Accedian is now part of Cisco  |

Avatar photo
By Boris Rogier

5 things to know before troubleshooting Smb performance

Troubleshooting SMB Performance

Troubleshooting SMB performance can be a complex undertaking in enterprise networks where thousands of users rely on timely access to shared files.

SMB-CIFS is a commonly used Protocol to:

  • Enable users to manipulate files
  • Allow application processes to exchange data

SMB is also:

  • Widely supported (Windows, Linux, OSX, BSD, Solaris, Samba, EMC, NetApp, etc.)
  • Extremely heterogeneous which drives a huge variety of use cases and… performance levels.

Before you get started, there are a certain number of facts you need to keep in mind, before you start troubleshooting any SMB / CIFS communications.

Five Challenges of Troubleshooting Smb Performance

1. SMB Has a Variety of Versions and Dialects

There are two major versions of SMB: SMB1 and SMB2.

Please note that SMB3 is actually NOT a version but a dialect that belongs to the SMB2 version.

SMB versions and dialects

2. The Dialect Used Depends on the Smb Support of Both Parties

Each system supports different SMB versions. The SMB dialect used for a Communication will be defined based on the supported versions / dialects by both the Client and the Server.

SMB dialect negotiation

As an example, you will see in this matrix how Windows system will choose which SMB dialect is to be used to communicate, based on the corresponding version (and hence the SMB dialect support).

SMB dialect negotiation on Windows systems

3. Different Versions of SMB May Use Different Communication Ports

Depending on which SMB version you have used, there are different communication options:

Default SMB ports assignation

4. Any User/Application Operation Requires Several SMB Commands

This is one of the difficult parts of troubleshooting application performance for SMB: a user operation is split between a given number of commands. The number of commands may vary depending on the version and dialect. It is important to understand the relationships that exist between the different commands, in order to be able to rebuild the user’s operation.

These commands will correspond to a high number of packets.

Overall, you have to remember that SMB / CIFS commands in a real size environment can represent gigantic volumes. 

Troubleshooting SMB performance - example with Wireshark

5. From SMB2 a Single Packet May Contain Multiple Requests/Responses

From SMB2 (most SMB communications will use this), several commands can be carried by a single packet. When considering your troubleshooting tools, you need to make sure that all commands contained in a packet are reporting back.

Here is an example:

Troubleshooting SMB performance - Compounded SMB2 Requests Example

Here is what you need to know before you get started, whichever tool it is that you use to troubleshoot your SMB communication performance (packet analyzer such as, Wireshark, or real-time transaction analysis like
Skylight™ , this mostly depends on the volume of data you have to analyze, and how much time you have to do so).