Koozali.org: home of the SME Server
Obsolete Releases => SME Server 8.x => Topic started by: bloodshoteye on November 05, 2013, 11:46:10 AM
-
Hi all,
I have a network question involving SME 8.0 at our school.
Brief description of the current infrastructure:
Internet
|
DSL Modem
|
DMZ - ISP managed Internet Gateway/Mail/Proxy server (we have minimal access)
|
LAN (10.0.1.0)
|
SME 8.0 in server only mode as PDC, Samba and DHCP server
120 or more workstations
The network is CAT6 with new remote switches backboned to the server room's switches.
SME's 15min load average seldom exceeds 2.0 with dual quad core cpu's and 48GB ram.
Problem: Network access is frequently slow under normal daily usage.
Content is becoming more and more bandwidth intensive, like multimedia and other client/server applications.
Possible cause: Too many machines up at any one time on a single network - sometimes 90 users when computer classes and staff are active.
Perhaps the slow network can be rectified by moving pupil machines to 10.0.2.0 and staff to 10.0.1.0, for example.
Question: I'm aware that SME in server only mode disables the 2nd nic. If I put SME in private server and gateway mode, will it activate the 2nd nic? If so, I can plug the 70 pupils into the 10.0.2.0 nic
I'm really trying to avoid a 2nd domain controller due to hardware expense and also extra backup requirements.
I've searched these forums, but found nothing so far that addresses the above.
I can't find any SME technicians in the Cape Town area.
I'm open to any suggestions, please.
Cheers,
-
Hi,
You need to find out what causes the slow down.
which process(es) are eating up the cpus?
is swap involved?
slow disk(s)?
You might want to install some monitoring tool (http://wiki.contribs.org/Sme8admin (http://wiki.contribs.org/Sme8admin))
Please give us more information about your running applications (something more detailed than "other client/server applications")
edit: high cpu load with your configuration would be close to 8. Your 2 means around 25% cpu load
-
Hi,
You need to find out what causes the slow down.
which process(es) are eating up the cpus?
I'll use Sme8admin to graph that
is swap involved?
No
slow disk(s)?
No - disks are Raid 1, 2TB SATA at 7200rpm, 31% full and OK.
You might want to install some monitoring tool (http://wiki.contribs.org/Sme8admin (http://wiki.contribs.org/Sme8admin))
Thanks for the pointer to Sme8admin which I will install at end of our working day.
Please give us more information about your running applications (something more detailed than "other client/server applications")
Clent/Server apps:
Symantec Antivirus: (+- 100 clients - definition updates every 2 hours)
Faronics Deep Freeze: advanced system integrity (+- 100 clients)
Faronics Insight: classroom management tool (70 clients)
Saspac School Administration: (8 clients)
edit: high cpu load with your configuration would be close to 8. Your 2 means around 25% cpu load
Yes, cpu load is not the problem
netstat -i shows no errors on the SME server
I could also mention we use roaming profiles. It's an ongoing education program to encourage saving data in their Samba "home drive" as opposed to their Desktop and My Documents, which enlarges roaming profiles.
Cheers,
-
Ok, server cpu load being out of the equation, You'll need to investigate network bandwidth usage (sme8admin will help You with that, at least at the server level).
Are all your switches working at gigabit speed?
If yes, You may want to have a look at the bandwidth usage between switches.
Should You find one (or more) saturated link(s), You may use 802.3ad bonding for inter switches connections, eventually also between your server and main switch.
Good luck.
-
Are all your switches working at gigabit speed?
Yes. Slowdown has occurred more than a year after the network upgrade to gigabit.
Almost every switch port is green thus providing gigabit speed.
If yes, You may want to have a look at the bandwidth usage between switches.
Should You find one (or more) saturated link(s), You may use 802.3ad bonding for inter switches connections, eventually also between your server and main switch.
How would I look at bandwidth usage between switches? All our switches are good quality but unmanaged. Or do you mean are they also connecting at gigabit speed?
Cheers,
-
I feel sorry for You, unmanaged switches = too bad.
While they might be acceptable in a soho environments, they are basically featureless.
Normally, You monitor managed switches via SNMP using tools like cacti, nagios, etc.
The thing is, even the cheapest managed switches allow You to double, triple, or more your overall bandwidth using 802.3ad.
IMVHO, the extra price tag is well worth it.
-
I would add that roaming profiles, without a strict disk quota management, are bandwidth eater :-)
-
How would I look at bandwidth usage between switches? All our switches are good quality but unmanaged. Or do you mean are they also connecting at gigabit speed?
I guess you meed some form of monitoring box between each switch - a router/linux box with 2 network cards and some monitoring software. Or as previously suggested, get some monitored/managed switches.
