Network audit Campina UK Horsham November 10th, 2004



Similar documents
Application Description

VLAN 802.1Q. 1. VLAN Overview. 1. VLAN Overview. 2. VLAN Trunk. 3. Why use VLANs? 4. LAN to LAN communication. 5. Management port

Network Services Internet VPN

Managing Network Bandwidth to Maximize Performance

Building Secure Network Infrastructure For LANs

Interconnecting Cisco Networking Devices: Accelerated (CCNAX) 2.0(80 Hs) 1-Interconnecting Cisco Networking Devices Part 1 (40 Hs)

Figure 41-1 IP Filter Rules

Bandwidth Primer The basic conditions and terms used to describe information exchange over networks.

Security Design.

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

Cisco NetFlow TM Briefing Paper. Release 2.2 Monday, 02 August 2004

Edgewater Routers User Guide

EXINDA NETWORKS. Deployment Topologies

Virtual Leased Line (VLL) for Enterprise to Branch Office Communications

Introduction. What is a Remote Console? What is the Server Service? A Remote Control Enabled (RCE) Console

Truffle Broadband Bonding Network Appliance

L-Series LAN Provisioning Best Practices for Local Area Network Deployment. Introduction. L-Series Network Provisioning

Load Balancing ContentKeeper With RadWare

Cisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)

Networking Devices. Lesson 6

Edgewater Routers User Guide

Broadband Bonding Network Appliance TRUFFLE BBNA6401

ethernet services for multi-site connectivity security, performance, ip transparency

WHAT S ON MY NETWORK? A NETWORK MONITORING AND ANALYSIS TUTORIAL

Cisco Discovery 3: Introducing Routing and Switching in the Enterprise hours teaching time

WAN Traffic Management with PowerLink Pro100

Broadband Bonding Network Appliance TRUFFLE BBNA6401

RECORDING VoIP TRAFFIC via PORT MIRRORING

MITEL. NetSolutions. Flat Rate MPLS VPN

How To Monitor A Network For Prime Security

CORPORATE NETWORKING

Local Area Networking technologies Unit number: 26 Level: 5 Credit value: 15 Guided learning hours: 60 Unit reference number: L/601/1547

WAN Failover Scenarios Using Digi Wireless WAN Routers

Basic Network Configuration

Zarząd (7 osób) F inanse (13 osób) M arketing (7 osób) S przedaż (16 osób) K adry (15 osób)

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Network Security Topologies. Chapter 11

Extending Network Visibility by Leveraging NetFlow and sflow Technologies

Overview of Routing between Virtual LANs

This chapter covers four comprehensive scenarios that draw on several design topics covered in this book:

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

Cisco Which VPN Solution is Right for You?

RAS Associates, Inc. Systems Development Proposal. Scott Klarman. March 15, 2009

OptiView. Total integration Total control Total Network SuperVision. Network Analysis Solution. No one knows the value of an

UPPER LAYER SWITCHING

High-performance VoIP Traffic Optimizer Client Solution

Knowledgebase Solution

IP Telephony Management

OptiView. Total integration Total control Total Network SuperVision. Network Analysis Solution. No one knows the value of an

How Much Broadcast and Multicast Traffic Should I Allow in My Network?

SSVP SIP School VoIP Professional Certification

The Cisco IOS Firewall feature set is supported on the following platforms: Cisco 2600 series Cisco 3600 series

Virtual Server in SP883

QoS (Quality of Service)

WAN Optimization. Riverbed Steelhead Appliances

Load Balance Mechanism

Chapter 3 LAN Configuration

Secured Voice over VPN Tunnel and QoS. Feature Paper

Reliable high throughput data connections with low-cost & diverse transport technologies

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

Chapter 15: Advanced Networks

INTRUSION DETECTION SYSTEMS and Network Security

What communication protocols are used to discover Tesira servers on a network?

Extending Network Visibility by Leveraging NetFlow and sflow Technologies

LAN Planning Guide LAST UPDATED: 1 May LAN Planning Guide

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack

Auditing the LAN with Network Discovery

Optimizing Enterprise Network Bandwidth For Security Applications. Improving Performance Using Antaira s Management Features

Vocia MS-1 Network Considerations for VoIP. Vocia MS-1 and Network Port Configuration. VoIP Network Switch. Control Network Switch

Multi-Homing Dual WAN Firewall Router

Enabling Multiple Wireless Networks on RV320 VPN Router, WAP321 Wireless-N Access Point, and Sx300 Series Switches

HP Switches Controlling Network Traffic

GPRS / 3G Services: VPN solutions supported

Architecture Overview

Level: 3 Credit value: 9 GLH: 80. QCF unit reference R/507/8351. This unit has 6 learning outcomes.

