How to solve network packet loss

Overview of network packet loss

The so-called network packet loss is when we use the ping command (to detect whether a system can operate normally) for the purpose When a station is querying, data packets are lost in the channel due to various reasons.

The Ping command uses ICMP echo request and echo reply messages. The ICMP echo request message is a query sent by a host or router to a specific destination host.

The machine that receives this message must send an ICMP echo reply message to the source host. This query message is used to test whether the destination station is reachable and to understand its status.

It should be pointed out that the ping command is an example of using the network layer ICMP protocol directly. It does not pass the UDP or TCP protocol of the transport layer.

Analysis and treatment methods of common network packet loss faults

Network faults are inevitable, but how to quickly isolate and troubleshoot them is a basic quality that network managers should possess . The following lists several common network packet loss failures and their solutions.

Related recommendations: "php Getting Started Tutorial"

Fault 1: Network data packets are sent on and off, with serious packet loss

Fault phenomenon:

Usually when a fault occurs, the network in this direction experiences oscillatory interruptions.

Use the Ping command to test and find that the data packet sending delay is slightly higher than the normal value for a period of time. After a short period of time, all data packets are lost. The packet loss rate exceeds 60% and the packet loss curve becomes regular. , network services are basically unavailable.

Fault analysis:

In the LAN, when the network is oscillated and disconnected, it may generally be due to a loop between two of the interconnected switches, or a loop The two ports of the switch are directly connected.

This will cause the spanning tree protocol of the LAN to fail to build, and it will constantly check and try to build a new spanning tree network, causing the network to oscillate on and off.

At the same time, it will be accompanied by constant interruptions between switches. Repeatedly sending broadcast packets will form a "broadcast storm", which will overburden the switch, severely block the network transmission channel, and prevent normal processing of communication data.

Although a loop may occur on a certain access switch, it will affect the stable operation of the entire LAN with the three-layer switch as the core.

Troubleshooting:

When it is found that the network data packets are being sent on and off, and the packet loss is serious, especially when oscillatory interruptions occur in the entire unit or the entire floor, it can be determined that the problem should be A loop occurred on a switch in the unit.

As a network manager, you should first check the flashing status of the indicator lights of each access switch. Usually, when a loop occurs, the indicator light will flash rapidly, more than 4 times per second, and the looped switch will be more prominent.

Dial out the switch cascade access network cables one by one, and monitor the switch status in real time. After unplugging the network cable on a certain port, the switch indicator light returns to normal.

If you search further, you will find the There is a loop at the end of the connecting cable. After cleaning the network cable, the network becomes smooth again.

Fault 2: The network data packet sending timeout is serious, and there are irregular packet losses from time to time.

Fault phenomenon:

The network suddenly becomes seriously congested. Daily office programs do not run properly, opening web pages is slow, and is sometimes interrupted due to timeouts.

No problems were found with the network equipment. Several computers in the network slowed down significantly after joining the network. They returned to normal after disabling the network card or interrupting the network.

Fault analysis:

First, test the ping gateway on a user terminal. The result is that the gateway can be pinged, but the data packet sending timeout is serious, and the packet loss rate is about 30%. irregular.

Secondly, log in to the user switch, run the arp -a command, and find that the gateway IP and gateway MAC address are pointed correctly. Through the above tests, network setting errors and ARP spoofing have been basically ruled out.

Packet loss shows a certain degree of randomness without continuity and oscillation. Network loop problems have been basically ruled out, and this phenomenon can be initially judged. It may be caused by virus attack etc.

To this end, it is necessary to further obtain ARP information, original data packets transmitted in the network and other information.

Again, deploy packet capture analysis. Configure a mirror port on the switch, connect the maintenance terminal to this port, start the network protocol analysis tool (sniffer) to capture and analyze the data communication of the network, and stop after about 10 minutes.

It was found in the node browser on the left side of the main interface of the network analysis system that there may be forged IP address attacks or automatic scanning attacks in the network.

Select the connection view and find that within 10 minutes, more than 12,000 connections were initiated on the network, and most of the status was client request synchronization. Based on this, it is concluded that there is an automatic scanning attack in the network.

Finally, check the connection information in detail and find that most of these connections are initiated by the same host. Select any connection, select the packet view, and view the original decoding information of the transmitted data,

It was found that this computer is actively scanning and attacking the TCP 445 port of other hosts in the network. It may be that the host is infected with a virus program, or someone is using scanning software. By analyzing the chart view, it is further determined that there is definitely an automatic scanning attack on the host.

Troubleshooting:

After finding the source of the problem, the host was isolated. After a period of testing, the network packet loss was alleviated, but the problem was not fundamentally solved.

So I started the network protocol analysis system again to capture and analyze, and found another host with a similar situation. Based on this, it can be basically concluded that both hosts are infected with the virus, and the virus will actively scan other hosts on the network to see whether TCP port 445 is open. If a host opens the port, it will attack and infect this host.

Such a cycle will cause the above-mentioned network failure. The two hosts newly discovered to be infected with the virus were immediately physically isolated, network communications were immediately restored to normal, and then the terminals were disinfected.

Fault 3: Network data packets are severely delayed, downloading, browsing and other services cannot be used normally

Fault phenomenon:

Daily operations within the LAN Data sharing is normal, but the speed is significantly reduced when browsing the external network and downloading data when outgoing. Using the Ping command, it is found that the network delay in a certain direction is particularly large, and there is even a small amount of packet loss.

Fault analysis:

Generally log in to the switch in this direction remotely through telnet. Taking Huawei series switches as an example, enter the following command:

Display cpu #View switch CPU utilization rate,

Display memory #Check the memory utilization,

found that both are very high, then enter the command:

Display interface port number, check the memory usage under each port Data traffic, it was found that the data traffic of two ports was particularly large, much higher than the normal network traffic.

Captured and analyzed the data flow and found that multiple threads pointed to the movie section of a certain website. In order to avoid affecting the smooth flow of the entire network, the connected switch was processed.

Troubleshooting:

Enter the port configuration interface and enter the Shutdown command to forcefully close the port and disconnect it from the network. Contact the terminal user and ask them to terminate the download process and then resume it. its network.

Conclusion

There are many factors that cause network packet loss, which are random and accidental. Therefore, as a network manager, you must consider various factors, master network troubleshooting skills, and accumulate practical experience in order to quickly locate and eliminate network faults.

The above is the detailed content of How to solve network packet loss. For more information, please follow other related articles on the PHP Chinese website!