Your SlideShare is downloading. ×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Orion NTA Customer Training


Published on

For more information on NTA, visit: …

For more information on NTA, visit:

Watch this webcast:

This video tutorial covers NetFlow best practices for planning and deployment and is Part 1 of the NetFlow training series.

Published in: Technology
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. Introduction  A big “Howdy” from SolarWinds based in Austin, Texas » Josh Stephens, Head Geek, Monster Blogger, Constant Tweeter » Chris LaPoint – Senior Product Manager, lover of island living, beaches, and sand…  Today’s Topic: Training on the Orion NetFlow Traffic Analyzer  Who is SolarWinds? » Dude, if you don’t’ know this you’re on the wrong webcast…
  • 2. Housekeeping  Can you hear me now?  If not, use the GoToWebinar chat or Q&A panel to let us know.  How do you win the free stuff?  How do you ask questions?  Will this thing be recorded?  Ask lots of questions, if needed we’ll do a part #2…
  • 3. Agenda  What is NetFlow and Why Do I Need It?  NMS Deployment Preparation  Installing and Configuring NTA  Enabling Devices for NetFlow  Maximizing the benefits of NTA  Optimizing the User Interface  Best Practices for using NTA data  Q&A
  • 4. Basics of Traffic Flow Technologies  Keeps track of the traffic flowing from place to place  Traditionally leveraged on to monitor layer 3 (routed) traffic flows  Recent addition of layer 2 (switched) traffic detail
  • 5. What is a “Flow”  A flow is identified by NetFlow v5 Key Fields combining a set of key Source IP Address Destination IP Address fields from the network Source Port Number packets Destination Port Number Layer 3 Protocol Type ToS byte  A flow has a set of Logical Interface Index statistical data NetFlow v5 Flow Statistics System uptime start of flow System uptime end of flow # of packets in flow # of bytes in flow
  • 6. Shared Technical Details  Transport Protocol is UDP » Some newer versions optionally support TCP and SCTP » UDP Port numbers are generally configurable  Technology included within router/switch software » Check your IOS feature set if using Cisco gear » Some implementations in software, some on ASIC  Easy to configure/enable on network gear » Usually only a few CLI commands » Some devices configurable via SNMP and/or web services interface
  • 7. Top 5 Reasons to use Flow Technology Boss Reasons Geek Reasons #5 Helps meet compliancy needs #5 Helps you keep hackers out #4 Enables cost savings on service #4 Points out the bandwidth hogs provider costs #3 Aids with capacity planning #3 Helps you fine-tune your QoS implementations #2 Identify non-essential traffic #2 Immediately know when a cool new YouTube video is discovered
  • 8. Top 5 Reasons to use Flow Technology Boss Reason #1 Geek Reason #1 You already own the hardware It’s just plain cool!!
  • 9. Possible Downfalls – Rumors and Facts  Turning on NetFlow will kill my routers…  sFlow data isn’t valuable because it doesn’t include all of the data…  Collecting NetFlow data can generate a very large database…  I need to buy a complicated and expensive piece of software to leverage the flow data…
  • 10. Comparison of Flow Analysis Technology  NetFlow Version 5 » Developed by Cisco Systems but now in use by several vendors » Includes details for all traffic flows » Reports data including source and destination interfaces, IP addresses, protocol, port numbers, AS numbers, and TOS/DSCP information.  NetFlow Version 7 » Rarely seen today » Specific to Cisco Catalyst Switches  NetFlow Version 8 » Rarely seen today » Aggregation Technology introduced  NetFlow Version 9 » Introduces flexible NetFlow concepts » Mainstream availability of aggregation features
  • 11. Comparison of Flow Analysis Technology  J-Flow » Developed by Juniper Networks • Effectively the same as NetFlow Version 5  sFlow » Standards based (RFC 3176) • Supported by many vendors including HP, Extreme, Foundry, Juniper, Nortel » Is based on a statistical sampling of the data flows » Implemented primarily for layer 2/3 switches passing very large amounts of traffic  IPFIX » Sometimes referred to as NetFlow Version 10 » Uses NetFlow v9 as a starting point » Template based exporting
  • 12. Comparison of Flow Analysis Technology  J-Flow » Developed by Juniper Networks » Effectively the same as NetFlow Version 5  sFlow » Standards based (RFC 3176) » Supported by many vendors including HP, Extreme, Foundry, Juniper, Nortel » Is based on a statistical sampling of the data flows » Implemented primarily for layer 2/3 switches passing very large amounts of traffic  IPFIX » Sometimes referred to as NetFlow Version 10 » Uses NetFlow v9 as a starting point » Template based exporting
