NetFlow Deep Dive: Tips and Tricks to get theMost Out of Your Network Bandwidth© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHT...
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.A Few Notes about Today’s Session» Today’s content will cover useful...
What’s in Today’s Session» SolarWinds® Overview» Introduction to NetFlow and other Flow Technologies» NetFlow Tips and Tri...
SolarWinds Overview4Provide enterprise-class network, systems, virtualization, andstorage resource management software tha...
© 2012 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.5Introduction to Flow Technologies
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Introduction to NetFlow and other FlowTechnologies» NetFlow – Develo...
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Introduction to NetFlow and other FlowTechnologies7NetFlow EnabledNe...
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Introduction to NetFlow and other FlowTechnologies8Supported on most...
» Flexible NetFlow – Leverages NetFlow v9» Customizable key and non-key fields : Allows users to decidewhat is exported» C...
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.10Flow Exporter Flow Record Flow Monitordestination 192.168.16.1sour...
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Other Flow Technologies11© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHT...
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Tips and Tricks12
» Network uptime is “critical” to revenue» NetFlow identifies Source and Destination Interface Source and Destination IP...
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Troubleshooting Network Issues14Source IP AddressDestination IP Addr...
» Signature based anomaly detection fails with zero-daymalware» Firewalls work based on rules defined by user. Non-signatu...
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Network Anomaly Detection» Your network could be hosting a bot. Fire...
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Tracking Cloud Performance» The biggest impact of the cloud is on th...
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Monitoring BYOD Impact» BYOD is inevitable. Enterprises are either a...
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Validate Quality of Service (QoS) and Type ofService (ToS)» Bandwidt...
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Capacity Planning» Increasing organizational strength or new applica...
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Bandwidth Analyzer Pack21» Detect, diagnose, and resolvenetwork perf...
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.22Bandwidth Analyzer Pack Demo
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Resources» Download a free fully functional 30-day trial athttp://ww...
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Summary and Q & A» To learn more visit:http://www.solarwinds.com/lp/...
© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Thank You!The SOLARWINDS and SOLARWINDS & Design marks are the exclu...
Upcoming SlideShare
Loading in...5
×

NetFlow Deep Dive: NetFlow Tips and Tricks to get the Most Out of Your Network Bandwidth

777

Published on

In this webcast, we’ll dive deeper into NetFlow and discuss day-to-day networking challenges and highlight common use cases that will help you better leverage the flow technology and its applications to troubleshoot many networking problems.

This webcast covers some key topics including:
• Introduction to NetFlow and other flow technologies
• Configuring your network to collect flow data
• Some everyday use cases for effective network monitoring
-- Troubleshooting network issues
-- Anomaly detection
-- Tracking cloud performance
-- Monitoring the impact of BYOD traffic
-- Monitoring Quality of Service (QoS) and Type of Service (ToS)
-- Capacity Planning

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
777
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Hello everyone and welcome to the solarwinds webcast “NetFlow deep dive..: tips and tricks
  • Today, we will intorudce you to netflow and similar flow technologies that can help you with your bandwidth monitoring and traffic analytics. And then we will talk about how you can use netflow to solve day-to-day network problems after which we will introduce you to solarwinds bandwidth analyzer pack
  • For those who are new to Solarwinds.. We are developers of Powerful and easy-to-useEnterprise class software that can help with monitoring and management of your network, systems, virtualization, storage. Our products can cater to both the SMBs as well as large enterprises..there are more than a million registered end-users who have downloaded our free tools alone..
  • So, as I have said before, NetFlow is comes free with the vast majority of your switches, routers, and network devices, but how do you monitor all of this flow data that you are now capturing. You can, of course, telnet directly to the device and extract data using CLI. While this may get you your data, it is not the most user friendly or intuitive solution.This is where automated tools come into play. SolarWinds Bandwidth Analyzer Pack is a combination of SolarWinds Network Performance Monitor and NetFlow Traffic Analyzer. NPM provides fault, performance and availability monitoring while NetFlow Traffic Analyzer collects flow data to tell you how your network bandwidth is being used.When combined together, you can detect, diagnose and resolve network performance issues; track response time, availability, and uptime of routers, switches and other SNMP enable devices; monitor and analyze network bandwidth performance traffic patterns; and identify bandwidth hogs and see which applications are using the most bandwidth all in a graphical interactive web interface.
  • Transcript of "NetFlow Deep Dive: NetFlow Tips and Tricks to get the Most Out of Your Network Bandwidth"

