Windows Server 2003 Performance Monitor - Network

Guy Recommends

A solution to monitor, manage and archive thousands of events that are generated by devices across the entire network. 
Download FREE trial

---

---

OpusFlow Exchange
Group Calendar

Introduction to Network Bottlenecks

Running programs over the network is likely to result in network bottlenecks.  Other causes of high network activity are, roaming profiles, file copying or large print jobs.  Use performance monitor to create a log and calculate the network utilization.

Network Topics

• Key Network Counters
• Detecting a Network Bottleneck
• Problem with Network Segment / Network Utilization
• Network Monitor
• Additional Network Counters
• A Vision of Network Monitoring
• Solutions to Network Problems

Key Network Counters

Network Interface\ Bytes Total/sec
Network Interface\ Bytes Sent/sec
Network Interface\ Bytes Received/sec
Network Interface\ Current Bandwidth

Detecting a network bottleneck

There are several cautionary tales with this performance monitor chart.  Let me see if I can convince you that the maths prove a network bottleneck.

The Bytes / Sec average 913,999.  Beware, System Monitor never uses thousand separators which make the figures awkward to read.  I have often revisited the data because I was out by a factor of ten.  For example, at a glance you could mis-read 913999 as approximately 91,399 or even 9,1399,999.

Diagram 1

You may think that just comparing the red line (Current Bandwidth) with the white line (Bytes /Sec) proves that the network is at full capacity.  On closer inspection of the Scale, you realize that the red line is 10x bigger than the white line.  Now you may revise you estimate and believe that the network is only running at 10% of capacity.  However, there is one more factor, the red line is in bits while the white line is in bytes. 1 bytes = 8 bits.  When you compute all these factors, the network is actually running at 73%.

Summary

White Line Bytes /Sec = 913,999 bytes x 8

White Line Bytes /Sec = 7,311,992 bits. 

Red Line Current bandwidth = 10,000,000 bits

Network Utilization = 73.12%

One of the amazing features of the original ethernet network is that only one machine can transmit at a time.  Once the network reaches 30% capacity, pure chance means that two machines try and send a packet at the same instant.  The result is more and more collisions start happening, this leads to re-transmissions and a slow down of network traffic.

Networks bottlenecks occur at surprisingly low levels of utilization.  40% would normally be considered a bottleneck, and the only reason that I got a higher value was that there are only three machines on my test network.  The more machines the greater the risk of collisions from two machines wanting to transmit at once.

However, with modern production networks two items of technology have alleviated the above bottleneck problem:
a) Switched networks replacing hubs
b) 100MB network cards replacing the old 10MB cards.

Problem with Network Segment \% Network Utilization

The problem is that it seems to have been discontinued in Windows 2000 onwards.  Several respected sites claim you can install Network Segment via the Network Monitor, or Protocol Driver.  For what its worth I have tried numerous techniques of getting the counter to appear in performance monitor without success - I agree with Microsoft Network Segment is no longer available.

Microsoft's TechNet article 253790 Says:

SUMMARY
In Windows 2000, installing Network Monitor does not add the Network Segment object in System Monitor as in Microsoft Windows NT.
MORE INFORMATION
To increase the stability and reliability of the Windows Management Instrumentation (WMI) interface, this object has been removed from System Monitor in the Performance tool in Windows 2000. 

Network Monitor

Microsoft have supplied Network Monitor from NT 4.0 onwards.  I mainly use the Network monitor to troubleshoot connectivity problems, however you can use it to check network utilization.  The diagram to the right shows a peak of about 85% and an instantaneous value of 81 or 82.  This is merely a snapshot and unfortunately the Network monitor does not keep permanent records of network utilization.

Additional Counters to investigate

UDP\ Segments Received/sec
UDP\ Segments Sent/sec
TCP\ Frames Sent/sec
TCP\ Frames Received/sec
 

Server\ Bytes Total/sec
Server\ Bytes Received/sec
Server\ Bytes Sent/sec

Guy recommends: The SolarWinds ipMonitor

My attraction to ipMonitor is because it inhabits that zone of part work, part play; Guy just could not put the dashboard away.  This excellent performance monitor will get you started in the quest to remove bottlenecks on your network.  SolarWinds provides this fully-functioning product free for 21 days.  So download and install ipMonitor, then start scrutinizing your computers CPU, memory and disk performance.  You can also select from zillions more performance counters such as fan temperature and battery level. 

Installing ipMonitor is a breeze, but learn from gung-ho Guy's mistake and install SNMP on each computer that you wish to monitor.  What sealed my unreserved recommendation of SolarWinds is their support team, you will get expert help even when you are evaluating the ipMonitor.

Download SolarWinds ipMonitor (21 days eval)

Solutions to Network Problems

• Add another network card
• Segmentation - change your subnet mask, add routers
• Switches - install a packet switch
• Reduce Protocols - remove NWLink if you have no more Novell 3/4 servers
• If you must have more than one protocol, check the bindings order in the network icon

More help for detecting bottlenecks

• Memory
• Processor
• Disk
• Network
• A Vision of Network Monitoring

Home Copyright © 1999-2008 Computer Performance LTD All rights reserved

Please report a broken link, or an error.