Its San FranCisco this time. If you are there and if you happen to be a 'networker', you are sure to attend Cisco Live. And if you fulfill all the conditions given in the previous line, you will definitely enjoy one stall. Stall no. 219. No points for guessing whose stall that will be!! That's where the IT Management gets 'booth'ed (due to lack of an equivalent word for 'personified'). Its the ManageEngine stall!
ManageEngine will be showcasing its IT Management suite of products. With a suite of close to 25 products, ManageEngine has extensive knowledge & experience in IT Management and when we say "We understand IT Management", we mean it!
If you are looking for powerful, cost-effective solution (I know its cliched but I'm being really honest!), Stall no. 219 is certainly the place to be!
There are some surprises there, of course! Drop in to IT Management.... I mean ManageEngine!
See you @ 219
Cheers
Joe
The distributed flow collection and reporting engine gives the
Enterprise edition capability to monitor up to 20,000 interfaces and
flow rate in the range of even 60,000 flows per second. This rules out
scalability and performance related issues that might have other wise
come up with a integrated application trying to handle a large number
of interfaces and high flow rate. The features available in this
edition are also exactly what a distributed setup needs.
Tree view for devices helps group devices based on their locations (or
your preferred criteria) for easier selection by users. This way, users
do not have to search through the complete list of devices to find the
one for which bandwidth metrics are needed. Timezone based view lets
the users see reports in the time zone the device is at rather than
based on the time where the product is installed. Administrators can
also create multiple user accounts, assign devices or IP Groups to them
and also set what timezone the users view the reports in. Do visit here
to view the complete list of features available in Enterprise edition.
You can also leave behind your worries about exported NetFlow packets
using a large volume of the Internet bandwidth. The NetFlow data is
compressed using Java technology before being send from the collector
to the central server. This brings down the volume of the exported
NetFlow data to less than 20% of the actual size and helps save your
valuable Internet bandwidth for critical applications. Moreover, since
data is send over HTTPS connection, the NetFlow data is secure and even
the GUI of both the collector and central server have HTTPS enabled by
default.
Now with the central console, reports from the branches and DR sites
spread geographically are at hand. There is no more need to login into
different installations and have reports generated from each one of
them separately. You also have the option to select the interfaces
displayed in the dashboard and so at a single glance the network team
gets to see the status of highly utilized links or the status of
critical links.
All enterprises preferred uninterrupted monitoring and reporting of
critical links, applications or servers. But when the need comes to
shut down the central server for maintenance or if the central server
is down inadvertently, what can be done? The failover is the
perfect feature for this. The data stored in the central server is replicated to
a secondary central server and any time the primary server goes down,
the secondary is automatically activated after a fixed time. Thus the
fail over gives you a automatic backup and redundancy of data.
With all these features and its scalability, NetFlow Analyzer
Enterprise edition is the best suitable solution for bandwidth
monitoring and traffic analysis. Do download the Central server and
Collector from here and start your 30 day evaluation with free
technical support from our team.
A new study by Cisco suggests that "Global IP traffic will quintuple from 2008 to 2013". All the signs point to one question - Is your network bandwidth
utilized for better or worse! . Are the business critical applications getting enough bandwidth?! There comes a time, sooner or later
(preferably sooner), enterprises need to put a limit on their bandwidth
utilization and thus the costs accompanying it.
Some of the points of "concern" for enterprises would be:
Considering the growth of the internet, the increase in video traffic and P2P volume, its not a surprise that enterprises find it harder to keep a tab on the volume of traffic and the different applications that traversing their network. Of course the task is humongous and difficult, but "A task is difficult only till the day you find a solution". Today is the day and there is a solution that can do a lot.
ManageEngine NetFlow Analyzer helps you monitor bandwidth, analyze network traffic and do network forensics. It keeps you informed if the business critical applications are getting enough bandwidth, if not then why. You can view the top talkers, applications, sources and destinations in your network. Reports can be exported, scheduled and threshold violation alerts can be set.
To mention a few of the "lot":
Feel free to download now and evaluate for 30 days with free technical support!
Cheers
With the branches of an enterprise extending to various locations and connectivity between the branches being a top priority, monitoring traffic between specific sites to ensure uptime and priority for business critical traffic is also very important.
The Site to Site option under IP Groups in ManageEngine NetFlow Analyzer lets you monitor traffic between two specific sites based on IP Address or IP Network. This comes in handy to analyze who contributed to the traffic between the sites, if critical applications are indeed the ones utilizing the bandwidth and if the provided bandwidth does meet the requirement.
To explain how to use this feature and on how to interpret the data shown in the reports pertaining to the IP Group, we will make use of a simple example scenario.
Consider a network where you have a central office whose router is being monitored with NetFlow Analyzer. There are multiple branches, A, B and C, all of which communicate with one another through the main office router. Your requirement is to track the traffic specifically between Site A (192.16.1.82) and Site B (10.15.8.47).
[caption id="attachment_3371" align="alignnone" width="300" caption="Branched network"]
[/caption]
In such a circumstance, you can make use of the Site to Site option under IP Groups.
