Sunteți pe pagina 1din 6

[pages 12-15]

This is part three of Wandel & Goltermanns series on baselining LANs. The preceding article in
this series focused on baselining the overall network. This final article explores some of the
specific elements of baselining the network node. Parts one and two are available on the WorldWide Web at www.wg.com/resource.html.

Network Baselining, Part III: Focus on the Node


by Brian McKellar, WG Sales
By the time you begin to drill down to the
individual network node, you have already
developed a baseline that provides a clear
understanding of the overall network. With
the node-level baseline, the goal is to
investigate the specific users and
peripherals involved in the network. This
article will now invoke the four Ws of
network baselining: Who, What, Where and
Why.

Who Is Out There?


The preceding article in this series identified
the need to determine the total number of
nodes on the network. In the user-specific
portion of baselining, the focus is on four
types of network nodes:
1.
2.
3.
4.

Top Users
Top Errored Nodes
Interconnect Equipment
Network Peripherals

Remember that the purpose of a baseline is


to provide a network inventory. As you
continue to baseline, you should record your
findings but avoid slipping into analysis
mode," which is beyond the scope of this
document. Once the baseline is complete,
analysis of results can begin.
Top Users
In most networks, a small number of
network nodes account for 80 percent of the
overall bandwidth utilized. In the first part of
our node-specific baseline, we will
determine how many top nodes to focus
upon. In general, the top-nodes count will
range between five and 20 heavy users. The
number of top users is dependent on the

type of work performed by the network


users. Figure 1 illustrates a common trend
in networks. In the example shown, three
nodes account for 78.14 percent of the total
network activity. The remaining 75 users
account for slightly more than 20 percent of
the network activity. In a network of this sort,
we are likely to focus on the top five
network nodes.
Note: I recommend monitoring for at least
one hour during peak network periods.
Top Errored Nodes
We need to categorize nodes involved in
creating or identifying network errors. Due to
the multi-tiered structure of network
communications, we are compelled to
record network errors at various
communication layers. In the preceding
article, we established that between 65 and
75percent of all network errors occur in the
first three layers of the seven-layer OSI
communication model. With this in mind, we
should focus on recording errors at the
Media Access Control (MAC) layer, Logical
Link Control (LLC) layer, and the Network
layer.
Interconnect Equipment
This category encompasses routers,
bridges, switches, and hubs. As we evaluate
our top users, we are likely to find that these
network-connectivity devices reside in our
top-user category.
One of the key requirements for our
baseline is to take inventory of the
equipment. Since the equipment is a critical
component of the network, we should know
as much about the types as possible.

Figure 1 In most networks, a small percentage of network nodes account for most of the
bandwidth utilized.
predefined by the network topology
implemented and provide a standard level
Network Peripherals
of commonality and efficiency throughout
The server is slow again! If this is a
the network.
frequently heard complaint, baselining is
likely to provide the reasons why problems
like this occur. Network peripherals fall into
Another subtle and perhaps unknown factor
the following two categories: top listeners
can affect frame size. Plug-and-play
and top talkers. Devices such as servers,
hardware and software often limit data
printers, and facsimile machines are utilized
communications by presetting a maximum
by a multitude of different users. We should
frame size to be used. Although plug-andensure that network peripherals have their
play networking allows the network manager
workload properly distributed among
to quickly implement changes, the price
network users. Network efficiency can be
paid for quick implementation is usually a
improved by simply identifying and
decrease in network efficiency. Plug-andcorrecting load sharing and traffic flow
play communication techniques are
between users and peripherals.
designed to operate under worst-case
conditions, not to provide network efficiency.
Implementing a plug-and-play solution
What Is Going On?
usually guarantees that the hardware or
software will select an intermediate frame
The next portion of our node focus
size as the default packet size.
investigates what each of our node types is
doing on the network. Improving network
To illustrate this point, take the example of a
throughput and efficiency is the eventual
plug-and-play application operating on an
goal of baselining our network. With this
Ethernet network and assume that the
point in mind, you should examine a
application is preset to select a maximum
common component of all data networks
data packet that is 512 bytes. On an
that can provide an immediate boost to your
Ethernet network, the maximum packet size
network efficiency. This common component
is 1518 bytes. This means that if the default
is the data packet, which is also referred to
packet size is set to a higher value, the
as the data frame. The packet is among the
applications efficiency could immediately
lowest common denominators in network
improve. The bottom line is to determine the
communications. The upper and lower
maximum data packet size for all network
boundaries of the data packet are
nodes. Improving the maximum packet size

