Earlier in my blogs,we have explored different technologies and features that are offered by NetFlow Analyzer related to bandwidth monitoring. This blog post is about a futuristic reporting feature.

The future is going to be IPV6(yes! it is officially launched) networks ranging from small to large are slowly migrating to IPV6 and for sure the IPV4 will be faced off soon.

Here few advantages of IPV6:

• Simplified Addressing

• Auto Configuration

• Mobility

• Secure communication

NetFlow Analyzer as a bandwidth monitoring tool quickly adopted this migration and brought a preliminary support to IPV6, that is we can see IPV6 related information in the raw data reports.

For detail study on data storage pattern in NetFlow Analyzer, visit this link.

IPV6 related conversations, sources and destinations can be seen under Source, Destination and Conversation Tabs when you drill down to an interface and generate report for lesser than 2 Hours from the current time.

The troubleshooting report will also show the IPV6 related conversation report, Click here to know more about Troubleshooting Report.

Soon you can see IPV6 support in Aggregated data and IP group reporting.

For 30 Day Trial, click Download now.

Thanks and Regards

Praveen Kumar

We grew up in the times of bits, bytes, kilobytes and megabytes. In the last decade we got amazingly familiar with GBs and TBs. In today’s world, we no longer talk in terms of KBs or MBs. It did take ten long years for our minds to get used to GBs from MBs. But, it is not going to be the same anymore. In three years, we would be talking casually about zettabytes.

The rise in the usage of non-PC devices like smartphones, tablets and smart TVs, IP traffic would grow at an exponential rate and touch the zettabyte mark by 2015.

The demand for HD and 3D is on the rise too and is expected to contribute to more than 70% of total video traffic by 2015 which means more demand for bandwidth.

All of this puts immense pressure on the administrator to ensure sufficient bandwidth for vital applications running on the Enterprise networks. There isn’t any reason to be surprised if HD video conferencing and 3D virtual boardrooms become reality. When that happens, the demand for enterprise network bandwidth would increase manifolds. It would be imperative for you as an Administrator to provision adequate bandwidth for delay-free, jitter-free and prompt delivery of these bandwidth-intensive yet critical applications.

Any compromise on the quality of service of these latency and delay-sensitive applications would result in undesirable consequences. In this scenario, QoS will no longer remain an option but a mandatory aspect of network management. Contrary to popular myths that revolve around QoS, it isn’t difficult to design and implement. As our attempt to help end-users realize the full potential of QoS, ManageEngine presented a webinar jointly with Cisco on ‘QoS Design and validation for Enterprises’. For those of you that missed it, here is the recording of the webinar.

This blog give you a detail information on RAW data and its uses in NetFlow Analyzer.

NetFlow Analyzer stores two types of data i.e. Raw data and Aggregated data. Raw data pertains to each and every flow information that is been exported from the devices. This contains information such as TCP flag, Number of packets, Next hop information along with Port, protocol and the IP addresses.

Aggregated data pertains to the top 100 flows (all fields in NetFlow data exported) based on the bytes for every interface for every 10 minute interval. Older data is repeatedly rolled up into less granular times (10 minute, 1 hour, 6 hour, 24 hour and weekly).

As Raw data contains each and every flow information this consumes huge disk space. You can store the raw data based on the flow rate and the disk space available in the server and so is set to be stored for maximum of 30 days . To make it simple NetFlow Analyzer itself display the flow rate and the time period you can store the raw data. You can view this information by navigating to Admin → Raw Data Settings as shown below:

In this page you can also trigger alert if the free disk space goes below threshold limit and to automatically delete the older raw data when disk space goes below a specified percentage.

The raw data is used in the product when generating 'Troubleshoot' reports and the last 2 hours reports will be generated from the raw data. The raw data has complete port level information which helps in detailed analysis of traffic.

Last 2 hour Reports:

In NetFlow Analyzer for the time period like 15, 30 minutes and last hour information will be queried from RAW data. From this selected period of time you can expand the show data point under the traffic tab to view the link utilization for each minute.

If you wanted to have a look at a minute data you can click on the hyper link available for that time period. This will display all the conversation happened during that minute. You can export the information in a PDF or CSV format, even you can email the report.

Note: Hyper link will not be available if it exceed the Raw data storage time period.

To Generate Troubleshooting report Drill down to an interface, click on More Report → Troubleshooting report.

In this report you can enter in source and destination IP Addresses or the protocol, to view the amounted of data transferred from the selected period of time.

To find the amount of data transferred between to two host for the selected period of time, you can add criteria and specify the IP addresses and select 'Match all the following. This will display each and every conversation happened between the two host. You can also add the port or the Application you wanted to have a look. By this you can find out the information passed between them.

