Based on Windows NT4.0 LAN after running a period of time, the entire network is discovered: running an office automation system and access to the WWW homepage in the WWW home page, which is slower than before, especially the internal home page, slower speed.
A, test time
After determining that there is no transmission problem, you can test it with the ping command. It is found not only ping to the internal homepage time. The local area network port (10.10.0.254) of the PING router is also turning.
B, flow analysis
We should conduct traffic analysis at this time. We decided to monitor the network monitor of Windows NT Server 4.0, monitor the operation of the network; monitor the bandwidth, peak use of the network, and monitor the data frame being transmitted, and analyze whether the network is analyzed by monitoring. Congestion, and the cause of network clogging.
Microsoft Network Monitor is a software-based network traffic analysis tool that allows users:
1. Capture the frame (packet) directly from the network;
2. Display or filter the captured frame immediately after capture;
3. Edit the captured frame and send them to the web.
Network Monitor is included in Windows NT Server 4.0 (Simple Version) and Microsoft System Management Server, because we don't have Microsoft System Management Server, so you have to install simple version of the network monitor, the installation process is: open control Network icons in the noodle version, select the service page, click "Add", then select the Network Monitor Tool and Agent, click OK, then enter the path to the Windows NT Server 4.0 disc, click Continue, start After installation, after installation is complete, restart so that the network monitor is installed.
Running a network monitor, pressing the F10 function key to start capturing network traffic, by capturing the statistics of the window, found that the network utilization rate is maintained at 50%, and most of the router is turned on. Press the F11 function key to stop capturing, then press the F12 function key to display the captured data, and find more than 90% of the data frames are sent by the DNS service. So many DNS data frames on a network are unimaginable, so basically determine that the fault is caused by DNS.
C, DNS reassurance
DNS reassure, restore the OA server (10.10.0.1) of high-speed our bureau (10.10.0.1) and domain name system server (DNS), all LAN client DNS points to 10.10.0.1, that is, when there is a client request to resolve the host name into an IP address, All issued a query request to 10.10.0.1 host. Carefully check the configuration of the DNS, found that the server properties are selected using the forwarder, the host 10.10.0.5 is entered in the list, that is, when the server cannot parse the client's domain request, the request is passed to another DNS server. : 10.10.0.5.
Host 10.10.0.5 is a WWW server running Windows NT Server 4.0, and the default gateway for all clients in the local area network points to the host through the host and the network host (non-bas-subnet), it does not Provide domain name resolution services.
When two DNS servers do not parse the request hostname, a dead cycle is formed, producing a large number of network traffic, affecting the running speed of the entire network. Since the default gateway for WWW server 10.10.0.5 is a local area network port (10.10.0.254) of the Cisco 2621 router, a large number of data frames are forwarded to the router, causing network blockage. The problem is solved this: Remove the DNS service that is temporarily installed on the WWW server (10.10.5), turn off the DNS server (10.10.0.1) forwarding, so that the network speed is significantly improved, communication is also normal.
