6 Replies Latest reply on Sep 15, 2015 8:19 AM by liamdwyer

    akamaitechnologies.com and CS0

    rhlee222

      Hi,

           I am brand new to using solarwinds products. So far, I am very impressed. We are using NTA to get to the bottom of performance issues, slow network, internet bandwidth issues. Our ISP said we wave a lot of broadcast traffic which I am attempting to narrow down.

           It appears that the service causing the most trafic is CS0, in conjunction with domain akamaitechnologies.com. On endpoint (PC) in particular is causing most of this traffic. Can anyone offer some insight as to what is happening?

       

      Thanks much,

      Rick

        • Re: akamaitechnologies.com and CS0
          darragh.delaney

          Hi rhlee222

          Akamai are a content distribution network (CDN) and the traffic could be associated with any one of their many customers (YouTube, Microsoft, others...). NetFlow tools will struggle with this as they do a reverse lookup on IP addresses. Interesting blog post at this link which explains more.

           

          You do have another option. A deep packet inspection tool which looks at HTTP headers will pull the website information from the CDN traffic so you can see what sites\applications your users are using. It should be easy to find out what is triggering the ISP alert with this technology. What you need to do is SPAN or mirror your Internet connection and send it to a tool like LANGuardian. It is available as a 30 day trial which should give you enough time to get to the root of the problem. It can also integrate with SolarWinds Orion and a demo of this is available here : http://demo2.netfort.com/Orion/SummaryView.aspx?viewid=31&AccountID=guest

           

          Finally, I included a video below which explains more about SPAN ports and Internet monitoring. Hope this helps

           

          Darragh

           

          1 of 1 people found this helpful
          • Re: akamaitechnologies.com and CS0
            rhlee222

            Thanks again, you have been very helpful. Is in normal for all internet traffic to be tagged CS0 in NetFlow?

              • Re: akamaitechnologies.com and CS0
                Craig Norborg

                CS0 or "Class Selector 0" is one QoS marking of many that can aid you in determining what traffic is more important in getting from one end to the other.   You can see ratings of CS0 through CS7, and generally speaking the lower the # the less important the traffic is.  So, CS0 traffic is also known as "Best Effort", "Bulk", or most likely to be dropped or delayed!!  ie: the least important traffic...      Things like routing protocols and applications that need low latency, like VoIP, are usually among the highest rated.

                 

                Here is an aritcle explaining a bit.

                http://www.cisco.com/en/US/products/ps6902/products_implementation_design_guide_chapter09186a0080666638.html#wp1098099

                 

                But, to answer your question, yes, in general its normal for most internet traffic to be tagged CS0.   That means that it was either specifically tagged as being "Best Effort", or didn't get a marking so it was just left at the default of "CS0"...

              • Re: akamaitechnologies.com and CS0
                liamdwyer

                Good morning, just saw this as I was looking for something myself.  Took me forever to figure out what was coming from Akamai but we finally tracked down the traffic to Skype banging back and forth.

                We then put a QoS policy in the firewall.

                Hope that helps.