Orion NTA Customer Training


Published on

For more information on NTA, visit: http://www.solarwinds.com/products/network-traffic-analyzer/info.aspx

Watch this webcast: http://www.solarwinds.com/resources/videos/video-tutorial-netflow-training-part-i.html

This video tutorial covers NetFlow best practices for planning and deployment and is Part 1 of the NetFlow training series.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Orion NTA Customer Training

  1. 1. Introduction  A big “Howdy” from SolarWinds based in Austin, Texas » Josh Stephens, Head Geek, Monster Blogger, Constant Tweeter » Chris LaPoint – Senior Product Manager, lover of island living, beaches, and sand…  Today’s Topic: Training on the Orion NetFlow Traffic Analyzer  Who is SolarWinds? » Dude, if you don’t’ know this you’re on the wrong webcast…
  2. 2. Housekeeping  Can you hear me now?  If not, use the GoToWebinar chat or Q&A panel to let us know.  How do you win the free stuff?  How do you ask questions?  Will this thing be recorded?  Ask lots of questions, if needed we’ll do a part #2…
  3. 3. Agenda  What is NetFlow and Why Do I Need It?  NMS Deployment Preparation  Installing and Configuring NTA  Enabling Devices for NetFlow  Maximizing the benefits of NTA  Optimizing the User Interface  Best Practices for using NTA data  Q&A
  4. 4. Basics of Traffic Flow Technologies  Keeps track of the traffic flowing from place to place  Traditionally leveraged on to monitor layer 3 (routed) traffic flows  Recent addition of layer 2 (switched) traffic detail
  5. 5. What is a “Flow”  A flow is identified by NetFlow v5 Key Fields combining a set of key Source IP Address Destination IP Address fields from the network Source Port Number packets Destination Port Number Layer 3 Protocol Type ToS byte  A flow has a set of Logical Interface Index statistical data NetFlow v5 Flow Statistics System uptime start of flow System uptime end of flow # of packets in flow # of bytes in flow
  6. 6. Shared Technical Details  Transport Protocol is UDP » Some newer versions optionally support TCP and SCTP » UDP Port numbers are generally configurable  Technology included within router/switch software » Check your IOS feature set if using Cisco gear » Some implementations in software, some on ASIC  Easy to configure/enable on network gear » Usually only a few CLI commands » Some devices configurable via SNMP and/or web services interface
  7. 7. Top 5 Reasons to use Flow Technology Boss Reasons Geek Reasons #5 Helps meet compliancy needs #5 Helps you keep hackers out #4 Enables cost savings on service #4 Points out the bandwidth hogs provider costs #3 Aids with capacity planning #3 Helps you fine-tune your QoS implementations #2 Identify non-essential traffic #2 Immediately know when a cool new YouTube video is discovered
  8. 8. Top 5 Reasons to use Flow Technology Boss Reason #1 Geek Reason #1 You already own the hardware It’s just plain cool!!
  9. 9. Possible Downfalls – Rumors and Facts  Turning on NetFlow will kill my routers…  sFlow data isn’t valuable because it doesn’t include all of the data…  Collecting NetFlow data can generate a very large database…  I need to buy a complicated and expensive piece of software to leverage the flow data…
  10. 10. Comparison of Flow Analysis Technology  NetFlow Version 5 » Developed by Cisco Systems but now in use by several vendors » Includes details for all traffic flows » Reports data including source and destination interfaces, IP addresses, protocol, port numbers, AS numbers, and TOS/DSCP information.  NetFlow Version 7 » Rarely seen today » Specific to Cisco Catalyst Switches  NetFlow Version 8 » Rarely seen today » Aggregation Technology introduced  NetFlow Version 9 » Introduces flexible NetFlow concepts » Mainstream availability of aggregation features
  11. 11. Comparison of Flow Analysis Technology  J-Flow » Developed by Juniper Networks • Effectively the same as NetFlow Version 5  sFlow » Standards based (RFC 3176) • Supported by many vendors including HP, Extreme, Foundry, Juniper, Nortel » Is based on a statistical sampling of the data flows » Implemented primarily for layer 2/3 switches passing very large amounts of traffic  IPFIX » Sometimes referred to as NetFlow Version 10 » Uses NetFlow v9 as a starting point » Template based exporting
  12. 12. Comparison of Flow Analysis Technology  J-Flow » Developed by Juniper Networks » Effectively the same as NetFlow Version 5  sFlow » Standards based (RFC 3176) » Supported by many vendors including HP, Extreme, Foundry, Juniper, Nortel » Is based on a statistical sampling of the data flows » Implemented primarily for layer 2/3 switches passing very large amounts of traffic  IPFIX » Sometimes referred to as NetFlow Version 10 » Uses NetFlow v9 as a starting point » Template based exporting
  13. 13. NMS Deployment Preparation  Step One – Define and document that scope of the network you’re managing  Step Two – Identify the system requirements for Orion based upon the managed scope  Step Three – Assess your current installation environment  Step Four - Evaluate the gap (if any) and make plans for deployment