B. Rgds
John
-
I would add that roaming profiles, without a strict disk quota management, are bandwidth eater :-)
Already doing that - pupils have 200MB soft and 250MB hard quota, total. Not all use the max, and not all their MB is consumed by profiles, but even if the average profile is 60MB they expect the server to provide 3.6GB within 3mins at the start of class :shock:
I guess you meed some form of monitoring box between each switch - a router/linux box with 2 network cards and some monitoring software. Or as previously suggested, get some monitored/managed switches.
That makes sense to me. I can use an old box without it costing any moola.
. . .
The thing is, even the cheapest managed switches allow You to double, triple, or more your overall bandwidth using 802.3ad.
IMVHO, the extra price tag is well worth it.
If my original post could be answered, that is:Question: I'm aware that SME in server only mode disables the 2nd nic. If I put SME in private server and gateway mode, will it activate the 2nd nic? If so, I can plug the 70 pupils into the 10.0.2.0 nic
then I may only need to swop out one switch for a managed switch, then plug all pupils into that downstream?
This makes me wonder if I could load SME onto an old box and turn it into a LAN router. Stick it between the computer classrooms and the Samba server, plug pupils into one nic and Samba into the other. Can SME do that?
Cheers,
-
I think that using sme server in server + gw mode to solve your current issue is a bad idea. It's not designed to work that way.
For the time being, get sme8admin installed and show your numbers. Your 2TB 7200 rpm raid1 hdds may well be your bottleneck, or be part of it.
If you can afford a managed switch, get a good one (48 ports is not too big, layer 2 if you can afford it) and replace your main switch with it, at least You'll get an idea about how the bw is spread across your LAN, and You open the door to connect your server(s) to 802.3ad trunks.
btw, how many peripheral switches do You have?
-
bloodshoteye
Network access is frequently slow under normal daily usage.
Content is becoming more and more bandwidth intensive, like multimedia and other client/server applications.
This comment probably gives a good clue. What was OK before, has now become overloaded.
I'm aware that SME in server only mode disables the 2nd nic. If I put SME in private server and gateway mode, will it activate the 2nd nic? If so, I can plug the 70 pupils into the 10.0.2.0 nic
In server only mode you can select the option to bond 2 NIC's to increase throughput.
IIRC both NIC's need to be identical & support bonding.
Search the forums as this has been answered before.
Doing that may help performance on your single network.
As fas as adding a second NIC in server only mode on another network, SME being Linux then this could possibly be done using custom templates. Again search the forums on this.
The Coova Chilli contrib wiki article is an exame of doing this.
As others have said, you need to determine where & what the "technical" problem is before trying to fix it. So far you have essentially said "slow network access", which is not very informative or useful. You need to test, analyse & diagnose before making changes.
-
Hi, Bloodshoteye,
Just to add to what the others have said:
Roaming profiles may be your main problem. My experience with them (in the dim mists of NT Admin days at a school) was of the network choking at login time - they all want to login at the same time, because students work in blocks: all in class at the same time, all logon at the same time etc.
The answer was to set everyone to a MANDATORY profile. See http://msdn.microsoft.com/en-us/library/windows/desktop/bb776895(v=vs.85).aspx (http://msdn.microsoft.com/en-us/library/windows/desktop/bb776895(v=vs.85).aspx)
This stops users saving stuff to the desktop and rapidly getting a huge profile to download at logon. Profiles should be just a few Mb. 10 Mb is big - we had kids with 200Mb.
With Mandatory Profiles, not finding something you saved to the desktop next time you login is a powerful incentive to learn how to use network drives.
The points made about managed hubs are also very valid - but they are a step up in hardware, training and ongoing monitoring. Still, if you try mandatory profiles (small ones! Very important!) and the problem persists, then managed hubs may be necessary.
Someone who can analyse network traffic (what it IS not just where it comes from/goes to and how big it is) may be available just to come and look on a one-off basis to let you know where the problem lies. See if there is a local support group for schools or a Computer User Group of some sort nearby. I know there are tools available to do this sort of analysis but I don't know what they are or how to use them - but (when I was still a teacher) I had students who could and did.
Cheers - and good luck
Ian
-
@ _alex
1) I'm collecting data via sme8admin. So far I can't see a problem
2) We are considering replacing the core switches with layer 3 managed types. Then we will setup some vlans.
@janet
This comment probably gives a good clue. What was OK before, has now become overloaded.
This really says it all, I think. Nothing wrong with SME setup; a friend re-inforced my thinking when he said we have an extraordinary volume of broadcast traffic. That will be controlled with vlans.
Thanks for the reference to the CoovaChilli contrib. I like it, yet I don't think it's a long term solution in our case.
