Getting the initial settings right
Free training on NetFlow Analyzer: Part I
Welcome to a free training onNetFlow Analyzer!
Can you hear me? Can you see the presentation?
Please confirm by commenting in the chat panel.
TrainerPiyushreeNetFlow Analyzer product expert
Part I:
Getting the initial settings right
Agenda
• Exporting flows
• Traffic grouping
• Application mapping
• Threshold based alerting
• Customize traffic monitoring
• Knowledge base and best practices
Minimum system requirements
2.4 GHz quad-coreprocessor, or
equivalent
4GB RAM 50GB storage Windows/LinuxPostgreSQL/MSSQL
These specifications only apply when raw data is turned off and the flow rate is below 3,000 flows/sec. Requirements will vary with different settings.
Initial setup
Set up flow export Viewing & customizing bandwidth graphs
Configuring alerts
Step1 Step 2 Step 3
Step 1: Configuring flow export from interfaces
NetFlow sFlow J-Flow
IP FIX NetStream AppFlow
Where and how do you send flows?
Ways of exporting flows to NetFlow Analyzer:
i. Manual configuration ii. Using Network Configuration Manager
Ports to be considered:• Server port: NetFlow Analyzer's web server port• Listener port: Port on which NetFlow Analyzer
receives flows• Both ports are configurable
Using Network Configuration Manager
Benefits of using Network Configuration Manager:
• No need to write commands
• Predefined configlets
• Export flows from multiple interfaces in bulk
• Backup and restore configurations for devices
• Create new configlets
Apply credentials
Select interfaces
Export flow
Add devices
Creating/modifying a configlet
• In Network Configuration Manager, go
to Settings > Configlets. Add a new
configlet by creating a custom template.
• Select devices and enter flow
configuration commands.
• Execute the new configlet.
Devices supported by NetFlow Analyzer
https://www.manageengine.com/products/netflow/supported-devices.html
Common challenges faced after exporting flows
#1. NetFlow Analyzer shows "No Data Available" in graphs, even after I've configured flows.
Solution: Two possibilities
1. The device is not configured correctly for exporting flows.
2. A firewall or access list is blocking the UDP port.
• Check if flows are received with the help of Wireshark.
• Yes- Check for windows firewall/IP tables for any restrictions and template timeout to 60 seconds.
• No- Correct the configuration by setting the active timeout to 60 seconds.
#2. I've added five interfaces. Why is one of my interfaces, "Interface Gi0/1," not listed in NetFlow Analyzer?
Solution:
The particular interface isn't configured for exporting flows.
• Use Wireshark to check if it can receive flows from that interface.
• If yes, create an inbound exception in Windows Firewall or IP tables.
• If no, an external firewall may be blocking the UDP port.
Step 2: View traffic details from Inventory
Inventory
Flow analysis
Config management
IP SLA
Packet analysis
Traffic overviewReal-time traffic
graphs
Inventory: Flow Analysis
Traffic overview
Device
Device groups
Lay 4 & 7 apps DSCP-based QoS
Wireless LAN controllers
Interface
IP / interface group
Snapshot summary Device traffic details:• Traffic speed
• Associated interfaces by speed,
volume and utilization
• Top applications and protocols
• Top QoS
• Top Source, destination and
conversation
• AS traffic
Group traffic details:• Traffic by speed, volume, utilization
and packets
• Associated applications and
protocols
• DSCP QoS traffic
• Source, destination and conversation
Application traffic details:
• Traffic usage by volume
• Associated interfaces
QoS traffic details:
• Traffic usage by volume
• Associated interfaces
WLC traffic details:• Controller traffic by speed, volume
and packets
• Associated access points
• Application traffic
• DSCP QoS traffic
• Conversation details with Client IPs
and SSIDs
Interface traffic details:• Traffic by speed, volume, utilization
and packets
• Top applications and protocols
• Top Source, destination and
conversation by geo-location,
network and DNS name
• Top QoS traffic by DSCP and TOS
• SNMP/FNF NBAR, CBQoS
• Multicast report
• Medianet by volume, RTT, packet loss
• AVC
Tips to enhance visibility into your traffic
My interfaces are named "IfIndex1" and "IfIndex2." How can I view the actual name of devices and interfaces?
Solution: Three options
• Fetch name from router with
SNMP
1. Create SNMP credential
v1/v2/v2 from discovery
2. Associate SNMP credentials
3. Edit device
• Fetch the DNS name.
• Enter your own name.
My interface utilization says it's above 100 percent. How do I set the correct value?
