Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

NetFlow Best Practices - Tips and Tricks to Get the Most Out of Your Network Bandwidth

584
views

Published on

Network bandwidth usage is one of the biggest contributors to your network performance. By taking advantage of the flow technology that is built into most routers and switches, you can quickly …

Network bandwidth usage is one of the biggest contributors to your network performance. By taking advantage of the flow technology that is built into most routers and switches, you can quickly identify bottlenecks and troubleshoot bandwidth related problems. Join our SolarWinds Head Geek, Don Jacob and Sales Engineer David Byrd as they discuss and share the tips and tricks to get the most out of your network bandwidth.

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
584
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Hello everyone and welcome to the solarwinds webcast “NetFlow deep dive..: tips and tricks
  • Today, we will intorudce you to netflow and similar flow technologies that can help you with your bandwidth monitoring and traffic analytics. And then we will talk about how you can use netflow to solve day-to-day network problems after which we will introduce you to solarwinds bandwidth analyzer pack
  • For those who are new to Solarwinds.. We are developers of Powerful and easy-to-use Enterprise class software that can help with monitoring and management of your network, systems, virtualization, storage. Our products can cater to both the SMBs as well as large enterprises..there are more than a million registered end-users who have downloaded our free tools alone..
  • So, as I have said before, NetFlow is comes free with the vast majority of your switches, routers, and network devices, but how do you monitor all of this flow data that you are now capturing. You can, of course, telnet directly to the device and extract data using CLI. While this may get you your data, it is not the most user friendly or intuitive solution.

    This is where automated tools come into play. SolarWinds Bandwidth Analyzer Pack is a combination of SolarWinds Network Performance Monitor and NetFlow Traffic Analyzer. NPM provides fault, performance and availability monitoring while NetFlow Traffic Analyzer collects flow data to tell you how your network bandwidth is being used.

    When combined together, you can detect, diagnose and resolve network performance issues; track response time, availability, and uptime of routers, switches and other SNMP enable devices; monitor and analyze network bandwidth performance traffic patterns; and identify bandwidth hogs and see which applications are using the most bandwidth all in a graphical interactive web interface.
  • Transcript