utilized by an application is an easy way of


squeezing more out of your network at
virtually no cost.
WARNING: Any changes in application or
hardware setups should be performed by
the network administrator or under the
administrators direct supervision. Following
this simple rule will avoid your having to
answer questions with the following:
1. I didnt do any thing!
2. I dont know. It just started doing
this all of a sudden.
3. It wasnt me!

Top Users
In characterizing the top users, we will focus
on recording the following three elements:
Protocols
In baselining the top user, we should
establish which protocols and
applications are being used. We are
interested in recording all Networklayer, Transport-layer, and
Application-layer information we
can obtain.
Addressing
If a node utilizes numerous
protocols, different addresses can
be attributed to each protocol. It is
important to record all hardware,
MAC, network, and symbolic
addresses for each station.
Recording and mapping addresses
and stations will provide valuable

reference material in
troubleshooting situations.
Traffic Mix
Any given network can be expected
to operate with a number of
protocols. In order to evaluate the
traffic flow within the network, we
must pay attention to the protocols
utilized by the top users. When it
comes to evaluating network
efficiency, youll find that the more
operating protocols used, the higher
the communication noise level will
be. The communication noise level
refers to the background information
shared between stations using a
given protocol. This background
noise is used by protocols to identify
services, negotiate communication
procedures between stations, and
locate other stations. Two common
examples of this type of background
traffic would be DARPAs Internet
Control Message Protocol (ICMP)
and Novells Service Advertising
Protocol (SAP).
Note that todays networks are evolving into
switched virtual networks. The direct impact
on the network and network users is an
increase in multicast and broadcast traffic.
Since this type of traffic may be repeated
throughout the LAN/WAN network, this
traffic should be monitored.

Figure 2 Correlation of MAC and Network-layer information.

Figure 3 Presentation of top network protocols.


Top Errored Nodes
The type and number of errors in a
communication network are many and
varied. As the focus of this article is
baselining, we will not go into detail
regarding all the possible errors and their
causes. Instead, we will record our top error
stations and, upon completion of our
baseline, go back and research the errors.
In the previous article, Baselining: The Big
Picture, we specified the tolerable level of
different errors found on an Ethernet
network. In this article, we will evaluate a
few errors per layer, up to the Network layer.
Physical Layer and MAC Errors
In an Ethernet network, the collision
rate can be considered as an
indicator of the network utilization.
Collisions themselves are Ethernet
events rather than errors per se. At
the Physical layer, we want to watch
out for two errors: Cyclic
Redundancy Check (CRC)
indications and Jabbers (or giant
frames). Jabbers are usually an
indication that a NIC card is having
a problem, whereas CRC errors
indicate that data has been
corrupted either by the transmitting
station or as it was transported
through the network. CRC errors

cause the source station to


retransmit the data packet; this
increase in the traffic rate can
further complicate the situation by
adding greater levels of traffic to a
stressed network.
TIP: Avoid chasing after CRC errors
that are attributed to the following
MAC addresses:
AA-AA-AA-AA-AA-AA or 55-55-5555-55-55. These addresses are the
result of a collision. The network
monitor attempts to decode the
frame beginning at the preamble
rather than the start-frame indicator.
The preamble is a series of
alternating 1s and 0s and
attempting to decode the preamble
will result in the aforementioned
addresses.
Network Layer Errors
Protocols that use a Network layer
require a certain amount of
management. They require the
network manager to assign
addresses and implement
communication firewalls and
network filters. Regardless of the
Network layer protocol, pay special
attention to:

