Skip to main content

Network diagnostics for a dedicated server

Last update:

If you encounter network problems, perform a diagnostic.After diagnostics, some common problems can be solved by yourself.

If the problem cannot be solved, create a ticket.In the ticket, specify the description of the problem and attach the results of diagnostics.The method of diagnostics depends on the problem you encountered.

Network problems and diagnostic methods

No internet access
The server is unavailable on the network
The server is unavailable from a specific external network
Short-term loss of connection
Low speed
High network latency
Packet lossPerform route tracing

Perform route tracing

Perform route tracing if you encounter:

  • with slow connection speeds;
  • high network latency;
  • by the loss of the connection;
  • by packet loss during data transmission;
  • inaccessibility of the server from a particular external network.

You need to trace in two directions — from the dedicated server to a point outside the Selectel infrastructure and back again.To do this, you need an external server — any server with a public IP address and Internet access that is outside the Selectel infrastructure.

We recommend performing tracing with the mtr utility (WinMTR for Windows).The utility allows you to trace the full path and time of traffic and find out at what stage of the route delays or packet loss occur.

  1. Perform a trace from the dedicated server to the front-end server.
  2. Perform a trace from the external server to the dedicated server.

1. Perform a trace from the dedicated server to the front-end server

  1. Connect to the server via SSH or via KVM console.

  2. Install the mtr utility on a dedicated server.Read more on GitHub mtr.

  3. Optional: prepare the dedicated server for tracing — shut down utilities and applications that may affect the trace result:

    • firewall rules in the OS;
    • application layer (L7, application layer) — web servers, mail servers, file servers, name servers, peer-to-peer network clients and servers, etc.

  4. Perform a trace to the external server address:

    mtr -b <remote_ip_address>

    Specify <remote_ip_address> — The IP address of the external server.

  5. Wait for the utility to perform a trace and display route and delay information.

  6. Stop the trace:

    q

2. Perform a trace from the external server to the dedicated server

  1. On the external server, install the utility depending on the OS you are using:

    • for Linux is mtr, more details on GitHub mtr;
    • for Windows — WinMTR.

  2. Optional: prepare the front-end server for tracing — shut down utilities and applications that may affect the trace result:

    • firewall rules in the OS;
    • application layer (L7, application layer) — web servers, mail servers, file servers, name servers, peer-to-peer network clients and servers, etc.

  3. Perform a trace to the address of the dedicated server.The IP address of the dedicated server can be viewed in the control panel: from the top menu, click ProductsDedicated ServersServers → Server → Server page → Operating System tab → IP field .

Measure the baud rate

If you are having problems with slow data transfer speeds, measure your connection speed.

Measure the data transfer rate in two directions — from a dedicated server to a point outside the Selectel infrastructure and back.To do this, you will need an external server — any server with a public IP address and Internet access that is outside the Selectel infrastructure.

We recommend using the iperf3 utility to measure speed.

  1. Prepare the dedicated server for speed measurement.
  2. Measure the data transfer rate.

1. Prepare a dedicated server for speed measurement

  1. Boot the server in recovery and diagnostic mode To exclude the influence of OS processes on the diagnostic results.

  2. Connect to the server via SSH or via KVM console.

  3. Install the iperf3 utility on a dedicated server, see the iPerf documentation for details.

  4. Run the iperf3 utility.The utility should run until the baud rate measurement is complete.

    iperf3 -s

2. Measure the baud rate

  1. On the external server, open the CLI.

  2. Install the iperf3 utility on the external server, see the iPerf documentation for details.

  3. Measure the speed from the external server to the dedicated server.The command will perform the measurement in 20 threads to maximize the link load.

    iperf3 -c <ip_address> -P20 -t60 -i10

    Specify <ip_address> — public IP address of the dedicated server.You can view it in the control panel: in the top menu, click ProductsDedicated ServersServers → Server page → Server page → Operating System tab → IP field .

