• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Change the Way You Analyze Flow Data
 

Change the Way You Analyze Flow Data

on

  • 746 views

- What is Flow Based Monitoring? ...

- What is Flow Based Monitoring?
- Flow Based Monitoring – Working & Applications
- SolarWinds NetFlow Traffic Analyzer (NTA) - Overview
- What’s new in SolarWinds NetFlow Traffic Analyzer (NTA) 4.0?
- Applications of NTA 4.0
- Data on the Rise
- Flow Storage – Technology
- NTA 4.0 Flow Storage Management Scenarios
- nstallation Guidelines for NTA 4.0
- Summary

Statistics

Views

Total Views
746
Views on SlideShare
746
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
1

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel

11 of 1 previous next

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
  • Ok then the problem is , in L2 switches which woudlnt support any flow configuration , what would be the best solution for monitoring the traffic ? Except using SPAN
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Change the Way You Analyze Flow Data Change the Way You Analyze Flow Data Presentation Transcript

    • Change the Way You Analyze Flow Data © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
    • Agenda • What is Flow Based Monitoring? • Flow Based Monitoring – Working & Applications • SolarWinds NetFlow Traffic Analyzer (NTA) - Overview • What’s new in SolarWinds NetFlow Traffic Analyzer (NTA) 4.0? • Applications of NTA 4.0 • Data on the Rise • Flow Storage – Technology • NTA 4.0 Flow Storage Management Scenarios • Installation Guidelines for NTA 4.0 • Summary © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 2
    • What is Flow Based Monitoring? » Flow - Unidirectional sequence of packets organized as a set of fields called a flow record » Each Flow record helps identify the WHO, WHAT, WHEN and WHERE of network traffic » When flow export is enabled on a device, relevant header information about the traffic passing through its interfaces is captured for reporting » Important traffic information captured in a flow record includes source and destination IP address, source and destination port, protocol, interfaces, ToS entries, etc. » While Cisco® NetFlow is the most famous, non-Cisco network hardware vendors support flow formats such as sFlow®, IPFIX, Juniper® JFlow, Huawei Netstream™, Citrix® AppFlow, etc. © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 3
    • How Does Flow Monitoring Work? » Flows are captured differently for each type of flow technology. Once enabled on the device and as traffic passes through a specific router or switch interface,  NetFlow - IP header information of traffic packets are captured and stored in a cache and exported based on active and inactive timeout values.  sFlow - Based on the sampling rate one out of ‘N’ packets are captured and exported through a flow analysis tool for traffic reporting. » These Flows are exported from the device interface (Flow Exporter) to a centralized Flow Collector (Analyzer) that processes the data and generates reports. © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 4
    • How Does Flow Monitoring Work? Internet Se0/1 NetFlow Enabled MPLS Link Flow Exporter Fa0/1 Router NetFlow Packets sFlow Packets Switch sFlow Enabled Flow Collector with Storage Gi0/1 Gi0/2 LAN Lab © 2012 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 5 Flow Analyzer UX
    • Applications of Flow Based Monitoring Flow based monitoring helps see how traffic flows in your network. General data that can be derived by analyzing flows are, » Investigate cases of very high bandwidth usage – Which user or application is using up bandwidth? » Detect and diagnose network problems - Be notified of outages » Real-time traffic congestion management » Understand application usage - Monitor and detect changes in usage » Perform audit trail analysis - Identify unauthorized network activity & trace sources of DoS attacks » Trending and capacity planning © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 6
    • SolarWinds NetFlow Analyzer (NTA) - Overview SolarWinds NetFlow Traffic Analyzer (NTA) enables capturing flow data and converting them in to easy-to-interpret charts and tables that describe how exactly your network bandwidth is being used. With NTA you can, » Monitor network bandwidth & traffic pattern down to interface levels » Highlights ‘Top talkers’ in the network - Identify users, applications and protocols that consume most bandwidth » Stores & displays by-the-minute flow data for long retention periods(limited only by disc storage capacity) » Analyzes Cisco® NetFlow, Juniper® J-Flow, IPFIX, sFlow®, Huawei NetStream™ & other flow data © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 7
    • SolarWinds NetFlow Traffic Analyzer (NTA) 4.0 © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
    • What’s New in NTA 4.0? » Offers long term storage of 1 minute granular data. You can now look at traffic data over days or months. » All conversations can be stored for as long as needed, limited only by server hardware & storage capacity » Ability to handle over 50,000 flows per second » Better load time on Orion/NTA resources/reports » Flexible deployment options that are easy to scale © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 9
    • Why NTA 4.0 ? » By-the-minute granular data – Investigate into root causes of spikes and micro bursts in network » Process 50K+ sustained flows per second – Handle more data and IP conversations for high speed networks » View all IP conversations – Easily detect low bandwidth traffic generated by botnet communication and propagation, DNS storms, etc. © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 10
