Network congestion caused by human feelings

Symptoms]

A new university network center hopes that the network school will help solve a package of problems in the multimedia teaching network.

The cause is this. Mr. Huang recently took over the work of a university's network center. The school planned to comprehensively upgrade the network teaching grade and submitted the test run results of the first network project completed last year to the school's board of directors for discussion, then determine the start date and investment plan of the second phase of the project. The second phase of the project is to fully introduce and expand the multimedia teaching platform, and start the construction of the semi-open public data platform of the school, all students can receive Multimedia Teaching in real time in the dormitory and communicate with teachers online. They can receive broadcast broadcasts of public courses and online reading of multimedia teaching materials at any time.

The application software allows up to six image transmission channels to be opened at the same time. There is no limit on the number of channels for voice channels and text materials. Each student dormitory is configured with four Mbps Ethernet interfaces. All families in the teachers' new village (village 1 and village 2) can use the Ethernet link of cat5e to implement on-demand programming.

At present, the problems encountered in Phase I project are that many users in the test phase can only open up to three image channels. Otherwise, the image pause and mosaic will occur, and the image sound will also pause. According to the school's network management system, many links often experience congestion. After the topology is adjusted, the situation has improved and the speed has also increased, however, it is observed from many accessed servers that their resource utilization is relatively low (generally less than 25% ).

That is to say, it can withstand more than doubled user traffic. The capacity originally designed for Phase I project is to provide an average 20 Mbps continuous channel capability for 800 users at the same time. According to the real-time survey of online users, the actual user support capability is only 10 Mbps of continuous channel capability or about 300 20 Mbps of channel capability.

Conclusion:The number of image application windows opened by the user does not meet the design requirements.

The Phase I project trial report is urgently required to provide reference data for the investment plan for phase II projects. Mr Huang hopes that the test will help improve the network optimization degree, at least to achieve the designed indicators. In this way, the school's board of directors can be well informed of the "excellent state" of network management.

Diagnostic process]

We first used network topology expert software to draw a group of network topology diagrams. The first phase of the project covers a total of 2000 network users in the school, of which 800 authorized users can achieve broadband multimedia access. After two days of continuous monitoring, we found that the actual network topology structure and the worker diagram structure of the first phase of engineering design were very different. The actual number of authorized broadband users totaled 1200, in order to restrict access permissions and users, the addresses of users designed in Phase I project are fixed and assigned the right to use passwords and matched IP addresses for access, however, nearly 300 duplicate IP addresses are detected.

As authorized users are scattered in all corners of the campus and the new village, sharing IP addresses will inevitably result in competition. Most users complain that mosaic occurs at night. According to the link channel traffic monitoring records, many new village users are on-demand movies. Observe that the resource utilization of the six servers of movie channel is slightly higher, but it is generally below 30% of the resource utilization.

Using the newly drawn, practical, and accurate network topology, we re-designed a survey on the network visitor rewards, when Using Fluke's network stethoscope NI, network topology expert LamMapShot, and traffic tester, the following rules are found:

First, the public bandwidth of multiple channels is relatively narrow, but the number of users connected exceeds the total bandwidth. This group of users can only open one image application window when there are many users. Comparing the Phase I project topology, we found that most of these users install vswitches and hub access networks on their own. These switches and hubs have not been approved or filed for record by the Network Center. This will lead to the difference between the designed topology and the actual topology.

We know that the network topology is designed based on the current application traffic and the future bandwidth requirements. The general requirement is to achieve load balancing. Unauthorized access to vswitches and other network devices may change the bandwidth distribution, resulting in congestion or "bottleneck effect" in some parts ". According to Mr. Huang, some "private users" say hello to the network center when the device is connected, but the network center staff are greatly changed and the network data is not frequently checked and backed up, therefore, the number of actual users in the network and the real topology of the network cannot be controlled at any time.

Second, many authorized users share their IP addresses with users in the CIDR block, which is common in "xincun. Many users buy their own hubs and enjoy the fun of broadband on-demand broadcast together with their neighbors. Some users even have the right to access the multimedia teaching network for free. After inspection, several links were found to be connected to illegal users outside the geographic area of the campus. You can choose to listen to the latest online courses for various subjects without paying the tuition fee.

In the case of "too many illegal users", it is recommended that Mr. Huang adopt a new set of user access and login authentication mechanism, which allows only one account to log on to use one user at the same time. When multiple users appear, check whether the Mac address and IP address are valid according to the set order. If MAC and IP addresses are not restricted, only the first receiver is allowed. If the second hacker is a real legal user, he can change the password online and disconnect the existing user and transfer it to the normal connection.

Unexpectedly, such a "test" plan attracted a storm. The test was conducted at night. In the first 10 minutes, a complaint and protest letter appeared in the inbox of the network center and the school "BBS", followed by a complaint phone number and a "questioning" from a school leader ", mr Huang was so horrified that he could not imagine the power of illegal users ". However, the number of users measured at that time was greatly reduced, and the traffic bottleneck was mitigated. The test ended in an hour.

Diagnostic comments]

Due to its high bandwidth and low cost, the use of integrated wiring is easier to build network connections at will and expand the size of network users. Therefore, the network topology must be simple in the design of small-scale applications. With the increasing number of network applications, large-capacity applications and high-speed network users (such as multimedia online teaching and video-on-demand), the bottleneck effect may occur first when the traffic channels in the network topology are narrow.

Network management and maintenance personnel often need to monitor the traffic at all layers of the network. For example, observing IP traffic can know the traffic distribution so as to determine whether the network structure needs to be optimized and adjusted; when observing the application traffic, we can know that the IP channel congestion is caused by the application's "disorder", so as to reasonably configure the time and place for various applications. Long observation records can also provide useful information for network upgrade and transformation. You can also check whether the network is in an abnormal or edge State at any time. The network management system is helpful in this management.

However, when the network is abnormal or the production connection terminal is connected, the network management system may not be able to provide data or provide data that may be inaccurate. Because most of the data obtained by the network management system is provided by the responsible device. This requires the use of dedicated test tools for online full-line speed monitoring on Abnormal nodes and channels to produce accurate data reports. Traffic testing and analysis should be included in regular monitoring to provide accurate data for possible network optimization at any time. Keep the network in excellent performance.

For networks that divide access permissions and access regions, in addition to the visitor's password restrictions, there are also restrictions on the locations where the Internet is accessed and the machines on the Internet. In some work, you can use an internal firewall with full-line speed, and software can be used for low-speed links. However, some restrictions require you to configure network devices such as switches and routers. There are many network devices that do not support such restrictions. In this case, you need to use a dedicated gateway or internal firewall. However, these devices have a great impact on the speed and latency of the channel during high-speed application. Therefore, you need to consider whether to choose the channel.

Because the network topology management and account management functions do not strictly play a role, the network topology is changed at will, and the network bandwidth is shared at will. As a result, some high-speed users cannot use the network.

Diagnosis suggestion]

In view of the user's current situation and pressure from some school leaders, we recommend that Mr. Huang maintain the current situation first. The test results can be submitted to the school board of directors as the actual use Report of the Phase I project, which is more convincing. The phase II project can categorize and authorize all users, and then strictly manage the user account and network topology.

Postscript]

One week later, Mr. Huang informed the second plan school board of directors that the plan was successfully approved and approved more funds in the network security, disaster recovery, centralized network management, and other plans. He said that he originally wanted to "Beautify" the Phase I project and then submit it to the Council. He hoped to gain the attention of the Council with good network application effects and prospects, the "Storm" caused by the experiment attracted more attention from the Council than he expected. This time he will be proud of it.