The network subsystem is by far one
of the most difficult subsystems to monitor because of the many
different variables. The number of protocols used in the network, NICs,
network-based applications, topologies,
subnetting, and more play vital roles in the network, but they also add
to its complexity when you’re trying to determine bottlenecks. Each
network environment has different variables; therefore, the counters
that you’ll want to monitor will vary.
The information that you’ll want to gain from
monitoring the network pertains to network activity and throughput. You
can find this information with the Performance Monitor alone, but it
will be difficult at best. Instead, it is important to use other tools,
such as Network Monitor, to get the best representation
of network performance as possible. You might also consider using
third-party network-analysis tools such as network sniffers to ease
monitoring and analysis efforts. Using these tools simultaneously can
broaden the scope of monitoring and more accurately depict what is
happening on the wire.
Because the TCP/IP suite is the underlying
set of protocols for a Windows Server 2012 network subsystem, this
discussion of capacity analysis focuses on this protocol.
Note
Windows Server 2012 and Windows 8 deliver
enhancement to the existing quality of service (QoS) network
traffic–shaping solution that is available in earlier versions. QoS
uses Group Policy to shape and give priority to network traffic without
recoding applications or making major changes to the network. Network
traffic can be “shaped” based on the application sending the data,
TCP/UDP addresses (source/destination), TCP or UDP protocols, and the
ports used by TCP or UDP, or any combination thereof.
Several different network performance objects
relate to TCP/IP, including ICMP, IPv4, IPv6, Network Interface, TCPv4,
UDPv6, and more. Other counters, such as FTP Server and WINS Server,
are added after these services are installed. Because entire books are
dedicated to optimizing TCP/IP, this section focuses on a few important
counters that you should monitor for capacity-analysis purposes.
First, examining error counters, such as
Network Interface: Packets Received Errors or Packets Outbound Errors,
is extremely useful in determining whether traffic is easily traversing
the network. The greater the number of errors indicates that packets
must be present, causing more network traffic. If a high number of
errors are persistent on the network, throughput will suffer. This can
be caused by a bad NIC, unreliable links, and so on.
If network throughput appears to be slowing
because of excessive traffic, keep a close watch on the traffic being
generated from network-based services, such as the ones described in Table 1. Figure 1 shows these items being recorded in Performance Monitor.
Figure 1. Network-based counters in Performance Monitor.
Table 1. Network-Based Service Counters Used to Monitor Network Traffic
