More Related Content Similar to NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network Bandwidth (20) More from SolarWinds (20) NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network Bandwidth1. NetFlow Deep Dive: Tips and Tricks to get the
Most Out of Your Network Bandwidth
© 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
2. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
A Few Notes about Today’s Session
» Today’s content will cover useful NetFlow tips for
Network Admins
We’ll also show how to implement many of the tips using
NetFlow monitoring software
» Ask questions!!!
No attendee left behind
Don’t wait until the end – ask questions using the chat box and
we will do our best to cover them all
» Today’s Session is being recorded
solarwinds.com
slideshare.com
Don Thomas Jacob
Head Geek
SolarWinds
David Byrd
Sales Engineer
SolarWinds
3. What’s in Today’s Session
» SolarWinds® Overview
» Introduction to NetFlow and other Flow Technologies
» NetFlow Tips and Tricks
Troubleshooting Network Issues
Visibility into microbursts
Network Anomaly Detection
Tracking Cloud Performance
Monitoring BYOD Impact
Validate Quality of Service (QoS) and Type of Service (ToS)
Long-term history and Capacity Planning
» SolarWinds® Bandwidth Analyzer Pack
» Resources
» Questions?
© 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
3
4. SolarWinds Overview
4
Provide enterprise-class network, systems, virtualization, and storage resource
management software that is powerful, easy-to-use, and affordable
Rapidly Growing & Highly Profitable IT Management Company
» We sell to businesses of all sizes from SMB to Large Enterprise
» Over 100,000 customers in 170 countries
» More than 450 of the Fortune 500 are customers
» More than one million registered end-users have downloaded our free tools
» Founded in 1999 to deliver IT management software that works for you – and that delivers on our
promise of "unexpected simplicity."
© 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
6. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Introduction to NetFlow and other Flow Technologies
» NetFlow – Developed by Cisco® as a switching path and now the primary traffic
accounting technology
» Answers questions of WHO, WHAT, WHEN and WHERE of bandwidth monitoring and
traffic analytics
» All major routing and switching devices supports NetFlow or similar Flow options
6
7. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Introduction to NetFlow and other Flow Technologies
7
NetFlow Enabled
Network Device
Traffic Traffic
NetFlow Reporter UI
8. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Introduction to NetFlow and other Flow Technologies
8
Supported on most enterprise class
devices including Layer 2 switches
9. destination 192.168.16.1
source loopback0
transport udp 2055
export-protocol netflow-v9
output-features
Pre-Defined Flow Records
netflow-original
netflow ipv4 original-input
Custom Flow Record
Customized using
match or collect statements
Flow Exporter
+
Flow Record
Flow Exporter Flow Record Flow Monitor
Apply Flow Monitor on Interface
interface serial 2/1
ip flow monitor monitor_name input
» Flexible NetFlow – Leverages NetFlow v9
» Customizable key and non-key fields : Allows users to decide what is exported
» Configuration involves creating
© 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Cisco® Flexible NetFlow
9
Flow RecordFlow Exporter Flow Monitor
10. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Other Flow Technologies
1010
Flow Format About
IPFIX™
IETF standard for flow export. Customizable and template based like NetFlow.
Available on: Barracuda Networks®, Extreme® switches, Sonicwall®, etc.
sFlow®
Sampling based - 1 in N “packets” captured for traffic analytics.
Supported by most vendors: Alcatel®, Brocade® – Foundry®, Dell® - Force 10™,
Enterasys®, ExtremeXOS®, Fortinet®, HP® ProCurve®, Juniper®, Vyatta®, etc.
http://www.sflow.org/products
J-Flow
Proprietary protocol from Juniper®for flow export from Juniper® routers,
switches and firewalls
NetStream™ A variation of NetFlow supported on Huawei / 3COM devices
12. » Network uptime is “critical” to revenue
» NetFlow identifies
Source and Destination Interface
Source and Destination IP Addresses
Source and Destination Port Addresses
Protocol
Type of Service and DSCP
» Helps in quicker troubleshooting of issues such as application slowness or
performance degradation
© 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Troubleshooting Network Issues
12
13. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Troubleshooting Network Issues
13
Source IP Address
Destination IP Address
Input and Output Interface
Source and Destination Port
Protocol
Flow Start and End time
Packet and Octet count
ToS
TCP Flags
Protocol
Source AS Information
Destination AS Information
Identify source and destination hosts involved in a
traffic flow and its route in the network
What application is using the bandwidth
Using historical data for analysis? See when the
incident occurred and traffic volume
Priority of applications in the network; Status of a TCP
conversation; Protocol distribution
Route of the traffic flow; Using expensive AS during
peering?
14. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
» Short bursts in network traffic that is higher than normal - overwhelms the network and
affects overall network performance
» Impossible to find ‘WHO’ with SNMP and too much data for continuous packet capture
» NetFlow is neither data intensive nor resource intensive
» Allows for continuous capture and can report on WHO caused the spike
Microburst Visibility
14
15. » Signature based anomaly detection fails with zero-day malware
» Firewalls work based on rules defined by user. Non-signature IDS / IPS are very
expensive
» Security issues with emerging trends like telecommuting and BYOD. Malwares
directly reach LAN via an infected BYOD
© 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Network Anomaly Detection
15
Signature Anomaly Blocked
M A AL W R E
R E WA L A M
Non-Signature Anomaly
passes Undetected
IDS
16. » Your network could be hosting a bot. Firewalls and IDS / IPS track only inbound traffic
» Analyze changes in traffic patterns and unexpected traffic behavior to detect
anomalous traffic including zero-day malware
» High SMTP traffic; Short burst of packets; One host to many on same port; Traffic on
unknown ports; Too many TCP SYN flags;
» NetFlow based traffic analytics helps with network behavior anomaly detection
© 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Network Anomaly Detection
16
17. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Tracking Cloud Performance
17
» The biggest impact of the cloud is on the bandwidth
» SaaS based approach means ensuring bandwidth is always available for business apps
» It’s necessary to look out for bottlenecks, bandwidth hogs, unauthorized protocol
usage and application priority
» NetFlow data carries information on cause of traffic bottlenecks, end points using
bandwidth, applications being used and conversation priority
18. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Monitoring BYOD Impact
» BYOD is inevitable. Enterprises are either adopting BYOD or employees are already
using them
» BYOD adds more traffic to your network – What is the impact on bandwidth?
» Are unauthorized applications being used or is BYOD competing with business
applications?
» NetFlow breaks down on application usage and source of traffic along with DSCP
information
18
19. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Validate Quality of Service (QoS) and Type of Service (ToS)
» Bandwidth is finite. Applications compete with one another for bandwidth when traversing
the WAN
» Ensure back ups and scavenger traffic do not have higher priority over your critical
applications
» NetFlow data reports on ToS and DSCP fields from traffic conversations. Validate your QoS is
working as expected
19
FTP
VoIP
Peer to Peer
Web
Internet Link
Web
AF31
FTP
AF11
20. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Historic Reports and Capacity Planning
» Increasing head count or adopting new technologies – First step should be historic data
analysis, not throwing more bandwidth
» Is bandwidth growth along expected lines or misused? How has application usage changed
over time? Has overall usage increased? Which application is used the most?
20
0
20
40
60
80
100
2010 2011 2012 2013 2014
Growth Trend
21. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Historic Reports and Capacity Planning
21
» NetFlow data can be stored forever unlike pcap which needs huge storage space
» Visibility into traffic trends - bandwidth utilization, most used applications, per
application usage, conversations, and end-points
» Take informed capacity planning decisions leveraging 1 minute granular reports
22. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Bandwidth Analyzer Pack
22
» Detect, diagnose, and resolve network performance issues
» Track response time, availability, and uptime of routers,
switches, and other SNMP-enabled devices
» Monitor and analyze network bandwidth performance and
traffic patterns
» Identify bandwidth hogs and see which applications are using
the most bandwidth
» Graphically display performance metrics in real time via
dynamic interactive maps
23. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
23
Bandwidth Analyzer Pack Demo
24. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Resources
» Download a free fully functional 30-day trial at
http://www.solarwinds.com/lp/network-bandwidth-analyzer-pack.aspx
» Videos
Network Performance Monitor Overview
NetFlow Traffic Analyzer Overview
How to Configure NetFlow on Cisco Routers
» Blogs
NETFLOW V9 DATAGRAM KNOWLEDGE SERIES - NETFLOW OVERVIEW
24
25. » To learn more visit:
http://www.solarwinds.com/lp/network-bandwidth-analyzer-pack.aspx
» Join our community of 150,000+ IT pros at www.thwack.com
» Follow us on Twitter®
@headgeeks
Thank you for attending!
© 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Summary and Q & A
25
26. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
Thank You!
The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of SolarWinds Worldwide, LLC, are registered with the U.S.
Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service
marks, and logos may be common law marks, registered or pending registration in the United States or in other countries. All other
trademarks mentioned herein are used for identification purposes only and may be or are trademarks or registered trademarks of their
respective companies.
Editor's Notes Hello everyone and welcome to the solarwinds webcast “NetFlow deep dive..: tips and tricks Today, we will intorudce you to netflow and similar flow technologies that can help you with your bandwidth monitoring and traffic analytics. And then we will talk about how you can use netflow to solve day-to-day network problems after which we will introduce you to solarwinds bandwidth analyzer pack For those who are new to Solarwinds.. We are developers of Powerful and easy-to-use Enterprise class software that can help with monitoring and management of your network, systems, virtualization, storage. Our products can cater to both the SMBs as well as large enterprises..there are more than a million registered end-users who have downloaded our free tools alone.. So, as I have said before, NetFlow is comes free with the vast majority of your switches, routers, and network devices, but how do you monitor all of this flow data that you are now capturing. You can, of course, telnet directly to the device and extract data using CLI. While this may get you your data, it is not the most user friendly or intuitive solution.
This is where automated tools come into play. SolarWinds Bandwidth Analyzer Pack is a combination of SolarWinds Network Performance Monitor and NetFlow Traffic Analyzer. NPM provides fault, performance and availability monitoring while NetFlow Traffic Analyzer collects flow data to tell you how your network bandwidth is being used.
When combined together, you can detect, diagnose and resolve network performance issues; track response time, availability, and uptime of routers, switches and other SNMP enable devices; monitor and analyze network bandwidth performance traffic patterns; and identify bandwidth hogs and see which applications are using the most bandwidth all in a graphical interactive web interface.