Eliminating sources and causes of unwanted network traffic

The goal of client network optimization and tuning is to find the sources of unwanted network traffic and to take steps to correct or eliminate the root causes in order to enhance network performance and help avoid future problems. We have created a single GPO that can be linked to help control this traffic. It is called _PUBLIC-Client Network Citizenship. Below are details of the different traffic that has been seen and what the GPO does to limit it.

Observed Network Behavior

Some of the things that are negatively impacting network performance that have been observed on the campus network are:

Bogus ARP Traffic

  • Client systems are broadcasting while asleep
  • Packets serve no useful purpose
  • Negative impact on campus routers
  • The GPO runs a startup script that sets a few NIC settings to take care of this

Broadcast Traffic:

  • SSDP
  • mDNS
  • LLMNR
  • BROWSER
  • NBNS
  • The GPO disables the problematic services in Windows.

DHCPv6 Duplicate DUID

  • Creates IPv6 address conflicts
  • An enterprise fix is not in the GPO, but is provided for SCCM users. It can also be handled on a case-by-case basis.

Dropbox Issues

If Dropbox is installed, disable the LAN Sync setting.  LAN Sync generates broadcast traffic from each client that, with the University's fast Internet connectivity, isn't beneficial.  The default configuration when Dropbox is installed or upgraded has LAN Sync enabled.  This link summarizes the LAN Sync features.

The GPO disables LAN Sync by blocking outgoing traffic on the port it uses. Dropbox will sense this port is blocked and disable LAN Sync. Unfortunately, this is the only enterprise way to control the setting.

Other Recommendations:

Remove Unnecessary Network Protocols

To see the currently installed network clients, protocols and services, follow these steps:

  1. Click Start, point to Settings, and then click Control Panel.
  2. Double-click Network Connections to display the network connections on the computer.
  3. Right-click Local Area Connection (or the entry for your network connection), and then click Properties to display the properties dialog box for the network connection.
  4. To remove an unnecessary item, select it and click Uninstall. To disable an item, simply clear the checkbox associated with the item.

If you are unsure about the effects of uninstalling an item for the connection, then disable the item rather than uninstalling it. Disabling items allows you to determine which services, protocols and clients are actually required on a system. When it has been determined that disabling an item has no adverse effect on the server or workstation, the item can then be uninstalled.
In many cases, the following components are required for operation on a standard TCP/IP based network:

  • Client for Microsoft Networks
  • File and Printer Sharing for Microsoft Networks
  • Internet Protocol Version 4 (TCP/IPv4)
  • Internet Protocol Version 6 (TCP/IPv6)

However, depending on the network driver/ system other network components may be beneficial or essential for optimal network configurations

Disable Specific Protocols

SSDP (Simple Service Discovery Protocol) - Used to discover Plug & Play devices, with uPnP (Universal Plug and Play) features.

SSDP Discovery is disabled in the GPO.

For non-domain or unmanaged systems information on how to disable network discovery can referenced at the following link:

Disabling Network Discovery/Network Resources

 

Multicast DNS (mDNS)- There is a mDNSResponder.exe process that belongs to the Bonjour Service in Windows, which is Apple’s “Zero Configuration Networking” application, typically installed automatically by iTunes, Skype and others.

Windows – The Bonjour Service is disabled in the GPO

Mac - Edit mDNSResponder service to stop multicast. Click here for the mDNSResponder off package. (Hawk ID authentication required)

For non-domain or unmanaged systems information on how to disable mDNS traffic please review the following links:

What is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?

 

Link Local Multicast Name Resolution (LLMNR)-  Allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link.

LLMNR is disabled in the GPO

For non-domain or unmanaged systems, create local Group Policy using GPEdit.msc with the following setting: 

Group Policy = Computer Configuration\Administrative Templates\Network\DNS Client\Turn off Multicast Name Resolution. (Enabled = Don't use LLMNR) 

For more information on Link Local Multicast Resolution please review the following link:

How to benefit from Link-Local Multicast Name Resolution

 

Browser (Computer Browser Service) - Computer Browser service is the mechanism that collects and distributes the list of workgroups and domains and the servers within them

This service is disabled in the GPO

For non-domain or unmanaged systems, follow this guide: Disable the Computer Browser Service

NetBIOS Name Service (NBNS)- The NetBIOS Name Service is part of the NetBIOS-over-TCP protocol suite

This service is disabled in the GPO by running a script. This script is also available in a public SCCM package.  Public-Utility - Disable NetBIOS over TCPIP & WINS (vbscript)

For non-domain or unmanaged systems, check this guide to see where the settings are located: Microsoft KB313314

For more information on NetBIOS Naming Service please review the following link:

NetBIOS Name Service (NBNS)

 

Links:

Disabling Network Discovery/Network Resources

http://blogs.technet.com/b/networking/archive/2010/12/06/disabling-network-discovery-network-resources.aspx

What is mDNSResponder.exe / Bonjour and How Can I Uninstall or Remove It?

http://www.howtogeek.com/howto/6456/what-is-mdnsresponder.exe-bonjour-and-how-can-i-uninstall-or-remove-it/

 How to benefit from Link-Local Multicast Name Resolution

http://blogs.technet.com/b/networking/archive/2008/04/01/how-to-benefit-from-link-local-multicast-name-resolution.aspx

NetBIOS Name Service (NBNS)

http://wiki.wireshark.org/NetBIOS/NBNS

Fine Tuning Network Drivers

http://www.qnx.com/developers/docs/6.4.1/neutrino/technotes/finetune_net.html

Recommendations for Filtering ICMPv6 Messages in Firewalls

http://www.ietf.org/rfc/rfc4890.txt

Article number: 
3576
Last updated: 
May 26, 2017