  4. Perform the measurement in the opposite direction — add the -R key to the command:

    iperf3 -c <ip_address> -P20 -t60 -i10 -R

    Specify <ip_address> — public IP address of the dedicated server.You can view it in the control panel: in the top menu, click ProductsDedicated ServersServers → Server page → Server page → Operating System tab → IP field .

Check the status of the network interfaces

Check the status of the network interfaces if the server does not have Internet access.

  1. Connect to the server via SSH or via KVM console.

  2. Check the status of the network interfaces:

    ip a

    The response will show information about the network interfaces. For example:

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
          valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
          valid_lft forever preferred_lft forever

    2: enp0s1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
        link/ether 1c:1b:0d:12:34:56 brd ff:ff:ff:ff:ff:ff
        inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic enp0s1
          valid_lft 604675sec preferred_lft 604675sec
        inet6 fe80::1234:abcd:5678:9ef0/64 scope link 
          valid_lft forever preferred_lft forever

    3: enp0s2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
        link/ether 1c:1b:0d:65:43:21 brd ff:ff:ff:ff:ff:ff
        inet 203.0.113.10/24 brd 203.0.113.255 scope global dynamic enp0s2
          valid_lft 604675sec preferred_lft 604675sec
        inet6 fe80::abcd:1234:5678:9ef0/64 scope link 
          valid_lft forever preferred_lft forever

    Here:

    • enp0s1 — the name of the network interface on the local port;
    • enp0s2 — the name of the network interface on the Internet port;
    • UP — status of the network interface.

  3. If the network interface is in DOWN status. enable it.For more information. in the IP Command Set documentation iproute2 instructions is a utility package that includes the ip utility.

    ip link set dev <eth_name> up

    Specify <eth_name> is the name of the network interface you obtained in step 2.

Check the routing settings

Check the routing settings if:

  • there is no internet access on the server;
  • the server is unavailable on the network;
  • server is unavailable from a specific external network.

  1. Connect to the server via SSH or via KVM console.

  2. Check the routing settings:

    ip r

    A table of routes will appear in the response. For example:

    default via 203.0.113.1 dev enp0s2 proto dhcp metric 100
    203.0.113.0/24 dev enp0s2 proto kernel scope link src 203.0.113.10 metric 100
    192.168.1.0/24 dev enp0s1 proto kernel scope link src 192.168.1.100 metric 100

    Here:

    • default via 203.0.113.1 dev enp0s2 — default route, traffic to the Internet goes through the gateway 203.0.113.1 on the interface enp0s2;

    • 203.0.113.0/24 dev enp0s2 — route to public subnet 203.0.113.0/24 traffic to this subnet goes on the interface enp0s2;

    • 192.168.1.0/24 dev enp0s1 — route to private subnet 192.168.1.0/24, traffic to this subnet goes through the interface enp0s1.

Dump network traffic

If the server is inaccessible from a particular external network or you observe momentary connection losses, collect a dump of network traffic.

Network traffic dump is the process of recording and storing network traffic that passes through a network or device.A dump contains information about network protocols, packets transmitted, their contents, data sources and recipients.

  1. Connect to the server via SSH or via KVM console.

  2. Install tcpdump, which is a utility for capturing and analyzing network traffic.See the tcpdump documentation for more information.

    apt update
    apt install -y tcpdump

  3. Look for the name of the network interface for which you want to write a dump, for this purpose print the list of network interfaces:

    ip a

    The response will show information about the network interfaces. For example:

    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default 
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet 127.0.0.1/8 scope host lo
          valid_lft forever preferred_lft forever
        inet6 ::1/128 scope host 
          valid_lft forever preferred_lft forever

    2: enp0s1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
        link/ether 1c:1b:0d:12:34:56 brd ff:ff:ff:ff:ff:ff
        inet 192.168.1.100/24 brd 192.168.1.255 scope global dynamic enp0s31f6
          valid_lft 604675sec preferred_lft 604675sec
        inet6 fe80::1234:abcd:5678:9ef0/64 scope link 
          valid_lft forever preferred_lft forever

    3: enp0s2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
        link/ether 1c:1b:0d:65:43:21 brd ff:ff:ff:ff:ff:ff
        inet 203.0.113.10/24 brd 203.0.113.255 scope global dynamic enp0s2
          valid_lft 604675sec preferred_lft 604675sec
        inet6 fe80::abcd:1234:5678:9ef0/64 scope link 
          valid_lft forever preferred_lft forever

    Here enp0s2 is the name of the network interface on the Internet port.

