Question : Network slowdown because of...

We have about 40 users in site one, 10 in site two, and 5 in site 3. All are connected via PPTP VPN connections. T1 in site one, T1 in site two, and an ADSL in site 3.

Site one and two use VOIP, which also shares the bandwidth between the offices. Site one Houses it's own BlackBerry server, as well as our Exchange server that services all three offices as well as remote users. Other VPN's are connected from time to time from remote, mobile users.

Site two is the new element in the mix: it houses a Linux/Samba based domain with Win XP workstations. The configuration here is a bit strange as they have basically disabled browsing function, and several other basic Windows services all in the name of security. The "New Network" this I am introducing into that office is more along the "Standard" Windows type.

From time to time, everything just slows down to a crawl... Internet browsing gets very slow, which I understand given all the traffic comming and going with Site one. But there are times that we even get bogged down just browsing to a folder on a local server.

This is the part that I am confused about, as I am assuming that, even if there is a bottleneck between offices as our company grows, this should not effect local resource access time.

As my users ask me why, I am left only saying "I'm not sure".

This is where you come in...

Any ideas or suggestions would be helpfull!

Thanks in advance

Answer : Network slowdown because of...

I've lived through this type of thing and here is what I ended up doing:

1) Install managed switches.  The more your network is a "star" topology and not a serial chain of switches the better in this regard but not too big a deal - - it's just that the more switches the more setup and the less likely that mirroring via cabling will be possible.

[You can just "plug in" a managed switch just like a dumb switch and it should work.  In order to use the managed features, you need to assign it an IP address on the LAN so you can access the control panel, etc.   Then you can use the added features.]

2) Inside the switch control panel(s), label the ports... what's on them?  Later, the monitoring will reflect these names so you'll know what you're looking at.

3) Presumably there will be a switch on the LAN that is closest to the internet gateway.  I'll refer to this as the LAN Switch.

4) If you have multiple public IPs at a site then there may be a switch used to connect various "public" devices to the ISP.  I'll refer to this as the Internet Switch.

5) Implement SNMP on the switches and direct the traffic to your own workstation.  I found that PRTG Traffic Grapher from Paessler was the easiest to set up and there's a free version which is a great starting point.

This is a bit of work but it will serve you well on into the future.  As a fallback, your existing devices may support SNMP and that would be worth setting up.  

So, with this done you can see the traffic levels in real time and with most switches you can also monitor the errors on each port.

Look for high traffic and look for errors.  That's how to deal with a situation like this.

Then, once you see where the high traffic is happening, you can use a packet sniffer like Wireshark.  If you have cabled access to a managed switch, you can mirror one port or another to a dedicated port that goes to your worksation or laptop.  Then, using Wireshark, you can see the packets on the suspect port and get IP statistics, etc. (if it's not a hardware error kind of issue) and you can perhaps figure out which traffic is causing the apparent overload.

Hint:  You can add a NIC to your workstation and assign it some nonsense IP address that's not on the LAN subnet - and hook it to a mirroring port on a switch.  It doesn't really matter and it will avoid confusion in your workstation re: the LAN connection.  Let's assume the LAN subnet is 192.168.1.0/24.  So, I set my monitoring NICs up with 192.168.2.2 and 192.168.3.2 with /24 in each case and they work great with no confusion with the LAN or between themselves.