Arun Karthik Asokan

I hope everyone who had attended our joint webinar with Cisco about QoS Design and validation, would have got a better idea on how to design a network with effective QoS policing. For those who missed the Webinar, you can find the video presentation here.

In continuation to our Webinar, this blogs helps you in setting up QoS policies for Live Video Traffic and monitor them using NetFlow Analyzer.

On a network the Video traffic spread in three format:

1. Video Conferencing

2. Video On Demand

3. Video Broadcast

Video traffic has very high and extremely variable packets rate with a much higher average maximum transmission unit (MTU) when comparing to Voice.

QoS Treatment:-

For classifying the Video traffic to appropriate QoS values, the device should be capable of identifying this type of traffic. We can classify the Video traffic using DSCP, the appropriate DSCP values are:

Expedited Forwarding (EF):-

Packets with EF marking will be given high priority on the network.

Cisco implements EF service under low latency queueing (LLQ). EF keeps the high-priority queue very small to control delay and to prevent starvation of lower-priority traffic. As a result, packets can drop, if the queue is full. Usually, EF is most appropriate for VoIP.

Assured Forwarding (AF):-

Cisco design guides recommend AF41 (DSCP value 100010) for video. We are not going to get bettwe advantage if we treat the Audio portion of Video conference better than the Video Packets. Therefore, use AF41 as the DSCP value for both voice and video media in a video conference.

Below is the sample QoS configuration for Video Traffic:

Creating a Access list for Video specific traffic:

Cisco#(Conf)access-list 108 permit ip any any dscp cs4

Cisco#(Conf)access-list 108 permit ip any any dscp af41

Creating Class:-

class-map Video_Conference

match access-group 108

Policy Creation :-

policy-map QoS-Policy

class Video_Conference

priority 450 30000

Attaching to WAN interface :-

Interface Multilink1

service-policy output QoS-Policy

QoS policy Monitoring in NetFlow Analyzer:

NetFlow Analyzer will be able to poll the policy applied interfaces through SNMP and can generate report on performance of QoS policy along with each class specific Pre-Policy, Post-Policy, Drop Metrics.

Cisco Mediatrace Reports :

If the routers through which these video traffic are passing through supports Cisco Medianet and Mediatrace, you will be able to monitor the performance on media rich traffic on the go. 

Click here to know about Cisco recommended QoS base lines.

Reference :-

http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080094968.shtml

For 30 Day Trial, click Download now.

Thanks and Regards

Praveen Kumar

Reach us on Facebook at NetFlow Analyzer TAC

Catch up with the latest updates in the industry, through our LinkedIn community Bandwidth Monitoring and Traffic Analysis for Enterprises

Praveen Manohar

Arun Karthik Asokan

People using NetFlow Analyzer wonder, what these reports DSCP, TOS actually means ? Here is the blog which explain more detail about these fields.

The NetFlow packets exported from the device originally contains ToS value on each flow. From the ToS value, the analyzing software derives the DSCP.

Type of Service (TOS):-

The Type of Service field is present in IP Header and it was originally defined in RFC 791.

The Type of Service octet consists of three fields. The last 3 bits ( 7,6,5) are for the first field, labeled "Precedence" , intended to denote the importance or priority of the datagram. The second field, labeled "TOS" , denotes how the network should make tradeoffs between throughput, delay, reliability, and cost.The first field, labeled "MBZ" ( for "must be zero" ) above, is currently unused. The originator of a datagram sets this field to zero (unless participating in an Internet protocol experiment which makes use of that bit). Routers and recipients of datagrams ignore the value of this field. This field is copied on fragmentation.

DSCP(Differentiated Service Code Point)

The definition to ToS was entirely changed in the RFC 2474 and it is now been called as Differentiated Service (DS). On the 8 fields, the upper 6 bit contains value called Differentiated Service Code Point(DSCP). The last 2 bits are used for Explicit Congestion Notification and it is defined in RFC 3168.

Given below are the interpretation of ToS and DSCP fields:

DSCP interpretation (RFC2474) :

RFC791/1349:

In DSCP the most significant three bits are directly proportional to IP Precedence, The below table explains on DSCP to IP precedence Conversion table.

NetFlow Analyzer DSCP and TOS Reports:-

NetFlow Analyzer reports on both DSCP and TOS, the DSCP report generated from NetFlow Analyzer will show each DSCP marking traffic utilization and application and conversation marked for DSCP.

The TOS report will show corresponding ToS values for each DSCP.

Reference:- http://bogpeople.com/networking/dscp.shtml

Click here to know about Cisco recommended QoS base lines. 

For 30 Day Trial, click Download now.

