Brief network spikes.

Issues related to configuring your network
Post Reply
packetman99
Posts: 13
Joined: 2017/02/23 15:26:27

Brief network spikes.

Post by packetman99 » 2017/02/23 16:20:10

Hi There,

I was wondering whether there's a Network guru around who's brain I can pick.

I'm running a small ISP and I'm using custom build Linux routers to get the job done but I've started noticing some oddities on the network for the past week. We have around 650Mbp/s of total Internet Capacity but usually averages between 450 to 550Mbp/s during the day but I started seeing network spikes every 10 to 20 seconds pushing my usage on my core firewall to over 1GB but only for a few seconds after which it drops back down to normal.

The other strange part is , I'm only seeing the bandwidth spikes on my core router between my inner (eth5) and outer (eth0) Interface. These traffic spikes isn't visible on my edge router where my upstream providers flow into. I'm also not seeing these spikes on any of my MRTG graphs. Perhaps I'm missing something here but in my understanding my core Firewalls traffic should match the traffic on my edge firewall right ?

My outer (eth0) Interface plugs into my bandwidth manager which in turn plugs into my edge routers inner (eno2) where all our upstream providers are flowing into (eno1) . I've done a few packet captures with tcpdump and imported it into Wireshark but I'm not really 100% what to look for. Any ideas on what might be causing these spikes would be greatly appreciated. I''ve included a small Network Diagram.

Thanks in advance,

I used Nload on each interface to get some realtime statistics.

The below values were recorded on my Core firewall.
Eth0 (Outer Interface , goes to Bandwidth manager which goes to my edge firewall (eno2)
Nload stats on interface Eth0
Curr: 301.95 MBit/s
Avg: 431.78 MBit/s
Min: 0.00 Bit/s
Max: 1.43 GBit/s
Ttl: 787808.69 GByte


Eth5 (Inner Interface , plugs into a switch which feeds my customers)
Nload stats on interface eth5
Curr: 385.77 MBit/s
Avg: 399.40 MBit/s
Min: 262.46 MBit/s
Max: 1.29 GBit/s
Ttl: 27408.75 GByte

And these values were recorded on my Inner interface (eno2) of my edge router.

eno1 WAN (This is my Wan Interface to the outside world)
Edge Firewall / router (Centos 7);
eno2 LAN (This interface plugs into my bandwidth manager which in turn plugs into my Core firewalls outer interface(eth0)

Nload stats on interface eno2
Curr: 336.97 MBit/s
Avg: 381.66 MBit/s
Min: 309.01 MBit/s
Max: 548.93 MBit/s
Ttl: 504389.72 GByte
netDiagram.jpg
netDiagram.jpg (46.54 KiB) Viewed 1155 times

Post Reply