@idp_qbn
Whatever else I do, I'm going to try mandatory roaming profiles out. I think the loss of permanent desktop customization for the little dears is small loss compared to the gains. I'm glad you mentioned this as it completely slipped my mind.
When appropriate, I'll post my findings/solutions to this thread
Cheers,
-
bloodshoteye,
1) I'm collecting data via sme8admin. So far I can't see a problem
By "can't see a problem", you mean the network interface doesn't get saturated while everybody is opening their domain sessions? Slow disks!
2) We are considering replacing the core switches with layer 3 managed types. Then we will setup some vlans.
Good news for the switches. But what make You think that You need to setup VLANs? You need to collect and investigate your numbers before taking any decision!
Do You think You have too much broadcast traffic? What about collecting some numbers before stating about it:
(http://i.imgur.com/zxJtRHO.png)
It shows all broadcast traffic over a month in a ~25pc company (collected at the border router). That kind of information will help You make wise decisions which implicate justifying new hardware purchases, sysadmin setup time, etc.
-
hi coming late into this conversation.
I have a few sites with similar problems,
1. roaming profiles slow the network down at certain times, several students trying to logon at the same time. not much u can do about this
2. internet traffic slows at certain times during the day, 65 - 70% of network traffic being facebook. Students in South Africa love facebook.
I have split the network - Staff and Students. Completely separate even their own internet connection. Their own SME servers and network. Yes a lot of extra work switches and cabling. I have a vlan but mainly for Voip on staff network, student activity now no longer affects the staff.
i run webfiiltering and block loads of web sites, normally at the beginning of the year when all the new students arrive. check every day of top ten illegal sites and block them.
Using webfiltering works great for normal web sites, but students have figured out how to log into https: which webfiltering doesn't block. So all i do is setup a domain on the sme server facebook.com, with a one page website telling them it is blocked. our internet useage and network traffic speed cleared up almost instantly.
Student server handles about 10k emails every day, as each student has their own supplied email address, i then have setup each account to then forward that email to their private email account. At the end of each year i delete all old students. Students renowned for not check institutional emails.
I might come under fire for this but these are just personal observations:-
i have noticed the bigger the HDD the slower the server runs. this is properly related to the hardware configuration. If i can get away with 1TB i prefer to use that as my max size. Where a server will be storing large data i will go to 2TB.
I also don't trust raid (sorry goes back many years), and also think it slows the server down. Just a good backup system.
also the less contribs loaded the better.
My 10c worth
thanks
john
-
I thank you-all for the advice I'm receiving!
@_alexYou need to collect and investigate your numbers
In hand
@hawksetup a domain on the sme server facebook.com, with a one page website telling them it is blocked. our internet usage and network traffic speed cleared up almost instantly.
There are a few determined kids everywhere in the world. Staying one step ahead - I like it.
the bigger the HDD the slower the server runs . . .
Can't say, but I recently went from 750GB to 2TB to provide expansion. Teachers are needing archives of their material going back many years. And yes I know I could save that on a NAS but I want this available to them via one logon/password combo and in their networked home drive. At busy schools, the bell rings, teachers run. They don't have time to bugger about. I do have another SME server doubling as a Moodle server and very long term storage for specific individuals.
But I digress. I am monitoring from now on with ntop and sme8admin. However, whatever the outcome we are going to replace our core switches with manageable ones and later the remote units. Thus I can eventually monitor the entire network for hardware and workstation faults. And implement vlans should I need to create broadcast domains - which sounds like a good idea anyway. If our slowdown is not broadcast/multicast traffic, it may be fault related. No easy way to pinpoint that (that I know of).
Cheers,
-
Symantec Antivirus: (+- 100 clients - definition updates every 2 hours)
Have you had a close look at this and it's configuration to determine / eliminate if it is implicated in your issue ?
My experiences of it indicate it is resouirce and bandwidth hungry.
-
Regarding AV's
i have removed all AV's from the network computers, we only use the one supplied from microsoft MSE / windows defender.
All Pc's run faster and we haven't had any form of virus problems. All computers getting cleaned up at end of year shut down using several other tools.
-
@p-jones
Symantec is most definitely a contributor. I personally don't like it. It's cpu intensive, intrusive and a hog at the best of times. However, it's what public schools are provided free of charge here in SA. AV's are usually quite expensive and annually renewable, even if discounted for non-profits.
@hawk
i have removed all AV's from the network computers, we only use the one supplied from microsoft MSE / windows defender.
I do that for teachers who bring their personal laptops in and for mine. If I could get MSE & Defender to update through a proxy, I would. They are quite good enough (in my humble opinion) and after turning off all the "send this or that to Redmond" stuff, would do away with AV related broadcasts/multicasts.
Cheers,