For this, create an IP Group and select the Between Sites option. Here, add the Site A (192.168.1.82) under the 'From' field and Site B (10.15.8.47) under the 'To' field. You can add additional filter options like Port/Protocol and/or DSCP fields to this IP Group which would further filter the results based on the added criteria.
In 'Site to Site' IP Groups, for traffic classification purposes, the IP Address under the 'From' field is the primary IP and so all reports will be shown in relation to this IP Address or network. So, in our scenario, the IP Address 192.16.1.82, ie. Site A, is the primary IP Address.
Data Interpretation:
Traffic IN and OUT:
Traffic is shown based on volume, speed, utilization and number of packets for the IP Group and is classified on an IN and OUT basis.
Traffic IN refers to the traffic that came into the IP Group. Site A is considered as the primary IP Address and so any traffic that comes to Site A is classified as the IN traffic for the IP Group. The OUT traffic refers to the traffic that went out of the IP Group and so traffic leaving Site A is accounted as the OUT traffic.
Application:
Application IN and OUT shows the applications that came in or went out of the IP Group and is classified the same way as Traffic IN and OUT. Applications which formed the traffic to Site A is shown under Application IN. Those applications which constituted the traffic from Site A is Application OUT as Site A is considered the primary IP Address.
Source:
The Source tab for the IP Group will show the source of traffic originating from the IP Group. When traffic flows from Site A to Site B, the source of the traffic is 192.16.1.82 and the destination of the traffic is 10.15.8.47. Since the IP under 'From' field is the primary IP Address, 192.16.1.82 will form the addresses shown the source tab.
Destination:
The Destination tab for the IP Group will show the destination of traffic reaching the IP Group. When Site A receives traffic from Site B, the source of the traffic is 10.15.8.47 and the destination of the traffic is 192.16.1.82. Since Site A is the primary IP Address, the IP Address 192.16.1.82 forms the destination address for the IP Group.
For both Source and Destination, you can click on the IP Address and drill down to find the related conversations. Source Address drill down will show the IP Address to which traffic was sent and Destination Address drill down shows the IP Addresses from where traffic originated for the IP Group.
Conversation IN and OUT:
The Conversation IN and OUT is the same as for Traffic IN and OUT. All conversations which came into the IP Group will be classified as Conversation IN and conversations which went out of the IP Group is Conversation OUT. So, Site B to Site A forms the Conversation IN and Site A to Site B forms the Conversation OUT for the IP Group.
Hope this gives you a better understanding on how to monitor traffic between various branches much more effectively and how to interpret the data in Site to Site IP Groups. Do email us at netflowanalyzer-support@manageengine.com if you have any further queries. You can download the latest version of NetFlow Analyzer from here and see the features available in NetFlow Analyzer from this link.
Regards,
Don Thomas Jacob
As the team strives to bring better features, faster, with every new release, this release is no different. Lots of new features coming your way! I thought of giving you a peek in to the new features added. I will not be elaborating on it (hence "quick peek"). The detailed blogs will follow later, of course!
Some of the features with this release are:
Monitor the bandwidth utilized, top talkers, top conversations etc. between any two departments/sites in your enterprise network. Define the site by grouping the IP addresses and you are all set to monitor site to site traffic in your network. Read more..
NetFlow Analyzer provides a whole new user experience with the customizable dashboard. Customizable dashboard allows user to add widgets of their requirement in the dashboard and view the top talkers, host, conversations, applications and more, in one quick glance. Network traffic monitoring was never this easy before! Read more..
Taking bandwidth monitoring to the next level! After the speed based billing, which was released in the previous version, comes "Volume based billing", which allows chargeback with respect to the volume of bandwidth consumed.
A click is what it takes to send the reports you are seeing to someone else! This new feature lets the user to send the screenshot of the page the user is viewing, through e-mail with just a click.
The GRE traffic in a cryptomap tunnel usually gets double counted. To avoid the double counting and thereafter caused errors in the traffic analysis, user has an option to apply GRE application filter in any interface of the user's choice.
Free Edition - with all features!
One of the common problems Network Administrators face while using ingress based NetFlow configuration is reporting of incorrect DSCP markings for the traffic going out from the WAN interfaces. This is absolutely due to the behavior of the ingress based NetFlow export configuration and this can be fixed by enabling egress based NetFlow data export.
Most of the enterprises deploy ISP provisioned circuits to its branch offices and configure output QoS markings on WAN interfaces for traffic prioritization. This ensures that business critical applications are given high priority for optimum performance. The following picture depicts a typical enterprise way of connecting branch offices and datacenters.
An Enterprise headquarters is connected to its branch offices and datacenter using an ISP circuit. The edge router in HQ is enabled with ingress based NetFlow data export. Let’s see how NetFlow Analyzer interprets QoS markings using the flow record.
