【NetEyez Use Case #3】Delay in Internet Communication (Part 2)
〈Incident Description〉
On a Monday morning at Company A, there was a significant delay in accessing the internet, affecting all users within the organization. The issue persisted from the beginning of working hours throughout the morning but returned to normal by the afternoon.
〈Company A’s Network Environment〉
The network configuration at Company A is similar to that described in Case 1. Internet communication traffic flows through the Internet Gateway via a Proxy server located within the main office. Remote users outside the office are accommodated in the company’s network through a VPN gateway (see Figure 1).
There are four Proxy servers deployed, responsible for routing traffic based on communication content. General web access traffic is processed through Proxy 1 and Proxy 2, while Microsoft 365 traffic, including email and web conferences, is bypassed and load-balanced between Proxy 3 and Proxy 4. The Internet Gateway has a line speed of 100 Mbps, accommodating internet communication for 600 users.
〈Cause Investigation〉
Upon checking the traffic statistics of the Internet Gateway using the MRTG tool, it was observed that the downstream (from the internet to Company A) traffic reached almost the bandwidth limit (100 Mbps) and remained at that level throughout the morning of that day (see the blue broken line graph in Figure 2).
When checking the trend of internet traffic via the Proxy servers using NetEyez connected to the mirror port of the server switch (see Figure 1), a similar pattern was observed (shown in the green line graph in Figure 3).
Furthermore, when examining the traffic rankings for individual hosts, it was observed that a specific user terminal (Host A) generated the highest amount of traffic, surpassing even the Proxy server responsible for handling the entire organization’s web communication (see Figure 4).
Upon checking the partners of Host A, it was found that the majority of the traffic was internet communication through the Proxy servers (see Figure 5).
Checking the web end-to-end analysis screen of NetEyez revealed that a significant number of HTTP commands are being issued by Host A to an online storage on the Internet (Figure 6).
〈Solution〉
A Significant Amount of Data Downloaded
Upon conducting an interview with the user of Host A, an IT department learned that there was a significant amount of data downloaded from an online storage on the Internet during the morning of the same day. Company A typically experiences higher network traffic on Monday mornings after holidays, but this user’s activity coincided, leading to network congestion.
Company A had plans to expand the bandwidth of the internet connection. However, in the meantime, the user of Host A was requested to perform tasks involving large data transfers during time periods that would have minimal impact on the regular tasks of other employees.
NetEyez Use Case List
Click here for details about NeEyez.