In a LAN Internet sharing environment, we often encounter slow network transmission speeds, webpage access failure, and even network paralysis, most of the reasons for this are network channel congestion. What causes serious network congestion? Is the content transmitted over the network too large? Is it a broadcast storm in a lan? Or a virus or Trojan on the network?
Many network channel congestion failures are often accompanied by slow access to the Internet or inability to access the Web page. I suggest that you solve the problem in the case of a network fault similar to this problem and troubleshoot the problem step by step, this will cause the network channel to be blocked. Now, let's take a look at the author's experience in identifying the "Black Hands" behind the scenes of network congestion.
Problem: new workstation strikes on the network
The person in charge of the training center of the Organization recently asked the author for help. Due to business expansion needs, the training center has bought eight new workstations and connected all the new workstations to the LAN; however, when using the new workstation to access the Internet, there was a very strange phenomenon. When there were very few people surfing the internet in the training center, all the workstations were working normally; if more than six people share the Internet at the same time in the LAN, all newly added workstations will be automatically disconnected, not only unable to access the webpage, but also cannot play online games in the intranet.
Unexpectedly, when the network administrator of the training center unconnects the network connection cables of All workstations in the switch and re-inserts them in turn, all the newly added workstations can access the Internet normally. After receiving such a rare fault "Seeking for help", the strong curiosity drove the author to decide to go to the fault site to find out.
Why is it not caused by a virus?
The Organization training center has been holding various levels of computer training and network training for the society for a long time. This person in charge has not taken over the Organization training center for a long time, in the past, many workstations in the training equipment room were outdated. To improve the competitiveness of the training, the person in charge bought these eight workstations.
In order to allow the newly purchased workstation to quickly access the LAN of the organization for Internet sharing, the training center buys another switch and cascade the new switch to the main switch in the LAN, then, all the newly purchased workstations are connected to the new switch, while some old workstations in the past of the training center are connected to the main switch of the LAN through an old switch, workstations on different vswitches are in two different working subnets.
After learning about the network topology of the training data center, I think this network fault is not very likely caused by viruses or Trojans. After all, when the network administrator encounters a fault where the network is inaccessible, after the network connection cable in the switch is re-plugged, all new workstations can continue to work normally for a while. If the new work subnet does have viruses or Trojans, network faults cannot automatically disappear after a simple insertion or removal of the network cable.
Isolate to lock the network of the new switch
To check whether a network fault occurs only in the subnet where the new switch is located, only in the subnet where the old switch is located, or in the LAN, I decided to use the isolation method to separately test the Internet sharing situation of each subnet. Just do it. I will first disconnect the new switch from the main switch of the LAN, so that the new workstation is isolated from the LAN, at the same time, all the workstations connected to the old vswitch are powered on and shared Internet access is attempted. It is found that no matter how many workstations are connected to the Internet at the same time, no workstation in the LAN experiences online disconnection. All workstations can perform network transmission and access the Internet page, this indicates that the working subnet of the old switch does not have any problems.
According to the same test method, the author disconnects the old switch from the main switch of the LAN, so that the new switch is connected to the main switch separately, in order to only allow the newly purchased workstation to share the Internet through the lan. During this test, the author found that the working subnet of the new switch works normally when the number of concurrent Internet users is small, however, when more than six new workstations share the Internet through the new switch at the same time, the network transmission speed of the entire working subnet is immediately reduced, and the speed of webpage access is also very slow, sometimes the network page cannot be opened. Based on this test result, the author preliminarily determines that the working subnet of the new switch has a problem.
Is broadcast storm a direct killer?
So what is the problem with the working subnet of the new switch? Considering that the switch devices in the working subnet are newly purchased and the number of workstations connected to the subnet is also newly increased, I did not hesitate to eliminate the hardware fault factors; considering that when the number of users accessing the new work subnet is large, the access speed of all workstation is slow or the webpage cannot be opened. According to this special phenomenon, I think it is very likely that there is a broadcast storm in the new working subnet. It is precisely because of the broadcast storm that caused the failure of network channel congestion in the intranet, in the end, the speed of the workstation in the subnet is slow or the web page cannot be accessed. What causes the broadcast storm?
First, I checked all the network connection cables in the New subnet and found that all the network cables are in smooth state. This eliminates the possibility of an Intranet broadcast storm due to network cable damage; afterwards, I worried that some hacker programs may exist in the new workstation. These programs may attack internal subnets, so I found a special anti-Black software, all newly purchased workstations were thoroughly scanned, but the scan results showed the author that no hacker programs were found in the new work subnet that maliciously attacked the internal network and possessed a large amount of bandwidth resources alone; in order to prevent the network card device from being damaged in the newly purchased workstation, I downloaded and installed the Sniffer LAN Management Program from the Internet, and used the management program to capture packets to view the data traffic in the working subnet, the results showed that all NICs in the new workstation can work normally, which also ruled out network channel congestion caused by network card device damage.
Sniffer: New Switch Failure
After trying the above measures, I finally locked the Black Hands behind the fault on the newly bought switch. Theoretically, the newly purchased switch device should not produce a broadcast storm. After all, the common switch forwards data in point-to-point mode, however, I see the clues in this newly purchased switch device. Many users who are not familiar with network devices tend to be eager to find cheap products and excessively pursue low-price products. Therefore, profiteers often fully grasp the weakness of human nature, recommend some so-called smart switches or hubs to consumers. In fact, these low-price switches or hubs are not real switches or hubs. I suspect that after this, I immediately replaced the new switch with another old switch, and found that the eight new workstations can access the network again after accessing the internet, in addition, after a long time, there was no network channel blockage. So far, I have determined that the quality of the new switch is unqualified, which is behind the scenes of network congestion in the new working subnet.
Summary of the above troubleshooting process, the author believes that the reason for taking a detour in the troubleshooting process is because I did not have any doubts about the quality of the new switch, and I believe that the new switch will not be unexpected. In fact, many so-called smart switches in the market are poorly designed and of poor quality. When the number of workstations accessing the internet is small at the same time, switch devices often produce fewer error signals, network bandwidth is not significantly affected. If a large number of network connections exist, multiple Internet users may compete for one communication channel at the same time, which may cause network channel congestion.
Therefore, if you want to purchase network devices like vswitches in the future, you must first learn more about the products of network devices and understand what network devices you actually need; you must never excessively pursue low-price products, nor be deceived by the rhetoric of the profiteer. Otherwise, the network devices you buy will find trouble for yourself one after another!
- Broadcast STORM: behind the scenes that cause network congestion
- Vswitch causes network breakdown