Hello,
we have a section of 64 Windows terminalservers.
In this section we are producing nearly 50.000 checks per hour over passive RMA.
We use for Master-Test a Ping-Test to 127.0.0.1 and various service checks, cpu/ram and free disk space. Thats 14 checks per terminalserver.
We have a traffic about 4GB per hour only by RMA at all.
That seems to be very much traffic for this.
What can we do?
Or is 4GB for 50.000 checks per hour a normal value?
Thanks a lot.
Much traffic caused by RMA
4GB for 50.000 checks? 80KB per test (average). Its too much.
What exactly traffic did you check?
- HostMonitor <-> RMA (traffic on single TCP port used by RMA)?
- RMA<->target systems?
- All traffic (in/out) on system where RMA is installed (probably caused by some other applications)?
Please provide details about all test methods performed by this agent
- ping: how many tests performed per hour (or per sec)? packet size? retries?
- cpu usage: how many tests performed per hour (or per sec)?
- free disk space: how many tests performed per hour (or per sec)?
- ram? what exactly test method/protocol is used? WMI? SNMP? Performance Counter?
Windows on RMA system?
Service Pack?
Windows on target systems?
Regards
Alex
What exactly traffic did you check?
- HostMonitor <-> RMA (traffic on single TCP port used by RMA)?
- RMA<->target systems?
- All traffic (in/out) on system where RMA is installed (probably caused by some other applications)?
Please provide details about all test methods performed by this agent
- ping: how many tests performed per hour (or per sec)? packet size? retries?
- cpu usage: how many tests performed per hour (or per sec)?
- free disk space: how many tests performed per hour (or per sec)?
- ram? what exactly test method/protocol is used? WMI? SNMP? Performance Counter?
Windows on RMA system?
Service Pack?
Windows on target systems?
Regards
Alex
We checked the traffic in/out from HostMonitor IP by firewall on target system.
ping: 120 per hour; packet size 0; packets 4
cpu: 20 per hour
disk: 12 per hour
ram: 20 per hour
Hostmonitor runs on Windows 2008 R2 Enterprise SP1 x64; HostMonitor Version 9.90
All target systems run on Windows 2012 Datacenter x64; RMA Version 4.62
ping: 120 per hour; packet size 0; packets 4
cpu: 20 per hour
disk: 12 per hour
ram: 20 per hour
Hostmonitor runs on Windows 2008 R2 Enterprise SP1 x64; HostMonitor Version 9.90
All target systems run on Windows 2012 Datacenter x64; RMA Version 4.62
1)
You said "50.000 checks per hour"
120 + 20 + 12 + 20 = 172
172 <> 50,000
Please provide correct numbers.
2)
There is traffic between HostMonitor and RMA. There is different traffic between RMA and target systems.
So, what exactly traffic did you check?
3) HostMonitor 9.90 comes with RMA 4.88. Please update agents and use all components of the software (HostMonitor, RCC, RMA, Web Service, etc) from the same package!
Regards
Alex
You said "50.000 checks per hour"
120 + 20 + 12 + 20 = 172
172 <> 50,000
Please provide correct numbers.
2)
Normally we use "target system" term for systems that you monitor. You said you are using RMA agent for these tests. This means there is no traffic between HostMonitor and target systems.We checked the traffic in/out from HostMonitor IP by firewall on target system.
There is traffic between HostMonitor and RMA. There is different traffic between RMA and target systems.
So, what exactly traffic did you check?
3) HostMonitor 9.90 comes with RMA 4.88. Please update agents and use all components of the software (HostMonitor, RCC, RMA, Web Service, etc) from the same package!
Regards
Alex
Sorry I forgot the service-check.
We monitor various services for terminalservices, antivir, network (Lanman, RPC).
This means nine checks every minute -> 540 per hour
(172 + 540) * 64 servers -> 45568 checks per hour
We have a firewall between Hostmonitor and target systems.
We checked the traffic on this firewall which comes from Hostmonitor-System to target systems and goes back.
All checks are performed by RMA which is installed directly on target systems.
I updated the components to new version but traffic is the same.
Thanks.
We monitor various services for terminalservices, antivir, network (Lanman, RPC).
This means nine checks every minute -> 540 per hour
(172 + 540) * 64 servers -> 45568 checks per hour
We have a firewall between Hostmonitor and target systems.
We checked the traffic on this firewall which comes from Hostmonitor-System to target systems and goes back.
All checks are performed by RMA which is installed directly on target systems.
I updated the components to new version but traffic is the same.
Thanks.
We cannot reproduce the problem.
>We checked the traffic on this firewall which comes from Hostmonitor-System to target systems and goes back.
Total traffic on all TCP/UDP ports?
or you are checking only TCP port used by RMA?
Could you try to increase test interval so HostMonitor will perform 25,000 tests per hour instead of 50,000 tests and check traffic?
Regards
Alex
>We checked the traffic on this firewall which comes from Hostmonitor-System to target systems and goes back.
Total traffic on all TCP/UDP ports?
or you are checking only TCP port used by RMA?
Could you try to increase test interval so HostMonitor will perform 25,000 tests per hour instead of 50,000 tests and check traffic?
Regards
Alex
It's total traffic on all ports, but most of it is 1055.
We can reproduce the problem when only activated one terminalserver to check -> only 712 checks per hour. The transfer rate on network card on hostmonitor goes from 5-15 KB/s to 500-1500 KB/s when we activate one terminalserver system.
We captured the traffic with wireshark.
We get thousands of "TCP ZeroWindow" Packets per second.
The only difference between our other systems and the terminalserver is a site-to-site VPN between hostmonitor-network and terminalserver-network.
Other services e.g. RDP or SMB from hostmonitor to terminalserver over this VPN are working perfectly. Here we don't get this "TCP ZeroWindow" Packets.
Have you ever observed such a problem?
Thanks.
We can reproduce the problem when only activated one terminalserver to check -> only 712 checks per hour. The transfer rate on network card on hostmonitor goes from 5-15 KB/s to 500-1500 KB/s when we activate one terminalserver system.
We captured the traffic with wireshark.
We get thousands of "TCP ZeroWindow" Packets per second.
The only difference between our other systems and the terminalserver is a site-to-site VPN between hostmonitor-network and terminalserver-network.
Other services e.g. RDP or SMB from hostmonitor to terminalserver over this VPN are working perfectly. Here we don't get this "TCP ZeroWindow" Packets.
Have you ever observed such a problem?
Thanks.
What test method is used? Service test? External test? Shell Script test?one terminalserver to check
Is this test performed by RMA or HostMonitor?
If you are using some external application/script for this test, this means application does not work properly.
HostMonitor -> VPN to -> RMA -> target system?The only difference between our other systems and the terminalserver is a site-to-site VPN between hostmonitor-network and terminalserver-network
or
HostMonitor -> RMA -> VPN to -> target system?
or
HostMoniotr -> VPN to target system?
Regards
Alex