In general, I have found that network bandwidth requirements increase between 50-100% every year. With the prevalence of high speed broadband options to the home, user expectations have increased. Now that 6Mb cable modem service to the home is common, business class services shared among many users can at times seem inadequate.
Oh that last mile. There are many providers of connectivity solutions out there, but getting them to your door can be a major challenge. There are initiatives to provide WiFi access, and some vendors are building their own facilities, but it doesn’t address the problem.
The Local Exchange Carrier (LEC)
The LECs are what we got when the Bell Telephone monopoly was broken up into smaller monopolies. They own the last mile into homes and businesses in their region. Connectivity either comes from them or rides the “last mile” over their lines. For example say you want to bring in a Sprint Internet circuit in Chicago. You would have to obtain a local loop from AT&T to complete the connection. This, of course, comes with an access charge, but it also complicates troubleshooting. You enter into a situation where multiple vendors are pointing fingers at each other.
I can’t tell you how many times I have had to explain to someone who has just updated their connection to 10, 45, 100 Mb so they can quickly transfer there critical files to the other side of the planet only to find they aren’t getting any better throughput than they had before. This is a common misunderstanding about the relationship between bandwidth and throughput. The bottleneck is not the bandwidth, it’s the latency, and it is tough to argue with the speed of light.
So to follow up with the previous post about MTU and MSS, I wanted to show you how to set the MTU value on your computer. On most Unix-like boxes it is a fairly straight forward process to change your MTU. On Windows it gets a little trickier with registry changes and such things that can brick your computer.
There are a lot of misperceptions about packet size and the various mechanisms that allow a packet to flow smoothly along a network path. In order to avoid fragmentation, which will hurt performance and potentially overwhelm some network devices, it is important for both ends to send the appropriate sized packet.
I have been behind in my posts, and I have quite a few items to get posted. Today I wanted to walk through an example of tcpdump can be useful when tracking down malicious traffic on your network. I am going to use the example of IrnBot to demonstrate a handy technique. IrnBot (named after the Scottish drink IrnBru), also popularly known as Rinbot, produces a lot of traffic on port 1433, 2967 and 139. It also opens up a connection to irc servers on the outside over port 8080.
I find myself sorting through logs all the time, and I have developed a couple of tricks for pulling the information I need out. With a little awk, sort and uniq magic you can get a great deal of info out of your logs.
Here is another handy little trick for tcpdump that will help you identify some potential network issues. Often times when there is some trouble along the line you will see reset connections. This happens for many reasons and can be an indication of everything form a network program to a crashed application that suddenly stops responding.
You see that light blinking like crazy on the switch, and want to see what it is that your systems is doing? If you are on a (u|li)n[i|u]x or bsd of some sort pick up a copy of tcpdump. If you are on OS X it is already included.
These days I have found that most trade shows are hopelessly unimpressive, but I must say that Network World IT Roadmap Chicago was very useful. It was very targeted, so it was very relevant. Most of the presentations were good, the crowd was sufficiently nerdy, and the vendors were handing out swag again.