Duplicate Addresses - implies that


two physical stations have been
assigned to the same physical
station. The results of this are many,
varied, and all are bad.
Host/Station/Network Unreachable indicates that a node or piece of
communication equipment or data
link is not operating.
Time to Live Exceeded - indicates
that the network protocol has been
unable to deliver a packet due to
improper network design, incorrect
network software setup, or network
failure.
CRC/FCS errors - most protocols
perform a CRC or Frame Check
Sequence at each layer.
Interconnect Equipment
Baselining provides an opportunity to take
inventory of our network. Record the
following information for each router, bridge,
switch, and hub.
1.
2.
3.
4.

configuration of each port


current software version
all associated addresses
physical location

Routers and Bridges


Ensure that all filters implemented are
recorded. If using routers and bridges as
firewalls, maintain an accurate user list and
all configuration information.
TIP: Wherever possible, make hard copies
and electronic copies of the all
configuration-related information.
Implementing a thorough library of network
information will prove useful if a router or
bridge fails.
Switches and Hubs
The basic hub has now evolved into a
switch. Both hubs and switches are present
in ever-increasing numbers throughout
modern networks. If the network has
evolved into the realm of virtual networking,

ensure that you understand the following


characteristics of your network switches:
1. Does the switch utilizes fast
forwarding or hold-and-forward
packet forwarding?
2. Does the equipment forward
bad packets, runts, jabbers,
collisions, etc.?
3. What level of broadcast and
multicast traffic is generated by
utilizing switching?
4. Does the switch support single
or multiple addresses?
5. Is there a non-intrusive
monitoring point on the switch
for data analysis?
Network Peripherals
Loading is usually the biggest problem with
which this class of network equipment must
deal. When baselining the network, keep in
mind the type of user on the network. A
common practice in enhancing the
efficiency of peripherals is to segment and
increase available bandwidth for these
devices. During the baseline, ensure that all
the top users are not attempting to use the
same servers and printers as the casual
network user.
Segmentation of heavy users into groups
supported by a high-speed backbone is the
easiest way to increase network efficiency.
Most workstations and PCs are capable of
supporting Fast Ethernet or FDDI interfaces.
Rather than upgrading the whole network,
you can segment the top users, upgrade
their network access (Fast Ethernet, FDDI,
or ATM), and dedicate peripherals for their
use. The benefit is two-fold:
a) The average user gains faster
network access.
b) The cost of upgrading the entire
network is avoided.
An alternate strategy is to increase the
number of access ports on the server. Most
servers provide multiple ports for additional
NIC cards. Increasing the access ports on
the server should help alleviate bottlenecks.

Where Is This?
Most network managers inherit an existing
network when they accept the position.

Unfortunately, the network usually does not


come with an owner's manual. By
performing and maintaining a schedule for
network baselining, you are effectively
building an owner's manual. Our baseline
should include a physical inventory.
Baselining provides an opportunity to
record:
1. network equipment and total
number of each item
2. serial numbers of equipment
(Technical Assistance Centers
need this information to help
troubleshoot problems)
3. software version loaded on
equipment; all like devices
should be running under the
same software load (you may
be surprised at what you find!)
4. applications loaded on each
device
5. all relevant addresses
6. physical location of each piece
of equipment
7. cable-plant diagram
This suggested course of action is no small
undertaking. The value of a thorough
baseline and well-maintained cable plant
diagram, however, should become apparent
the first time there is a major network
outage or complicated network problem.

Why Baseline?

At the end of a comprehensive baseline, the


reason you have undertaken this course of
action should be obvious. Undoubtedly, you
will have uncovered network skeletons in
the wiring closet. Due to changes in network
personnel and advances in technology and
applications, networks tend to take on a life
of their own. To bring the network under
control, you must collect as much
information about the network as possible.
Baselining is not a one-time event. After the
baseline is complete, we can analyze the
results and then apply our new-found
knowledge to alter and enhance network
efficiency. You can then revise the baseline
to confirm the enhancement in network
efficiency. Baseline the network whenever
you add users or change applications or
communications equipment. Otherwise,
baseline at regular intervals
The information that you gather and record
will help maintain the network in a state of
good health and keep your users happy.
All illustrations were taken from WGs
Domino Internetwork Analyzer and
DominoWIZARD system.

[include screen captures of network


stats]

S-ar putea să vă placă și