and share with you.
Customer repair: customers, as always feedback network very slow, Internet slow, he did not move any equipment and configuration. However, customer feedback information on a quite useless, a computer reading room open, it will start card. According to the customer, then I guess it is less than the public network export traffic.
Arrived at the scene of the first phase of the investigation: first saw export firewall, sometimes display a record of traffic flow rose to 120M, then you can not go up, I judge not only the public network export 100M, so let customers and operators confirm this, get the answer is 200M lines. Here, and I think it will not be fooled operator customers, in fact 100M.
Stage Two: I log on the core switch and firewall, look at the situation with the command interface. Firewall interface is not unusual, then the interface core switch, saw a 50% utilization rate. Then I felt abnormal, although not to the 100% of the interface, data forwarding no problem, but 50% is not normal, is it below the loop. Checked topology, the middle of a string of online behavior management interfaces on the firewall, inside the firewall even look at the interface, flow of 5%, which is a bit strange. Counted carefully negotiate the interface speed switch is the number 0, the interface only become a Fast. To the engine room and saw off the cable was too much, for a network cable, restored to Gigabit, and I think the issue is resolved, to allow customers to Cece it.
The third stage: customers come back and say, or card, a computer reading room open to open on the card, I climbed to the firewall and saw traffic has 220M, it seems that operators did not flicker, really drive a 200M, but still do not hold live computers and more, my clients and I say, bandwidth is not enough, 200M are running full. The customer said, no one reading room with a computer, just boot, but where's the traffic. My clients say, the firewall can not see what specific traffic is required to see the management of online behavior.
Phase IV: Speaking in front of the net is the online behavior management, but this is not what we buy, and normally I do not care, but in line with customers to solve problems is limited, I looked into it, the original flow system patches are update, the computer has a reading room restore feature, boot up automatically update patch, shutdown resumed, endless.
The final solution, online behavior management in the application of this traffic ban, immediately returned to normal. Completely solve the problem.
The entire shoot the wrong, I want to say that I see a little traffic on the interface that piece, I wanted to see was not there because I think there is a problem, what can be found just looked up the habit. And I see there is so little in particular, to seize and hold, find out what the root cause yes. Is so many problems to solve.