    1. 1. NetFlow Deep Dive: Tips and Tricks to get theMost Out of Your Network Bandwidth© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
    2. 2. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.A Few Notes about Today’s Session» Today’s content will cover usefulNetFlow tips for Network Admins We’ll also show how to implementmany of the tips using NetFlowmonitoring software» Ask questions!!! No attendee left behind Don’t wait until the end – askquestions using the chat box and wewill do our best to cover them all» Today’s Session is being recorded solarwinds.com slideshare.comDon Thomas JacobHead GeekSolarWindsDavid ByrdSales EngineerSolarWinds
    3. 3. What’s in Today’s Session» SolarWinds® Overview» Introduction to NetFlow and other Flow Technologies» NetFlow Tips and Tricks Troubleshooting Network Issues Network Anomaly Detection Tracking Cloud Performance Monitoring BYOD Impact Validate Quality of Service (QoS) and Type of Service (ToS) Capacity Planning» SolarWinds® Bandwidth Analyzer Pack» Resources» Questions?© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.3
    4. 4. SolarWinds Overview4Provide enterprise-class network, systems, virtualization, andstorage resource management software that is powerful,easy-to-use, and affordable Rapidly Growing & Highly Profitable IT Management Company» We sell to businesses of all sizes from SMB to Large Enterprise» Over 100,000 customers in 170 countries» More than 450 of the Fortune 500 are customers» More than one million registered end-users have downloaded our free tools» Founded in 1999 to deliver IT management software that works for you – andthat delivers on our promise of "unexpected simplicity."
    5. 5. © 2012 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.5Introduction to Flow Technologies
    6. 6. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Introduction to NetFlow and other FlowTechnologies» NetFlow – Developed by Cisco® as a switching path and nowthe primary traffic accounting technology» Answers questions of WHO, WHAT, WHEN and WHERE ofbandwidth monitoring and traffic analytics» All major routing and switching vendors supports NetFlow orsimilar Flow options6
    7. 7. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Introduction to NetFlow and other FlowTechnologies7NetFlow EnabledNetwork DeviceTraffic TrafficNetFlow Collector
    8. 8. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Introduction to NetFlow and other FlowTechnologies8Supported on most enterprise classdevices including Layer 2 switches
    9. 9. » Flexible NetFlow – Leverages NetFlow v9» Customizable key and non-key fields : Allows users to decidewhat is exported» Configuration involves creating© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Cisco® Flexible NetFlow9Flow RecordFlow Exporter Flow Monitor
    10. 10. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.10Flow Exporter Flow Record Flow Monitordestination 192.168.16.1source loopback0transport udp 2055export-protocol netflow-v9output-featuresPre-Defined Flow Recordsnetflow-originalnetflow ipv4 original-inputCustom Flow RecordCustomized usingmatch or collect statementsFlow Exporter+Flow RecordApply Flow Monitor on Interfaceinterface serial 2/1ip flow monitor monitor_name input
    11. 11. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Other Flow Technologies11© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.11Flow Format AboutIPFIX™IETF standard for flow export. Customizable and template based like NetFlow.Available on: Barracuda Networks®, Extreme® switches, Sonicwall®, etc.sFlow®Sampling based - 1 in N “packets” captured for traffic analytics.Supported by most vendors: Alcatel®, Brocade® – Foundry®, Dell® - Force 10™,Enterasys®, ExtremeXOS®, Fortinet®, HP® ProCurve®, Juniper®, Vyatta®, etc.http://www.sflow.org/productsJ-FlowProprietary protocol from Juniper®for flow export from Juniper® routers,switches and firewallsNetStream™ A variation of NetFlow supported on Huawei / 3COM devices
    12. 12. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Tips and Tricks12
    13. 13. » Network uptime is “critical” to revenue» NetFlow identifies Source and Destination Interface Source and Destination IP Addresses Source and Destination Port Addresses Protocol Type of Service and DSCP» Helps in quicker troubleshooting of issues such as applicationslowness or performance degradation© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Troubleshooting Network Issues13
    14. 14. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Troubleshooting Network Issues14Source IP AddressDestination IP AddressInput and Output InterfaceSource and Destination PortProtocolFlow Start and End timePacket and Octet countToSTCP FlagsProtocolSource AS InformationDestination AS InformationIdentify source and destination hosts involved in atraffic flow and its route in the networkWhat application is using the bandwidthUsing historical data for analysis? See when theincident occurred and traffic volumePriority of applications in the network; Status of a TCPconversation; Protocol distributionRoute of the traffic flow; Using expensive AS duringpeering?
