I'll have to find out how we deploy headless laptops in the DC to monitor traffic. I know they're running on ubuntu, but I don't deal with taht side of the network so I don't really pay much attention. I'll ask tomorrow.

So that'll likely be a fuck ton of data, unless you know specific src/dst addresses and protocols that you can filter by. With TCP you should see retransmits and such - but without more details it is hard to provide better details.

How did the customer determine packet loss?

that's the other hard part, their IP src/dst is their world and we don't know any of it (I guess we could ask them for that) to filter on certain flows.

They are using some flavor of performance assurance agent software (like Accedian or similar) to send test data end-to-end, so that they are always aware of available bandwidth, packet loss, latency, other performance data. They say this only happens occasionally, IMO I think it must be some bursty traffic that (briefly) over subscribes their service rate.

That is likely. Are the Cisco devices or some other device that supports netflow? If so, do they have any NMS that can correlate the data to review later? Granted, netflow and its variants won't indicate a network failure type situation. However, if they have SNMP running and monitor all the interfaces and netflow - you'll get a better snapshot of what's going on during the reported time.

As you may know, they may say "this morning" or "it happened around 8" which the translation is anytime from midnight until 1500 or so.

We are asking them about things like netflow, and also more specifics on how their traffic happens.

Its actually a hybrid of sorts, which doesn't make troubleshooting it any easier :/

{CPE} U.S.A - 1000BaseLX - [Cisco 15454 ADM] -<STS-1 sized EoS circuit via OC-48>- [Cisco 15454 ADM] - 1000BaseLX - [client vlan access Force10 S4810 vlan trunk] - 1000BaseLX -<STM4 sized EoSDH via STM16>- 1000BaseLX - [vlan trunk Arista 7124SX client vlan access] - 1000BaseLX - {CPE} Brazil

So...w/o applying rate policing on the Force10 or Arista switches, the circuit is essentially constrained to the STS-1 sized EoS circuit (aka DS3 rate or 45Mbps).

We want the client to rate police their egress traffic before it touches our network, so any throttling from bursty traffic on their network, stays in their network.

I've not really used that device or installed it a lot. More of a optical/SONET device and I'm GUESSING netflow will be a no go.

Police or shape? As I understand it, for critical/internal type traffic, shaping is more desirable. i.e. for WAN traffic for companies, we generally try to do traffic shaping. For customers that are more like an ISP, we'll setup policing.



Either way for you the end result is the same. However, the customer may have better results on their end - most likely.

Thanks for the info ceyko I really appreciate it! We've got several other customers on this platform w/ no issues so we feel pretty confident the customer should be able to sort it out.