  4. Run tcpdump:

    sudo tcpdump -i <eth_name> -w <file_name>

    Specify:

    • <eth_name> — the name of the network interface you got in step 3;
    • <file_name> — the name of the file to which you want to write the network traffic capture, e.g. dump.pcap.

  5. Wait until the right amount of data has been collected.

  6. Stop the recording by pressing Ctrl + C.

Restart network services

Restart network services if on a server:

  • no internet access;
  • or the server is inaccessible from a specific external network.

  1. Connect to the server via SSH or via KVM console.

  2. Restart the network services:

    systemctl restart networking

Check filtering rules

If the server is inaccessible over the network, check the firewall filtering rules in the server OS.

  1. Connect to the server via SSH or via KVM console.

  2. Look at the list of firewall rules:

    iptables -L -n -v

    A list of rules will appear in the response. For example:

    Chain INPUT (policy DROP 1234 packets, 98765 bytes)
    pkts bytes target     prot opt in     out     source               destination
    2045  187K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    1087  159K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0      ctstate RELATED,ESTABLISHED
     120  8400 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0      tcp dpt:22
       0     0 DROP       all  --  *      *       192.168.1.100        0.0.0.0/0

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target     prot opt in     out     source               destination

    Chain OUTPUT (policy ACCEPT 3456 packets, 456789 bytes)
    pkts bytes target     prot opt in     out     source               destination

    Here:

    • Chain — A list of rules for packets of a particular direction:

      • INPUT — for incoming packets;
      • FORWARD — for redirected packets;
      • OUTPUT — for outgoing packets;

    • policy — rule action, e.g. ACCEPT or DROP.

Scan the ports

If the server is unreachable over the network or unreachable from a specific external network, scan the ports.Ports can be scanned using the nmap utility.

  1. Connect to the server via SSH or via KVM console.

  2. Install nmap, more details in the Linux Distributions article of  the nmap documentation.

  3. Scan the ports:

    nmap -p <port> <ip_address>

    Specify:

    • optional: <port> — ports in commas, such as 22,80,443, or a range of ports, such as 20-30;
    • <ip_address> — The IP address of the dedicated server.The IP address of the dedicated server can be viewed in the control panel under Servers and equipmentServers → server card → field IP address.

Check node availability on the network and measure latency

If the server is unavailable over the network, experiencing high network latency or packet loss, check the availability of the server and measure the latency using the ping utility.The ping utility is part of the standard networking toolkit and is pre-installed in most operating systems.

The check can be performed up to the public or private IP address of the server, or a domain name that is bound to the server's IP address.

You will need a second server from which you will perform the check.If the check will be to a private IP address, the servers must be connected over a private network.

  1. Open the CLI on the server from which you will perform the check.

  2. Perform the test:

    ping <ip_address>

    Specify <ip_address> — IP address or domain name of the server.The IP address of the dedicated server can be viewed in the control panel: in the top menu, click ProductsDedicated ServersServers → Server page → Server page → Operating System tab → IP field .

Check access from the OS in recovery and diagnostic mode

So that the OS settings do not affect server operation and diagnostics:

  1. Boot the server in recovery and diagnostic mode.

  2. Connect to the server via SSH or via KVM console:

    • If the server is responding and you can connect, the problem is in the software on the server.Reboot the server to restart network services.If the problem is software, returning to the previous OS boot pattern will fix it;
    • if the server is unavailable in recovery and diagnostic mode, create a ticket describing the problem.