  • 13. NMS Deployment Preparation  Step One – Define and document that scope of the network you’re managing  Step Two – Identify the system requirements for Orion based upon the managed scope  Step Three – Assess your current installation environment  Step Four - Evaluate the gap (if any) and make plans for deployment
  • 14. Step One – Scoping the Environment  Discover/document the network » Number of nodes » Number of interfaces » Number of NetFlow nodes and interfaces » Speed of NetFlow interfaces  Document and prioritize the best places to analyze traffic » Most expensive links » Internet connections » Junction points between networks  Document the aggregate bandwidth that you’re trying to analyze (or number of flows if you can)
  • 15. Step Two – Orion’s System Requirements  Leverage the Orion NPM and NTA Administrator’s Guides » System requirements are well laid out within these manuals » Remember – these are minimum requirements. If you want better performance, you need to step up the hardware.  Leverage your SQL Server admin’s expertise » Building high-performance SQL Servers is a form of art… » Explain to them the I/O requirements of your NMS
  • 16. Step Three – Document the current setup  Document what you have available today » What sort of server is Orion on? » Is SQL on the same machine? » What sort of server is SQL on? » What sort of storage system is in use?  What do you have that you’re not using? » Corporate SQL server implementations… » Decommissioned HPOV or Exchange servers?
  • 17. #5 Add more RAM. It’s almost always a good thing… #4 Disk controllers – use disk controllers with at least 256MB of battery- backed up write back cache enabled. Put the data and log files on separate controllers. #3 RAID – RAID 5 is OK for the OS, but don’t use it for data storage. RAID 1,0 offers significantly better I/O. #2 Use Ramdisk. It significantly speeds up the SQL Server. #1 Be very wary of SANs… Most aren’t optimized for this sort of use.
  • 18. Step Four – Evaluate the gap  Where is your current implementation deficient? » Is the Orion server sized correctly? » Does SQL need to be moved? » Is the SQL server sized correctly? » Do you need additional pollers/collectors?  Prioritize your deployment » Start by enabling NetFlow on a single device/interface » Use the best practices for deploying in a “lean” environment » Ramp up your deployment as your hardware can support them
  • 19. Installing and Configuring NTA in a Lean Environment  Enable NetFlow collection pragmatically  Go short on data retention » How much data can you really look at? » You can always increase it later…  Enable “On Demand DNS Resolution”  Use “Allow Monitoring of Flows from Unmanaged Interfaces”  Use “Smart Traffic Filtering”
  • 20. Smart Traffic Filtering  In most networks, 95% of the traffic traversing the network is represented in only 4% of the flows  Why store the noise?  Smart Traffic Filtering uses 20x less data storage and I/O.  Doesn’t change the use case for most customers…  This is how you do it…
  • 21. Smart Traffic Filtering To enable this feature, please follow these steps:  Find file NetFlowService.exe.config by default located at “C:Program FilesSolarwindsOrionNetFlowTrafficAnalysis” and make backup copy of it  Open this file in notepad  Also, find the following line in the file and change options as specified below:  <pduLimiter enabled="true" globalRestriction="1" dataPercentageRestriction="95"  Save this file  Restart NTA service
  • 22. Enabling Devices for NetFlow Step #1 – be sure that the device supports NetFlow, J- Flow, sFlow, or IPFix. For Cisco devices – Step #2 – leverage the hardware manufacturers documentation for enabling NetFlow on the device. Start with a single interface on that device. Step #3 – if you’re having trouble configuring the device, leverage video support Step #4 – be sure the device and interfaces are managed within Orion and that the interface is specified as a “NetFlow managed interface”
  • 23. Analyzing traffic thru non-NetFlow devices  Be sure the device doesn’t support flow analysis » Does it support J-Flow, sFlow, or IPFix instead? » Is it by chance a Cisco ASA?  Analyze from an adjacent device  Consider adding a capable device instream  Advanced tactic – leverage an open source tool to convert packet streams to NetFlow
  • 24. Optimizing the Orion NTA Website  For most use cases, drill down vs. using the NetFlow tab…  Decide how important UI performance is to you and optimize views accordingly  Avoid “Network Wide” resources where you can  Don’t put “heavy” resources on heavily displayed pages  Let’s go see what I mean…
  • 25. Using the Information NTA Provides  What each of the resources mean…  Using NPM and NTA together  Using the Traffic View Builder  Solving problems
  • 26. Summary and Q&A Thank you for attending! To learn more or to download free 30-day trials of SolarWinds products visit: Contact information Josh Stephens, Head Geek twitter: sw_headgeek Blog: p.s. Remember to renew your maintenance!!!