    15. 15. » Signature based anomaly detection fails with zero-daymalware» Firewalls work based on rules defined by user. Non-signatureIDS / IPS are very expensive» Security issues with emerging trends like telecommuting andBYOD. Malwares directly reach LAN via an infected BYOD© 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Network Anomaly Detection15Signature Anomaly BlockedM A AL W R ER E WA L A MNon-Signature AnomalyPasses UndetectedIDS
    16. 16. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Network Anomaly Detection» Your network could be hosting a bot. Firewalls and IDS / IPS trackonly inbound traffic» Analyze changes in traffic patterns and unexpected traffic behaviorto detect anomalous traffic including zero-day malware» High SMTP traffic; Short burst of packets; One host to many onsame port; Traffic on unknown ports; Too many TCP SYN flags;» NetFlow based traffic analytics helps with network behavioranomaly detection16
    17. 17. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Tracking Cloud Performance» The biggest impact of the cloud is on the bandwidth» SaaS based approach means ensuring bandwidth is alwaysavailable for business apps» It’s necessary to look out for bottlenecks, bandwidth hogs,unauthorized protocol usage and application priority» NetFlow data carries information on cause of trafficbottlenecks, end points using bandwidth, applications beingused and conversation priority17
    18. 18. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Monitoring BYOD Impact» BYOD is inevitable. Enterprises are either adopting BYOD oremployees are already using them» BYOD adds more traffic to your network – What is the impacton bandwidth?» Are unauthorized applications being used or is BYODcompeting with business applications?» NetFlow breaks down on application usage and source oftraffic along with DSCP information18
    19. 19. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Validate Quality of Service (QoS) and Type ofService (ToS)» Bandwidth is finite. Applications compete with one another forbandwidth when traversing the WAN» Ensure back ups and scavenger traffic do not have higher priorityover your critical applications» NetFlow data reports on ToS and DSCP fields from trafficconversations. Validate your QoS is working as expected19FTPVoIPPeer to PeerWebInternet LinkWebAF31FTP AF11
    20. 20. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Capacity Planning» Increasing organizational strength or new applications needbandwidth. Throwing more bandwidth is not the first step» Is bandwidth growth along expected lines or misused. How hasapplication usage changed over time?» Top application and conversations based NetFlow data can bestored for reference unlike pcap which requires extensive storage» Use NetFlow for bandwidth and application growth reports20
    21. 21. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Bandwidth Analyzer Pack21» Detect, diagnose, and resolvenetwork performance issues» Track response time,availability, and uptime ofrouters, switches, and otherSNMP-enabled devices» Monitor and analyze networkbandwidth performance andtraffic patterns» Identify bandwidth hogs andsee which applications areusing the most bandwidth» Graphically displayperformance metrics in realtime via dynamic interactivemaps
    22. 22. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.22Bandwidth Analyzer Pack Demo
    23. 23. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Resources» Download a free fully functional 30-day trial athttp://www.solarwinds.com/lp/network-bandwidth-analyzer-pack.aspx» Videos Network Performance Monitor Overview NetFlow Traffic Analyzer Overview How to Configure NetFlow on Cisco Routers» Blogs NETFLOW V9 DATAGRAM KNOWLEDGE SERIES - NETFLOW OVERVIEW23
    24. 24. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Summary and Q & A» To learn more visit:http://www.solarwinds.com/lp/network-bandwidth-analyzer-pack.aspx» Join our community of 150,000+ IT pros at www.thwack.com» Follow us on Twitter® @headgeeksThank you for attending!24
    25. 25. © 2013 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.Thank You!The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of SolarWindsWorldwide, LLC, are registered with the U.S. Patent and Trademark Office, and may beregistered or pending registration in other countries. All other SolarWinds trademarks, servicemarks, and logos may be common law marks, registered or pending registration in the UnitedStates or in other countries. All other trademarks mentioned herein are used for identificationpurposes only and may be or are trademarks or registered trademarks of their respectivecompanies.

    ×