Chapter 12 Supporting Network Address Translation (NAT)

Top-Down Network Design

A message from Plixer International:

Networking Topology For Your System

White Paper: Virtual Leased Line

Region 10 Videoconference Network (R10VN)

Computer Networks. Definition of LAN. Connection of Network. Key Points of LAN. Lecture 06 Connecting Networks

CHAPTER 6 DESIGNING A NETWORK TOPOLOGY

Secure Network Design: Designing a DMZ & VPN

Chapter 9 Monitoring System Performance

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Lab Developing ACLs to Implement Firewall Rule Sets

6.0. Getting Started Guide

Aerohive Networks Inc. Free Bonjour Gateway FAQ

Networking and High Availability

Note: This case study utilizes Packet Tracer. Please see the Chapter 5 Packet Tracer file located in Supplemental Materials.

LifeSize Transit Deployment Guide June 2011

Controlling Ashly Products From a Remote PC Location

L2F Case Study Overview

Firewalls. Ola Flygt Växjö University, Sweden Firewall Design Principles

Post-Class Quiz: Telecommunication & Network Security Domain

Introduction. Technology background

Configuring and Managing Token Ring Switches Using Cisco s Network Management Products

Transcription:

Network audit Campina UK Horsham November 10th, 2004-1 -

Contents Contents... 2 Problem description... 2 Problem description... 3 Current infrastructure... 4 Test... 5 Test setup... 5 Test results... 9 LAN... 9 Router... 10 Advise... 13 Conclusions... 13 Advise... 14-2 -

Problem description The site of Campina International located in Horsham (UK) experiences low performance on the connection with the corporate network (CMNet). The performance does hinder the employees in their daily work. The main applications for which this connection with the corporate network is being used are: - SAP, the SAP servers of Campina UK are located at PinkRoccade den Bosch (NL); - Email, several times a day, mail exchange take place between the email server in Horsham and the email server located in den Bosch; - Internet, for the connection to the internet, the same connection to the corporate network is being used; The poor performance is experienced most when accessing the Internet. The employees in Horsham use the internet mostly for marketing and commercial purposes. Due to the nature of the websites the employees access, the bandwidth requirements are quite high (many graphical components and downloads). - 3 -

Current infrastructure Horsham has a 100 Mbps switched Ethernet LAN infrastructure in place. This infrastructure is based on Cisco and Alcatel switches. Approximately 40 workstations, a moderate number of printers and a couple of servers are connected to the LAN. The connection to the CMNet (corporate network) is established via a Cisco router that is connected to a 256 Kpbs frame relay network of MCI. The router itself is connected via a 100 Mpbs connection to the LAN. Additionally there is a connection via a leased line with an external warehouse. SAP Servers Campina UK External WH Den Bosch MCI Internet 256Kbp LAN 100Mbps Switched ethernet Horsham - 4 -

Test Test setup MCI claims there are no performance problems in the MCI LAN-to-LAN connection between Horsham and den Bosch. PinkRoccade in den Bosch does not experience any performance issues in the LAN and the IAS infrastructure in den Bosch. Based on these two statements and the fact that similar performance problems are reported in the other Campina International locations in Moscow, Warsaw and Barcelona, Campina Headquarters decided to perform LAN measurements in Horsham. FW infra Den Bosch MCI Internet LAN 100Mbps Shared ethernet 256Kbp Fluke Optiview probe LAN 100Mbps Switched ethernet Horsham - 5 -

During the audit a so-called Fluke probe was installed between the MCI router and the LAN segment of Horsham. While measuring, MCI and PinkRoccade were contacted to ensure no vital information was missed: PinkRoccade monitored the LAN and IAS infrastructure in den Bosch; MCI performed a LAN-to-LAN monitor on the connection between den Bosch and Horsham; During testing not all users were at the location. Nevertheless the usage of the infrastructure can be marked as representative. During testing approximately 10 users were working with SAP, 6 were active on the internet. This covers the average usage of the main applications. The audit was performed with a Fluke Optiview Integrated Network Analyzer and a Fluke Network Inspector (V5). Network Inspector Console Hub Network Inspector Agent (probe) Internet Optiview (probe) Switch Andere hosts In segment The Network Inspector Console constantly gathers information that is collected by the Inspector Probes: the Network Inspector Agent and the Optiview. From this data, the Optiview builds several reports on an hourly basis. These reports cover the last two hours of data that is collected. - 6 -

During the audit the following steps were followed: - At first an audit over a small period of time of the LAN segment. This audit was used to have the equipment discover all the components in the network and to quickly discover possible general performance issues. - A second longer audit (approx 5 hours) in which all the traffic on the segment was measured and analyzed in detail. From this audit, the Optiview produced the following reports on an hourly basis: o Number of collisions; o Number of errors; o Ethernet usage (bandwidth); o IP inventory; o NetBIOS inventory; o Protocol mix; o Top protocols; o Top talkers/top receivers/top broadcasters; - The priority was set on monitoring the ports of the MCI router. Both the Ethernet as the serial port were closely monitored. Usage and possible errors on these ports were registered. - A final short audit of the LAN segment to again get an overview of all components and possible errors was performed for comparison and reference; - 7 -

