So a retail store calls today complaining of slow network connections.
So I change a few routes in the stores local router to give them a faster pipe (I was initially thinking that poor local broadband service was the root cause).
They called back complaining again.
So I poke around a little…
show processes cpu (no problemo)
show int | i mfr1.100 | drop | runt | err | fail | coll | carr (no problemo)
So I ping across the WAN <-> WAN and there is in fact high-latency right on the WAN interface of the stores router.
Time to pull out Netflow…
(config)# ip cef
(config-if)# ip flow ingress
(config-if)# ip route-cache
(config)# ip flow-top-talkers
(config-flow-top-talkers)# top 20
(config-flow-top-talkers)# sort-by bytes
(config-flow-top-talkers)# match input-interface <int>
# show ip flow top-talkers (identify source-IP)
Oh ya… we got issues.
Turns out one PC was saturating the WAN with an unusually high amount of traffic to a variety of public IPs. Coincidence I ask?!? I think not!!!
So I ping the PC, acquire the MAC, ssh into the switching infrastructure, narrow down the port the MAC is being learned on, and shutdown the port.
Bingo! All network performance goes back to normal.
Need to scan this machine for malware.
No comments:
Post a Comment