  14. 14. Step One – Scoping the Environment  Discover/document the network » Number of nodes » Number of interfaces » Number of NetFlow nodes and interfaces » Speed of NetFlow interfaces  Document and prioritize the best places to analyze traffic » Most expensive links » Internet connections » Junction points between networks  Document the aggregate bandwidth that you’re trying to analyze (or number of flows if you can)
  15. 15. Step Two – Orion’s System Requirements  Leverage the Orion NPM and NTA Administrator’s Guides » System requirements are well laid out within these manuals » Remember – these are minimum requirements. If you want better performance, you need to step up the hardware.  Leverage your SQL Server admin’s expertise » Building high-performance SQL Servers is a form of art… » Explain to them the I/O requirements of your NMS
  16. 16. Step Three – Document the current setup  Document what you have available today » What sort of server is Orion on? » Is SQL on the same machine? » What sort of server is SQL on? » What sort of storage system is in use?  What do you have that you’re not using? » Corporate SQL server implementations… » Decommissioned HPOV or Exchange servers?
  17. 17. #5 Add more RAM. It’s almost always a good thing… #4 Disk controllers – use disk controllers with at least 256MB of battery- backed up write back cache enabled. Put the data and log files on separate controllers. #3 RAID – RAID 5 is OK for the OS, but don’t use it for data storage. RAID 1,0 offers significantly better I/O. #2 Use Ramdisk. It significantly speeds up the SQL Server. #1 Be very wary of SANs… Most aren’t optimized for this sort of use.
  18. 18. Step Four – Evaluate the gap  Where is your current implementation deficient? » Is the Orion server sized correctly? » Does SQL need to be moved? » Is the SQL server sized correctly? » Do you need additional pollers/collectors?  Prioritize your deployment » Start by enabling NetFlow on a single device/interface » Use the best practices for deploying in a “lean” environment » Ramp up your deployment as your hardware can support them
  19. 19. Installing and Configuring NTA in a Lean Environment  Enable NetFlow collection pragmatically  Go short on data retention » How much data can you really look at? » You can always increase it later…  Enable “On Demand DNS Resolution”  Use “Allow Monitoring of Flows from Unmanaged Interfaces”  Use “Smart Traffic Filtering”
  20. 20. Smart Traffic Filtering  In most networks, 95% of the traffic traversing the network is represented in only 4% of the flows  Why store the noise?  Smart Traffic Filtering uses 20x less data storage and I/O.  Doesn’t change the use case for most customers…  This is how you do it…
  21. 21. Smart Traffic Filtering To enable this feature, please follow these steps:  Find file NetFlowService.exe.config by default located at “C:Program FilesSolarwindsOrionNetFlowTrafficAnalysis” and make backup copy of it  Open this file in notepad  Also, find the following line in the file and change options as specified below:  <pduLimiter enabled="true" globalRestriction="1" dataPercentageRestriction="95"  Save this file  Restart NTA service
  22. 22. Enabling Devices for NetFlow Step #1 – be sure that the device supports NetFlow, J- Flow, sFlow, or IPFix. For Cisco devices – http://www.cisco.com/go/fn Step #2 – leverage the hardware manufacturers documentation for enabling NetFlow on the device. Start with a single interface on that device. Step #3 – if you’re having trouble configuring the device, leverage video support Step #4 – be sure the device and interfaces are managed within Orion and that the interface is specified as a “NetFlow managed interface”
  23. 23. Analyzing traffic thru non-NetFlow devices  Be sure the device doesn’t support flow analysis » Does it support J-Flow, sFlow, or IPFix instead? » Is it by chance a Cisco ASA?  Analyze from an adjacent device  Consider adding a capable device instream  Advanced tactic – leverage an open source tool to convert packet streams to NetFlow
  24. 24. Optimizing the Orion NTA Website  For most use cases, drill down vs. using the NetFlow tab…  Decide how important UI performance is to you and optimize views accordingly  Avoid “Network Wide” resources where you can  Don’t put “heavy” resources on heavily displayed pages  Let’s go see what I mean…
  25. 25. Using the Information NTA Provides  What each of the resources mean…  Using NPM and NTA together  Using the Traffic View Builder  Solving problems
  26. 26. Summary and Q&A Thank you for attending! To learn more or to download free 30-day trials of SolarWinds products visit: www.SolarWinds.com Contact information Josh Stephens, Head Geek headgeek@solarwinds.com twitter: sw_headgeek Blog: http://thwack.com/blogs/geekspeak/ p.s. Remember to renew your maintenance!!!