Following reports were created: o Ethernet Collision Summary : number of Ethernet collisions during the time of the audit; o Ethernet Error Summary : number of Ethernet errors during the time of the audit; o Ethernet utilization : bandwidth usage during the audit; o IP inventory : discovery of all IP enabled devices in the LAN segment (due to the usage of VLANs this might not be complete); o NetBIOS inventory : discovery van all NetBIOS devices in the LAN segment (due to the usage of VLANs this might not be complete); o Protocol mix : all protocols and there volume that were measured during the audit; o Top Protocols and Applications by Host : most used protocols per host during the audit; o Top talkers/top receivers/top broadcasters : hosts with their respective volume of traffic sent, received and broadcasted during the audit; o Summary of the following parameters per report spanning a period of two hours: Packet rate (Ethernet packets per second); Broadcast packet rate (Ethernet broadcast packets per second); Number of collisions during audit; Number of errors during audit; Average bandwidth usage (Mbps) during audit; Average percentage Citrix protocol during audit; Average percentage SNMP protocol during audit; Average percentage HTTP protocol during audit; Average percentage traffic sent by top talker; Average percentage traffic received by top receiver; - 8 -

Test results LAN The LAN segment is considered Healthy. Some small remarks are nevertheless necessary (see the Optiview reports in the appendix): Netbeui is still being used. This should be removed as soon as possible. This protocol has poor performance and is considered unsafe; IPX is still being used. De-activate if not necessary; The switches need configuration. Because of the fact that they are un-configured, measurement on switch level was very hard or impossible. A missing Spanning Tree Configuration on some of the switches can cause network problems; The usage of the HTTP protocol on the LAN segment is very high. This indicates a high usage of Internet and / or Intranet. Indeed these applications are the mostly used on the LAN and generate the most traffic on the MCI router; - 9 -

Router The MCI router was monitored in detail: both the LAN port (100 Mbps) as the WAN serial port (256 Kbps). This resulted in the following conclusions: The LAN port is only being used for a fraction of the total capacity. The fact that this is a 100 Mbps port means that a tiny bandwidth usage on this port will already complete flood the WAN port. No errors were found on this port; LAN poort router < 1% utilisation - 10 -

The WAN port utilization is constantly over the 30%. No errors were found on the port; As soon two or more users are accessing the internet, the utilization will be over the 80 or 90%; WAN poort - 11 -

Proxy in Den Bosch 2 HTTP users At PinkRoccade in Den Bosch no performance problems of any concern were found. Also no errors were found when using a packet sniffer; At MCI a high load on the line is measured but no 80 to 90% as measured by the Optiview probe; - 12 -

Advise Conclusions - The demand for Internet access in Horsham is very high. The usage of sites that need a high bandwidth (marketing and other commercial information will have higher bandwidth demands in future); - The available 256Kbps at present is not sufficient. The connection already is being utilized for 80-90% for most of the time as concluded in the preceding chapter; - We cannot detect if MCI delivers the promised the 256Kbps at all times. We do assume they do. Because of the different rates in speed between the serial and the Ethernet port, a 0.25% utilization of the latter one will completely flood the WAN port. This was basically the case the whole time; - Authentication / authorization problems as reported by the uses in Warsaw and Moscow are not found in Horsham. It is advisable to audit these sites in detail to find out what is causing the problems over there; - 13 -

Advise The following options are available to upgrade the performance in Horsham: 1. Upgrade of the present MCI line. The costs and the possible upgrade options must be discussed with MCI or another operator. Advantage: Easy and quick to deploy; Disadvantage: Expensive; Unclear how much the line must be extended as this is dependent on the usage of the different applications; 2. Split tunneling (connections). This means that only the business applications like SAP, Email and intranet are routed over the MCI line. The traffic destined for the Internet is handled by a local internet connection. Advantage: Relatively cheap; In control: by implementing these techniques centrally, decentralized and unknown / unmanaged (do-it-your-self) initiatives will be avoided resulting in a much more secure environment; Guaranteed bandwidth for the business applications; No need for upgrading international dedicated lines when Internet bandwidth requirements grow; For Horsham: the leased line to the warehouse can be eliminated as traffic can be redirected via a VPN internet connection. The warehouse connection would then be in-line with the Campina security policies; Disadvantage: Requires a firewall (managed centrally) and an additional internet connection (DSL low costs). This is a new approach for Campina and needs some investigation; Although new for Campina, this split tunneling techniques is used by many companies. Implementation therefore can be accomplished with common of the shelf products and do not require Campina specific solutions. - 14 -

SAP Servers Campina Den MCI Internet External WH LAN 100Mbps Switched Horsham - 15 -

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information