In this presentation, you'll learn how to get started with bandwidth monitoring tool, NetFlow Analyzer. Topics covered: 1. Configuring flow export from network devices 2. Traffic group 3. Application mapping 4. In-depth traffic visibility 5. Threshold-based alerting

1. NetFlow Analyzer - Part I
Getting the initial settings right

2. Welcome to a free training on
NetFlow Analyzer!

3. Trainer
Piyushree
NetFlow Analyzer product expert

4. Agenda
• Exporting flows
• Traffic grouping
• Application mapping
• Threshold based alerting
• In-depth traffic visibility
• Knowledge base and best practices

5. NetFlow Analyzer demo build 123086

6. Minimum system requirements
2.4 GHz quad-core
processor, or
equivalent
4GB RAM 50GB storage Windows/LinuxPostgreSQL/MSSQL
These specifications only apply when raw data is turned off and the flow rate is below 3,000
flows/sec. Requirements will vary with different settings.

7. Initial setup
Set up flow export Viewing & customizing
real-time traffic graphs
Configuring alerts
Step1 Step 2 Step 3

8. Step 1: Configuring flow export from interfaces
NetFlow sFlow J-Flow
IP FIX NetStream AppFlow

9. Devices supported by NetFlow Analyzer
https://www.manageengine.com/products/netflow/supported-devices.html

10. Where and how do you send flows?
Ways of exporting flows to NetFlow
Analyzer:
i. Manual configuration
ii. Using Network Configuration Manager
Ports to be considered:
• Server port: NetFlow Analyzer's web server port
• Listener port: Port on which NetFlow Analyzer
receives flows
• Both ports are configurable

11. Using Network Configuration Manager add-on
Benefits of using Network Configuration Manager:
• No need to write commands
• Predefined configlets
• Export flows from multiple interfaces in bulk
• Backup and restore configurations for devices
• Create new configlets
Apply
credentials
Select
interfaces
Export
flow
Add
devices

12. Creating/modifying a configlet
• In Network Configuration Manager, go to
Settings > Configlets. Add a new configlet
by creating a custom template.
• Select devices and enter flow
configuration commands.
• Execute the new configlet.

13. https://download.manageengine.com/prod
ucts/netflow/Help-doc-for-flow-export.pdf
Help guide on steps to configure flows :

14. Common problems faced after
exporting flows

15. #1. NetFlow Analyzer shows "No Data Available" in graphs, even after I've
configured flows.
Solution: Two possibilities
1. The device is not configured
correctly for exporting flows.
2. A firewall or access list is blocking
the UDP port.
• Check if flows are received with the
help of Wireshark.
• Yes- Check for windows firewall/IP
tables for any restrictions and template
timeout to 60 seconds.
• No- Correct the configuration by setting
the active timeout to 60 seconds.

16. #2. I've added five interfaces. Why is one of my interfaces, "Interface Gi0/1," not
listed in NetFlow Analyzer?
Solution:
The particular interface isn't configured
for exporting flows.
• Interface is not configured correctly.
• Check for correct interface along with
its export configurations.

17. Step 2: Visibility into real-time traffic details
Inventory
Flow analysis
Config management
IP SLA
Packet analysis
Traffic overview Real-time traffic graphs

18. Inventory: Flow Analysis
Traffic overview
Device
Device groups
Lay 4 & 7 applications DSCP-based QoS
Wireless LAN controllers
Interface
IP / interface group
Attacks

19. Know the who, when and what of
your network traffic.
- Applications
- Protocols
- QoS
- Source
- Destination
- Conversation
Gain detailed visibility
into traffic usage by

20. High utilization in one of your network links?

21. Snapshot summary
Device traffic details:
• Traffic speed
• Associated interfaces by speed, volume
and utilization
• Top applications and protocols
• Top QoS
• Top Source, destination and
conversation
• AS traffic
Group traffic details:
• Traffic by speed, volume, utilization
and packets
• Associated applications and protocols
• DSCP QoS traffic
• Source, destination and conversation
Application traffic details:
• Traffic usage by volume
• Associated interfaces
QoS traffic details:
• Traffic usage by volume
• Associated interfaces
WLC traffic details:
• Controller traffic by speed, volume and
packets
• Associated access points
• Application traffic
• DSCP QoS traffic
• Conversation details with Client IPs and
SSIDs
Interface traffic details:
• Traffic by speed, volume, utilization and
packets
• Top applications and protocols
• Top Source, destination and
conversation by geo-location, network
and DNS name
• Top QoS traffic by DSCP and TOS
• SNMP/FNF NBAR, CBQoS
• Multicast report
• Medianet by volume, RTT, packet loss
• AVC

22. Visibility into Layer 7 application traffic
• Gain visibility into NBAR2 applications with Cisco AVC
monitoring (Application Visibility and Control).
• Advanced NBAR is used to identify web traffic, URL’s, file sharing
and random port application.
• View NBAR2 application, URL hit count (HTTP host report), QoS
class hierarchy and application response time monitoring
reports(ART monitoring).

23. Understand traffic for current QoS policies
Check the traffic usage by each DSCP value for policy
effectiveness.

24. Manage traffic usage by WLAN controllers
• Monitor Cisco WLAN controllers
and Meraki devices.
• Find the top traffic usage by access
points, SSIDs, applications, clients
etc.
• Troubleshoot a bandwidth spikes
by identifying consumption by
SSIDs, finding its top clients and
complete conversation details for
the selected time period.