Solution: Three possibilities
1. The speed is incorrect.
2. [OR] time sync problem.
3. [OR] GRE/ESP tunneling through
the device is double counted
• Set the proper IN and OUT speed in bytes. Go to Inventory > Select Interfaces > Set Speed.
• Make sure the device time and NFAtime is in sync
• Check flow filters
Most of the applications are listed as "_App". How do I map those applications and also add my own applications?
Solution:
Application mapping for _App
• Interface >Application > _App >
Show port.
• Map application and define IP
address/ IP network/ IP range.
Application mapping for own apps
• Settings> netflow> mapping >
add
Traffic grouping
Branches
VLANRelated appsNetwork subnet
Department
Sort traffic usage by groups
Types of groups
Device
Interface
IP
Application
DSCP
Benefits of creating groups:
• Monitor combined bandwidth usage to get better picture of traffic consumption.
• Provide access to operators based on groups.
• Provide better visibility to improve troubleshooting.
Scenarios: Creating groups
How do I check traffic usage by department (e.g. Finance & HR)?
Solution
Create a device or IP group for
each department.
• Combine devices under a
department to create groups.
• Generate group reports.
• Other option: branches
How do I monitor combined traffic for VLAN?
Solution
An un-routed VLAN will not send traffic like
an interface, but NetFlow Analyzer will
discover its associated interfaces.
• Create an Interface Group that
includes all of the VLAN's
interfaces to monitor the
cumulative traffic.
• Other option: failover, load
balancing, port channeling, and
aggregation.
How do I manage each of my customers' traffic ?
Solution
Create IP groups for each customer.
• Combine IPs to create groups.
• Generate group reports.
• Group based on IP range, network,
monitoring between sites.
• Other option: between sites and
department
How do I view business critical traffic and see how much bandwidth is used?
Solution
Create application groups.
• Combine apps to create a group.
• Find total utilization for each
group.
• Pull combined traffic reports.
Simplified and customizable Inventory
Edit configurationCustom filters/sort
Custom views Custom search
Filter up to the last 30 days Create device group Create device/interface/app group Inventory search
Set speed Set SNMP Zoom in graphs Generate instant reports
New in v12
Unmanage/delete device Add to Network Configuration Manager
Table/list/status viewConfigure NBAR & CBQoS
Service policy & ACL Clear alarm/add note
Various device-specific custom options
New in v12
How do I view traffic for any particular time when there is network congestion?
Solution
Custom time intervals.
• Go to Sort by Time > Custom.
• Set your time interval
Step 3: Alerting
Link down Link overutilized
Threshold violation Link slow
Alert Profiles
Preconfigured alerts: • Link down • No flow
Threshold based alerts • IP range, IP address or IP network• Based on port/protocol range• Based on application• Based on DSCP
I want to get alerted when the interface is over utilized in a WAN link?
Solution
• Set a threshold alert for
overutilized links.
• Provide a threshold value.
• Set up email/SMS notifications.
Thresholds based on multiple conditions
Select source Select criteria Define threshold Save alert profile
Alerts specific to below violation:• Utilization• Volume• Speed• Packets
Alert severity levels:• Critical• Trouble• Attention
How do I set up notifications?
Types of notifications:• Email• SMS• Trigger SNMP trap
• Modify an alarm's description.• Get reports via email. New in v12
Step 1: Configure mail server settings.
Step 2: Set threshold.
Step 3: Provide an email address or phone number.
Step 4: Save alert.
Basic and server settings
Mail server
User management
SMS server Rebranding
Snapshot setting
Self-monitoring
REST API Server settings
System timezone settings
Admin Settings
Storage Mapping Grouping
Flow filters NBAR/CBQoS polling License mgmt
Summary
Set up flow export
#1. Data not available#2. Interfaces not listed
Viewing & customizing bandwidth graphs
#1. Fetch device/interface name#2. Utilization above 100%#3. Map unknown applications#4. Show DNS name #5. Categorize traffic groups#6. Customize time filter
Configuring alerts
#1. Set interface overutilized alert#2. Link down
Step1 Step 2 Step 3
Upcoming training on Dec 13th
Part II: Diagnosing and troubleshooting traffic issues faster
• Alarms• Customizing data storage • Troubleshooting with forensics • Reporting and automation • Capacity planning • Traffic shaping • Customizing dashboards • Usage-based billing
Need more help?
youtube.com/netflowanalyzertechvideos
help.netflowanalyzer.com
forums.manageengine.com/netflowanalyzer
+1 (888) 720-9500 / +1 (408) 916 - 9400
Q & A
Thank you!Piyushree
Top Related