This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Newbie - experiencing severe network latency issues

0

Hello, experiencing severe network latency issues. I'm not a network administrator but rather systems admin, and ERP admin.

Info: - network is strictly IPv4, with one DHCP server running on W2K8 R2 server; - 4 Netgear switches on the LAN (2 x GSM7248, 1 x GSM7248R, 1 x FS750T2); - ran an 11 second wireshark capture on the LAN from a W2K8 server

Does it seem strange that there's a crazy amount of IPv6 traffic?

alt text

alt text

asked 27 Jul '14, 19:51

buefordTJ's gravatar image

buefordTJ
11112
accept rate: 0%

Does it seem strange that there's a crazy amount of IPv6 traffic?

no, as IPV6 is enabled by default on Windows >= Vista.

But besides that IPv6 question. What is your question regarding the severe network latency issue?

(27 Jul '14, 20:21) Kurt Knochner ♦

IPv6 itself being enabled isn't odd, but for a 11 second trace that's about 280 Kbps and 3200 pps of IPv6 payload to the server, which is kind of odd if you're not intending to use that stack at all.

bueford, what is being carried in those packets (eg: TCP/UDP port number if it is one of those)? What is the response (the two other MACs look like they're load-balancing the other direction)?

There's really not a lot to go on here in diagnosing why the network is slow but if you can upload the actual packet capture that might be helpful also (https://appliance.cloudshark.org/upload/ )

(28 Jul '14, 17:41) Quadratic

One Answer:

0

Kurt, it just seems like there are way too many IPv6 packets being sent out, the result being the entire network slows down, our ERP system reponsiveness slows to a snails pace, wireless connections are dropped.

Quadratic, i've uploaded a subset of those IPv6 packets to https://www.cloudshark.org/captures/4cc4188f573d

I think i might have found the source of the problem. Googling the same symptoms i found this thread https://communities.intel.com/thread/48051 Seems like there is a known issue with Intel I217-LM network cards. When the PC went to sleep these cards would flood the network with IPv6 mutlicast traffic. 4 weeks ago we just purchased 5 Lenovo desktops to replace some old XP workstations and yes, they all had the same Intel I217-LM network card. Upgraded the firmware today and the PCs have been "asleep" since 5:00PM ... no sign of the IPv6 flood so far. Keeping fingers crossed.

answered 28 Jul '14, 20:01

buefordTJ's gravatar image

buefordTJ
11112
accept rate: 0%

Ah, that makes sense. One suggestion though - disable the IPv6 protocol stack altogether on these machines if you have no use-case for it. Unused protocols on the network only add to the noise, take up bandwidth and in some cases increase the network's attack surface unneccessarily.

(28 Jul '14, 20:37) Quadratic

FWIW, Microsoft do not recommend disabling IPv6. See their IPv6 FAQ here.

(29 Jul '14, 01:46) grahamb ♦