Today at work i faced an issue which i think most of the networking folks have encountered regularly. Determining the ip address/addresses utilizing the most bandwidth. The issue i faced was high utilization on uplink ports that too in inbound direction and that means two things. Either the user is downloading some really heavy stuff or he is under some kind of attack.
In an ISP environment where you have thousand of users, its kind of difficult to determine who is the exact culprit causing the choking on uplinks. If you have all your backbone as Cisco, you can find it out using "IP Accounting" feature but if you multi-vendor environment, it becomes that much difficult specially when the access to you core devices becomes slow due to choking.
For me, the saviour was a product we were testing from last few days. Its called "Scrutinizer". Its a software that analyses your traffic flow and gives you a complete dashboard showing the all the top source/destination ip addresses along with the application details. The best part of Scrutinizer is that it has inbuild algorithm which determines abnormal behavior to determine if any host is under attack such as DDOS.
This feature saved us today as we were able to get the victim ip address that was under attack and were able to take necessary action.
All hail Scrutinizer!!
In an ISP environment where you have thousand of users, its kind of difficult to determine who is the exact culprit causing the choking on uplinks. If you have all your backbone as Cisco, you can find it out using "IP Accounting" feature but if you multi-vendor environment, it becomes that much difficult specially when the access to you core devices becomes slow due to choking.
For me, the saviour was a product we were testing from last few days. Its called "Scrutinizer". Its a software that analyses your traffic flow and gives you a complete dashboard showing the all the top source/destination ip addresses along with the application details. The best part of Scrutinizer is that it has inbuild algorithm which determines abnormal behavior to determine if any host is under attack such as DDOS.
This feature saved us today as we were able to get the victim ip address that was under attack and were able to take necessary action.
All hail Scrutinizer!!
No comments:
Post a Comment