Thanks and Regards

Praveen Kumar

Reach us on Facebook at NetFlow Analyzer TAC

Catch up with the latest updates in the industry, through our LinkedIn community Bandwidth Monitoring and Traffic Analysis for Enterprises

Praveen Manohar

Enterprise Devices like Citrix Netscaler, Sonicwall are started supporting AppFlow export. What this AppFlow export really means?

AppFlow:-

AppFlow is a new flow export standard for finding data pertaining to applications & transactions in the network infrastructure. It gives greater visibility to Application traffic utilization and performance.

AppFlow addresses the following requirements of Application Performance Management:

• No need for Costly equipment for Application Optimization.

• Cloud Compatible

• Standard flow export

AppFlow Design:-

The AppFlow exported from a device has 2 parts:

• TCP based network Information

• Application Layer data

To know more about AppFlow, click here.

Are you using Netscaler device in your environment ? And eager to see the benefits of AppFlow reporting in ManageEngine NetFlow Analyzer, then you are on right place, here on this blog you can find AppFlow configuration on Netscaler Device.

AppFlow Export on the Netscaler device can be configured in 2 ways, GUI and CLI. The blog contains both configuration methodology.

AppFlow Configuration on Netscaler:

The configuration of AppFlow on the Citrix Netscaler contains following secitions:

1. AppFlow Feature Enabling

2. AppFlow Settings

3. Adding AppFlow Collector

4. Creating AppFlow Action

5. Creating AppFlow Policies

6. Appending the Policy created Globally or individual Virtual Servers.

GUI Configuration:-

AppFlow Feature Enabling:

To Enable AppFlow feature on the Netscaler device through GUI.

Navigate to System  Settings  Configure Advances Features  AppFlow

AppFlow Settings:

In this section, we can define which information has to be exported to ManageEngine NetFlow Analyzer.

Click System  AppFlow  Change AppFlow Settings

Adding AppFlow Collector:

Here we need to specify external collector details. Navigate to System  AppFlow  Collectors  Add

Creating AppFlow Action :

Navigate to System  AppFlow  Action  Add

Creating AppFlow Policies:

Click System  AppFlow  Policies  Add

The policy created need to appended globally or to individual server for data collection. For this System  AppFlow  AppFlow policy manager.

CLI based Configuration:-

We need to apply set of commands on CLI configuration wizard to enable AppFlow on the Netscaler:

Commands:-

Netscaler# enable feature AppFlow

Netscaler# set appflow param -httpUrl ENABLED -httpReferer ENABLED -httpMethod ENABLED -httpHost ENABLED -httpUserAgent ENABLED -clientTrafficOnly YES

Netscaler# add appflow collector “NetFlow Analyzer” –IPAddress 192.168.1.100 – port 9996

Netscaler# add appflow action af_act_netflowanalyzer -collectors "NetFlow Analyzer"

Netscaler# add appflow policy af_pol_log-all true af_act_NetFlowAnalyzer

Netscaler# bind system global -policyName af_pol_log-all -priority 100 -gotoPriorityExpression

AppFlow Reporting in NetFlow Analyzer :-

Screenshots below explains the reports that you can extract from AppFlow records in NetFlow Analyzer.

For 30 Day Trial, click Download now.

Thanks and Regards

Praveen Kumar

Enterprises as well as service providers typically use a single IP network to carry data, voice and video traffic, be it business critical or otherwise. When different applications, which include mission critical, bulk data, scavenger traffic and latency sensitive applications like voice and video, converge over the same link, application delivery takes a hit. Congestion, delay and packet loss seriously impacts the performance of your business applications and affects the quality of your voice and video calls.

A well designed Quality of Service (QoS) is a key factor in ensuring optimal application performance and service delivery in converged networks. QoS, available in almost all Cisco switching and routing platforms, can help control data loss during congestion, prioritize rich-media traffic and provide the right network resources to applications using the network. Despite its many advantages, QoS is still not widely implemented due to many considering it as complex to design and difficult to validate.

Join complimentary webinar titled 'QoS Design and Validation for Enterprise Networks' presented by ManageEngine & Cisco, to understand the need for QoS, its design and implementation.

Ken Briley, from Cisco Systems, will demystify QoS by explaining QoS design principles, application control using QoS and monitoring QoS. Don Thomas Jacob, from the ManageEngine team will talk about how you can use NetFlow Analyzer to monitor and validate your QoS policy performance. These insights should help you create a high performance network which is robust and efficient and ensures application delivery. The key details about the webinar are as follows: 

Title :- QoS Design and Validation for Enterprise Networks

Presenters :- Ken Briley(Technical lead, Cisco SYstems) & Don Thomas Jacob(Technical Marketing Engineer, ManageEngine)

Date & Time :- 12th April 2012, 11 AM Eastern Time(8 AM Pacific Time, 4 PM London, 7 PM Dubai) 

Register :- Here