Network Troubleshooting: Introduction to Suzhou Experience Center
A well-known Internet company, aiming to re-establish a presence in China, has been setting up experience centers throughout the country. These centers, including one in Suzhou, showcase high-end facilities and serve as hubs to promote Chinese-made products to the world. As the IT partner of the Suzhou Experience Center, we handled the entire network infrastructure setup. However, after the setup of an international link device, network issues began to arise. Letâs see how this center performs network troubleshooting.
Project Overview: Network Infrastructure Setup and Challenges
The entire project took two or three months. Firewalls, layer 3 switches, layer 2 switches, AC controllers, wireless APs, LED screens, splicing screens, projectors, broadcast systems, background music, etc. were all available. Installation and debugging went very smoothly until someone from the headquarters installed an international link device. Since then, there have been constant failures, and links have often been jammed and stuck. It is suspected that the firewall policy configuration was not done well.
Our engineer went to take a look and found that the international link used an Ai Fast device!
Unfortunately, our engineer, who debugged the network all day long, never thought that such a high-end company would use an Ai*Kuai that he had never seen before. The engineer of the firewall manufacturer also came to the site. The two of them complained about this device in the computer room and agreed that it was this device that caused the network to be stuck. After all, the performance of this thing would not be very high. But after all, we are all professionals and we have to speak with data. So, Wireshark was used to capture packets. The manufacturerâs engineer captured packets on the firewall, and our engineer captured packets on Ai*Kuai. After capturing for a long time, everything on the network was normal. . . . The customer was very depressed, and our engineer was also very depressed. The manufacturerâs engineer was a little angry and claimed that he would not come again next time if this happened, and there was no problem at all! Well, we returned empty-handed!
Three days later, the customer called again, saying that the international link was stuck again, and key applications were disconnected! I quickly logged into the customerâs firewall remotely, read the policy, and did a test. There was no problem. Only certain foreign websites would use the international link and general Internet access would use the telecommunications line. I wanted to log in to the i*kuai device but was told that external users were prohibited from logging in remotely. I was sweating. How could I determine the problem?
Fortunately, I was able to contact the IT of the Guangzhou branch. It was said that he was the one who came to use this device. OK, I asked him to log in to i*kuai remotely. He said that the international link is 4M and is fully occupied! Then he sent me several IP addresses with the most traffic.
Damn, itâs only 4M! I immediately called the IT of the Suzhou Branch and told him that Guangzhou IT Online said that the international link was overwhelmed! I quickly checked who was using these IPs. What business were they running? But he replied: No one is running an international business now! Because the link was overwhelmed, those who wanted to run international business were all passive!
Virus? The first reaction is the virus, otherwise, no one is running an international business, why is the link occupied? Moreover, the Guangzhou people said that the IP running the traffic has been changing. There must be a few computers infected! There are 80 computers in total. Fortunately, there were only more than 30 computers turned on that day. These 30 computers were immediately marked and shut down. The Suzhou branch IT was responsible for turning on the computers one by one. I was responsible for remotely monitoring the firewall, and Guangzhou IT was responsible for remotely monitoring Ai*kuai. When the 10th computer was turned on, the international link was full again. 4M is nothing for the firewall, so I just looked at the traffic ranking list. It was very obvious to the brother of Ai*kuai. Seeing that the bandwidth was used up, I quickly asked Suzhou IT to check the top 5 computers, but this brother said that the computers had just been turned on and no one had opened any windows. The task manager could not see any program running the traffic. This brother seems unprofessional. Tell him to download 360 Security Guard, which has a traffic firewall, and you can see which program is running the traffic.
You donât know until you see it. Itâs clear at a glance. I never expected that what filled up the international link was not a business application or a virus, but a Windows Update! Microsoft is an American company after all. Even Windows Update wants to go home. It doesnât use domestic lines properly but insists on using international links to download updates from American servers. No wonder the 4M link is filled up after booting more than a dozen computers. Even if there is only one computer, Windows Update can fill up 4M!
Guangzhou IT was speechless. They blamed us wrongly. It was not that our firewall policy was not well implemented. But how could this be solved? Shouldnât Windows Update automatically choose the shortest path? Why did it go to the US server to update? How can we eliminate this problem?
I answered: Isnât this easy to solve? Either run WSUS on the server, and everyone updates from the intranet so that the international link will not be occupied! Or deploy 360 Enterprise Edition, update the system through the internal server, and even update the antivirus software at the same time, which saves more traffic (although the fixed IP of China Telecom has unlimited traffic, haha)
Since the other party claimed to be an internationally renowned company, the deployment of 360 Enterprise Edition was rejected in one second. There was no other choice but to set up a WSUS server, and then configure this server in the firewall to only allow it to go out through the telecommunications line, and everything has been fine since then.
BTW: Internationally renowned IT companies are no better than this. I thought everyone was an expert, but I ended up meeting a few noobs. Only the guy from Guangzhou seemed pretty good. Maybe the experts are all in the US.