    • 1. NetFlow Deep Dive: Tips and Tricks to get the Most Out of Your Network Bandwidth © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
    • 2. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. A Few Notes about Today’s Session » Today’s content will cover useful NetFlow tips for Network Admins  We’ll also show how to implement many of the tips using NetFlow monitoring software » Ask questions!!!  No attendee left behind  Don’t wait until the end – ask questions using the chat box and we will do our best to cover them all » Today’s Session is being recorded  solarwinds.com  slideshare.com Don Thomas Jacob Head Geek SolarWinds David Byrd Sales Engineer SolarWinds
    • 3. What’s in Today’s Session » SolarWinds® Overview » Introduction to NetFlow and other Flow Technologies » NetFlow Tips and Tricks  Troubleshooting Network Issues  Visibility into microbursts  Network Anomaly Detection  Tracking Cloud Performance  Monitoring BYOD Impact  Validate Quality of Service (QoS) and Type of Service (ToS)  Long-term history and Capacity Planning » SolarWinds® Bandwidth Analyzer Pack » Resources » Questions? © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 3
    • 4. SolarWinds Overview 4 Provide enterprise-class network, systems, virtualization, and storage resource management software that is powerful, easy-to-use, and affordable  Rapidly Growing & Highly Profitable IT Management Company » We sell to businesses of all sizes from SMB to Large Enterprise » Over 100,000 customers in 170 countries » More than 450 of the Fortune 500 are customers » More than one million registered end-users have downloaded our free tools » Founded in 1999 to deliver IT management software that works for you – and that delivers on our promise of "unexpected simplicity." © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
    • 5. 5 Introduction to Flow Technologies © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED.
    • 6. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Introduction to NetFlow and other Flow Technologies » NetFlow – Developed by Cisco® as a switching path and now the primary traffic accounting technology » Answers questions of WHO, WHAT, WHEN and WHERE of bandwidth monitoring and traffic analytics » All major routing and switching devices supports NetFlow or similar Flow options 6
    • 7. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Introduction to NetFlow and other Flow Technologies 7 NetFlow Enabled Network Device Traffic Traffic NetFlow Reporter UI
    • 8. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Introduction to NetFlow and other Flow Technologies 8 Supported on most enterprise class devices including Layer 2 switches
    • 9. destination 192.168.16.1 source loopback0 transport udp 2055 export-protocol netflow-v9 output-features Pre-Defined Flow Records netflow-original netflow ipv4 original-input Custom Flow Record Customized using match or collect statements Flow Exporter + Flow Record Flow Exporter Flow Record Flow Monitor Apply Flow Monitor on Interface interface serial 2/1 ip flow monitor monitor_name input » Flexible NetFlow – Leverages NetFlow v9 » Customizable key and non-key fields : Allows users to decide what is exported » Configuration involves creating © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Cisco® Flexible NetFlow 9 Flow RecordFlow Exporter Flow Monitor
    • 10. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Other Flow Technologies 1010 Flow Format About IPFIX™ IETF standard for flow export. Customizable and template based like NetFlow. Available on: Barracuda Networks®, Extreme® switches, Sonicwall®, etc. sFlow® Sampling based - 1 in N “packets” captured for traffic analytics. Supported by most vendors: Alcatel®, Brocade® – Foundry®, Dell® - Force 10™, Enterasys®, ExtremeXOS®, Fortinet®, HP® ProCurve®, Juniper®, Vyatta®, etc. http://www.sflow.org/products J-Flow Proprietary protocol from Juniper®for flow export from Juniper® routers, switches and firewalls NetStream™ A variation of NetFlow supported on Huawei / 3COM devices
    • 11. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Tips and Tricks 11
    • 12. » Network uptime is “critical” to revenue » NetFlow identifies  Source and Destination Interface  Source and Destination IP Addresses  Source and Destination Port Addresses  Protocol  Type of Service and DSCP » Helps in quicker troubleshooting of issues such as application slowness or performance degradation © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Troubleshooting Network Issues 12
    • 13. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Troubleshooting Network Issues 13 Source IP Address Destination IP Address Input and Output Interface Source and Destination Port Protocol Flow Start and End time Packet and Octet count ToS TCP Flags Protocol Source AS Information Destination AS Information Identify source and destination hosts involved in a traffic flow and its route in the network What application is using the bandwidth Using historical data for analysis? See when the incident occurred and traffic volume Priority of applications in the network; Status of a TCP conversation; Protocol distribution Route of the traffic flow; Using expensive AS during peering?
    • 14. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. » Short bursts in network traffic that is higher than normal - overwhelms the network and affects overall network performance » Impossible to find ‘WHO’ with SNMP and too much data for continuous packet capture » NetFlow is neither data intensive nor resource intensive » Allows for continuous capture and can report on WHO caused the spike Microburst Visibility 14
    • 15. » Signature based anomaly detection fails with zero-day malware » Firewalls work based on rules defined by user. Non-signature IDS / IPS are very expensive » Security issues with emerging trends like telecommuting and BYOD. Malwares directly reach LAN via an infected BYOD © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Network Anomaly Detection 15 Signature Anomaly Blocked M A AL W R E R E WA L A M Non-Signature Anomaly passes Undetected IDS
    • 16. » Your network could be hosting a bot. Firewalls and IDS / IPS track only inbound traffic » Analyze changes in traffic patterns and unexpected traffic behavior to detect anomalous traffic including zero-day malware » High SMTP traffic; Short burst of packets; One host to many on same port; Traffic on unknown ports; Too many TCP SYN flags; » NetFlow based traffic analytics helps with network behavior anomaly detection © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Network Anomaly Detection 16
    • 17. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Tracking Cloud Performance 17 » The biggest impact of the cloud is on the bandwidth » SaaS based approach means ensuring bandwidth is always available for business apps » It’s necessary to look out for bottlenecks, bandwidth hogs, unauthorized protocol usage and application priority » NetFlow data carries information on cause of traffic bottlenecks, end points using bandwidth, applications being used and conversation priority
    • 18. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Monitoring BYOD Impact » BYOD is inevitable. Enterprises are either adopting BYOD or employees are already using them » BYOD adds more traffic to your network – What is the impact on bandwidth? » Are unauthorized applications being used or is BYOD competing with business applications? » NetFlow breaks down on application usage and source of traffic along with DSCP information 18
    • 19. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Validate Quality of Service (QoS) and Type of Service (ToS) » Bandwidth is finite. Applications compete with one another for bandwidth when traversing the WAN » Ensure back ups and scavenger traffic do not have higher priority over your critical applications » NetFlow data reports on ToS and DSCP fields from traffic conversations. Validate your QoS is working as expected 19 FTP VoIP Peer to Peer Web Internet Link Web AF31 FTP AF11
    • 20. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Historic Reports and Capacity Planning » Increasing head count or adopting new technologies – First step should be historic data analysis, not throwing more bandwidth » Is bandwidth growth along expected lines or misused? How has application usage changed over time? Has overall usage increased? Which application is used the most? 20 0 20 40 60 80 100 2010 2011 2012 2013 2014 Growth Trend
    • 21. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Historic Reports and Capacity Planning 21 » NetFlow data can be stored forever unlike pcap which needs huge storage space » Visibility into traffic trends - bandwidth utilization, most used applications, per application usage, conversations, and end-points » Take informed capacity planning decisions leveraging 1 minute granular reports
    • 22. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Bandwidth Analyzer Pack 22 » Detect, diagnose, and resolve network performance issues » Track response time, availability, and uptime of routers, switches, and other SNMP-enabled devices » Monitor and analyze network bandwidth performance and traffic patterns » Identify bandwidth hogs and see which applications are using the most bandwidth » Graphically display performance metrics in real time via dynamic interactive maps
    • 23. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. 23 Bandwidth Analyzer Pack Demo
    • 24. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Resources » Download a free fully functional 30-day trial at http://www.solarwinds.com/lp/network-bandwidth-analyzer-pack.aspx » Videos  Network Performance Monitor Overview  NetFlow Traffic Analyzer Overview  How to Configure NetFlow on Cisco Routers » Blogs  NETFLOW V9 DATAGRAM KNOWLEDGE SERIES - NETFLOW OVERVIEW 24
    • 25. » To learn more visit: http://www.solarwinds.com/lp/network-bandwidth-analyzer-pack.aspx » Join our community of 150,000+ IT pros at www.thwack.com » Follow us on Twitter® @headgeeks Thank you for attending! © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Summary and Q & A 25
    • 26. © 2014 SOLARWINDS WORLDWIDE, LLC. ALL RIGHTS RESERVED. Thank You! The SOLARWINDS and SOLARWINDS & Design marks are the exclusive property of SolarWinds Worldwide, LLC, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks, registered or pending registration in the United States or in other countries. All other trademarks mentioned herein are used for identification purposes only and may be or are trademarks or registered trademarks of their respective companies.