    • Why NTA 4.0 ? (Cont.) » History of events - Drill down options into each IP Conversation » Bandwidth capacity planning & budgeting - Pull out traffic data as required and take informed decisions » LAN Traffic Visibility - Detect network anomalies, IP conversation issues, application behavior problems using 1 minute granular IP conversation data © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 11
    • Data on the Rise » Multiple monitoring points in the network leading to exponential growth in flow data » High speed networks contributing to more IP conversations and eventually more flow data » By-the-minute flow data retained for long periods requiring more disc space. » Flow accumulation leading to increased database query time © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 12
    • Flow Storage - Technology © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
    • Flow Storage in NetFlow 3.10 » Flow data is stored in relational databases like Microsoft SQL » As flow data size increases, query and retrieve time increases » Relational databases use B-tree to query data(more suitable for databases that undergo real-time changes) » Flow data is 0 cardinality data i.e. once captured the data does not change © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 14
    • Flow Storage in NetFlow 4.0 » NTA 4.0 uses open source database called FastBit to query data » FastBit implements a set of alternative indexes called compressed bitmap indexes that provide efficient searching and retrieval operations » No locking on the data aids in faster reading of data » Performance enhancements in polling engine increases processing speed and capacity © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 15
    • Flow Storage Structure After NetFlow 4.0 Before NetFlow 4.0 NetFlow Data SW NTA + Other Orion Modules NetFlow Data Additional Storage Database currently shared by flow data and the NTA/Orion Modules SW NTA + Other Orion Modules Additional Storage if required Move flow data out, add more storage for better performance and more storage space © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 16
    • NTA 4.0 Flow Storage Management Scenarios © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
    • 1. Single Server (Evaluation) In small networks, the main poller, SQL database, Web application & Flow Storage reside in a single server. Database & Server resources are shared Performance Advantage: » Flow storage can still be moved out separately from the Orion server to gain efficient use of CPU. » Performance benefits from the technology of the data not the physical machine its on. © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 18
    • 2. Stand-alone Server (Embedded Flow Storage) The Main Poller and Flow Storage resides on the same server while the SQL server runs separately. Flow Storage logically exists separately Performance Advantage: » Flow Storage exists in the same machine as the main poller, and can be removed as and when required without adding more systems. © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 19
    • 3. Independent Flow Storage (Recommended) Flow storage and SQL server resides separately on two servers. Flow Storage Physically exists separately Performance Advantage: » » » Flow storage now physically separated from SQL server Performance boost for Orion Server Flexibility to scale all three components of NTA individually to gain better performance and more storage. © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 20
    • Installation Guidelines for NTA 4.0 © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
    • System Requirements for NTA 4.0 » Additional disc storage for database : Depending on flow data to be stored » 64 bit OS : Most Customers already use Server 2008 or above. (NTA 4.0 works on 32 bit OB, without the advantages of the new features) » To be installed on volume that is NTFS formatted : Enables use on local or network storage like NAS, SAN. © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 22
    • Simple Installation » Option1: Install both NTA 4.0 & Flow Storage on the same machine » Option2: Install NTA 4.0 only » Follow installation wizard. No change in UI © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 23
    • Recommended Upgrade Sequence Ensure a smooth upgrade to NTA 4.0 in your typical multi-poller environment of with the following upgrade sequence: 1 3 Additional Pollers Flow Storage Server Upgrade to NTA 4.0 with remote Flow Storage 2 Main Poller SQL Server Step1 : Install NTA 4.0 on the new Flow Storage Server Step2 : Upgrade NTA 4.0 on the Main Poller Step3 : And finally, install on the additional Pollers © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 24
    • Start Collecting Network Traffic Flow Data » Once setup, NTA immediately starts ingesting flow data into the storage engine. » Simultaneously , using available system resources, NTA migrates old flow data from the SQL database. » Migration does not interfere with or interrupt current flow monitoring operations » No manual intervention required to migrate data! © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 25
    • Summary » Zero cost upgrade!  If you are a customer under active maintenance, the upgrade is absolutely FREE! » » » » » » Avail scalability and performance benefits Don’t worry about migrating old flow data Retain flow data for 6+ months No separate investment on SQL licenses, or SQL DBA NTA 4.0 FAQ’s SolarWinds NTA 4.0 is now available for evaluation © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 26
    • Thank you! © 2013, SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 27