25. • Identify junk/unusual traffic that disrupts your critical services.
• Using advanced mining algorithm, ASAM detects internal and
external security threats.
• ASAM classifies traffic as suspect flows, bad source and
destination, DDoS, and scans/probes.
Detect attacks with flow-based advanced security
analytics module

26. Tips to enhance visibility into your
traffic

27. My interfaces are named "IfIndex1" and "IfIndex2." How can I view the actual
name of devices and interfaces?
Solution: Three options
• Fetch name from router with SNMP
1. Create SNMP credential
v1/v2/v2 from discovery
2. Associate SNMP credentials
3. Edit device
• Fetch the DNS name.
• Enter your own name.

28. My interface utilization says it's above 100 percent. How do I set the correct
value?
Solution: Two possibilities
1. The speed is incorrect.
2. [OR] time sync problem.
• Set the proper IN and OUT speed in
bytes. Go to Inventory > Select
Interfaces > Set Speed.
• Make sure the device time and NFA
time is in sync
• Check flow filters

29. Most of the applications are listed as "_App". How do I map those applications
and also add my own applications?
Solution:
Application mapping for _App
• Interface >Application > _App >
Show port.
• Map application and define IP
address/ IP network/ IP range.
Application mapping for own apps
• Settings> netflow> mapping > add

30. Is there a way to view cumulative traffic?
Branches
VLANRelated appsNetwork subnet
Department
Traffic grouping

31. Sort traffic usage by groups
Types of groups
Device
Interface
IP
Application
DSCP
Benefits of creating groups:
• Monitor combined bandwidth usage to get
better picture of traffic consumption.
• Provide access to operators based on
groups.
• Provide better visibility to improve
troubleshooting.

32. Scenarios: Creating groups

33. How do I check traffic usage by different branches?
Solution
Create a device grouping for
different branches.
• Combine devices under a branch
to create groups.
• Generate group reports.

34. How do I monitor combined traffic for VLAN?
Solution
An un-routed VLAN will not send traffic like an
interface, but NetFlow Analyzer will discover
its associated interfaces.
• Create an Interface Group that
includes all of the VLAN's
interfaces to monitor the
cumulative traffic.
• Other option: failover, load
balancing, port channeling, and
aggregation.

35. How do I manage each of my customers' traffic ?
Solution
Create IP groups for each customer.
• Combine IPs to create groups.
• Generate group reports.
• Group based on IP range, network,
monitoring between sites.
• Other option: between sites and
department

36. How do I view business critical traffic and see how much bandwidth is used?
Solution
Create application groups.
• Combine apps to create a group.
• Find total utilization for each group.
• Pull combined traffic reports.

37. Simplified and customizable Inventory
Edit configurationCustom filters/sort
Custom views Quick search

38. Filter up to the last 30 days Create device group
Create device/interface/app
group
Inventory search
Set speed Set SNMP Zoom in graphs Generate instant reports
New in v12
Unmanage/delete device
Add to Network
Configuration Manager
Table/list/status viewConfigure NBAR & CBQoS
Service policy & ACL Clear alarm/add note
Various device-specific custom options
New in v12

39. Step 3: Alerting
Link down Link overutilized
Threshold violation Link slow

40. Alert Profiles
Preconfigured alerts:
• Link down
• No flow
Threshold based alerts
• IP range, IP address or IP network
• Based on port/protocol range
• Based on application
• Based on DSCP

41. I want to get alerted when the interface is over utilized in a WAN link?
Solution
• Set a threshold alert for overutilized
links.
• Provide a threshold value.
• Set up email/SMS notifications.

42. Thresholds based on multiple conditions
Select source Select criteria Define threshold Save alert profile
Alerts specific to below violation:
• Utilization
• Volume
• Speed
• Packets
Alert severity levels:
• Critical
• Trouble
• Attention

43. How do I set up notifications?
Types of notifications:
• Email
• SMS
• Trigger SNMP trap
• Modify an alarm's description.
• Get reports via email. New in v12
Step 1: Configure mail server settings.
Step 2: Set threshold.
Step 3: Provide an email address or phone number.
Step 4: Save alert.

44. Summary
Set up flow export
#1. Data not available
#2. Interfaces not listed
Viewing & customizing
bandwidth graphs
#1. Fetch device/interface name
#2. Utilization above 100%
#3. Map unknown applications
#4. Show DNS name
#5. Categorize traffic groups
#6. Customize time filter
Configuring alerts
#1. Set interface overutilized
alert
#2. Link down
Step1 Step 2 Step 3

45. Recent enhancements in NetFlow Analyzer
• 'Guest' user privilege has been added for NetFlow installation.
• Dashboard loading has been revamped and optimized.
• iPhone/Android and iPad application download links available in login.
• In the Inventory page, product based tabs have been moved horizontally.
• Quick links added for sending support mail, apply license, phone number, SIF,
User guide, Videos, Service pack, ThreadDump, DB Query & view Logs with a
support icon.
• Added an option to export to PDF and mail for individual graph reports.
• SFlow flow format for multiple MPLS can be added now.
• Added an option to configure billing with base cost as zero.

46. How NetFlow Analyzer scores high over others
• Detailed view of applications and QoS traffic
• Traffic grouping options (total traffic based on interfaces, IPs, apps, QoS and
grouped)
• Site to site total traffic view
• Alarms for IP groups
• Wireless LAN monitoring
• Attacks
• AS view
• and more....

47. Upcoming training on May 22nd
Part II: Diagnosing and troubleshooting traffic issues
faster
• Alarms
• Customizing data storage
• Troubleshooting with forensics
• Reporting and automation
• Capacity planning
• Traffic shaping
• Customizing dashboards
• Usage-based billing

48. Need more help?
youtube.com/opmanagertechvideos
help.netflowanalyzer.com
forums.manageengine.com/netflowanalyzer
netflowanalyzer-support@manageengine.com
+1 (888) 720-9500 / +1 (408) 916 - 9400

49. Thank you!
netflowanalyzer-support@manageengine.com