As I mentioned earlier NetFlow data export is ingress based. Whenever a host with IP address 1.1.1.1 inside the LAN network starts sending data to server B in the branch office, the HQ router creates a NetFlow record in the cache with the following entries.
| Field | Src IP | Dst IP | Port | Protocol | DSCP | Src Inf | Dst Inf |
| Data | 192.168.1.2 | 10.1.10.1 | 2113 | TCP | Default | LAN – Fa0/0 | WAN-Serial0/0/0 |
In the meanwhile due to the output QoS policy configuration in the WAN interface, the DSCP code of the traffic is altered to a high priority value and routed. And this priority change is not captured in the ingress based NetFlow traffic exported to Analyzer server since the flow cache was populated before the QoS policy action. Due to this NetFlow Analyzer reports the right DSCP value for the incoming traffic on the LAN interface and since the same flow record is used to calculate the out traffic for the WAN, WAN interface does not report the prioritized DSCP value on the outgoing traffic.
This issue can be fixed by enabling egress based NetFlow data export on the routers. The NetFlow Egress Support feature allows NetFlow accounting to be implemented for egress (outgoing) traffic on an interface or sub interface. Once the egress configuration is applied, NetFlow cache is populated with the information pertaining to outgoing traffic from any particular interface. For the same example which we have discussed above, the flow record will look like
| Field | Src IP | Dst IP | Port | Protocol | DSCP | Src Inf | Dst Inf |
| Data | 192.168.1.2 | 10.1.10.1 | 2113 | TCP | AF1 | LAN – Fa0/0 | WAN-Serial0/0/0 |
As you see in the DSCP field now egress configuration reports the prioritized DSCP value since the NetFlow cache population happens after the promotion of DSCP value.
Additionally this egress based exports are also helpful to see the internal LAN IP addresses in the conversation reports, while NATing is in place on the router. Egress flows holds the local LAN IP addresses instead of the NATed IP address.
Please click here for information on configuring egress based NetFlow export. This will give you more information on pre-requisites and configuration commands. Kindly write to support@netflowanalyzer.com for your questions.
Thanks
Raj
There are many solutions to a problem, be it cleaning up your house or tidying up your network. Ok!, not all problems have many solutions!!, but almost all of them do and I'm gonna tell you two such problems now.
Note: While reading this, you might even wonder what this has got to do with your network. Read on..
Problem 1
You go home and find the house very dirty, clothes lying all around, many boxes of pizzas (many days old!), networking magazines, CD's out of the rack, coffee stains on the cushions... yada yada.. (You get the picture!). You come to the same place everyday but today you realize that it’s dirty because today there is not even enough place to rest your head.
You have two ways to solve the problem:
1. "Let the lying dirt lie" - You can move to a bigger house. On a short term, yes, this solution would be useful. But on a long run, No. It’s still going to get dirty again and eventually you'll have to move to a much bigger place. This $olution is obviously expen$ive and not a reliable one on a long run.
OR
2. Clean the house – Yea! You might even hire a maid if the idea of you cleaning the house sounds very strange to you. It is a cost effective solution and useful on the long run. You will get a space to sleep and monitor it periodically so that it never gets so dirty again.
Problem 2
You are a network administrator (no, that's not the problem!). One day you realize that there is not enough bandwidth for your business critical application on your network. The network traffic is chaotic and you wonder how it happened. There is no point pondering "how it happened" but what you should be doing is looking for a solution.
Solutions:
1. You can commission extra bandwidth pipe, say from T1 to T3. Of course, this will solve the problem for a short period. But eventually you will have the same problem and many more sequels which will cost you lots of $$.
OR
2. You can invest on a tool (highly affordable) that will help you find the "trash" applications, top talkers, etc on your network, help you get an in-depth visibility into your network traffic, gives you alerts, generates scheduled reports and the list goes on.
Make the smart choice. And start tidying up your network (and your house, if necessary)!
And if you are at the Interop, visit us at booth 1169!
Cheers
Joe
Given the fact that ManageEngine NetFlow analyzer has grown to be a well known and a very useful traffic analysis and network forensics tool, it comes as no surprise to find ourselves helping more than 3500 organizations worldwide see through their network deficiencies and fix it.
For all those who want to let it show, we have dedicated a page just for you. You can jot in the reason for being a fan, how NetFlow Analyzer has helped you save the day! It can be as short as, like Kevin Anderson puts it, "It works!", to as elaborate as ( to quote Nick Rieber) "It has helped identify our biggest bandwidth abusers, malicious applications running on the network, and an easy interface to see the network stats on our different locations."
Go on and let it show!
And if you are new to NetFlow Analyzer, you can check out what users ("fans") have said and check out the interactive demo or even test drive the solution!
Cheers
Joe
Trying to diagnose and troubleshoot network problems at the remote locations can be a tough task as your router cannot show who is consuming the bandwidth, what application is used, the hosts involved, when spikes or choke in bandwidth occurred and due to what this happened. Deploying technical staffs at all branches for monitoring purposes is not a feasible solution too.
This is where NetFlow and NetFlow Analyzer comes into the picture. Most of the Cisco devices supports NetFlow feature by default and other major vendors like HP, Riverbed, Juniper, Enterasys and so on also have a similar flow technology. NetFlow Analyzer supports not only NetFlow but most of the major flow formats. All you need to do is enable NetFlow on the devices and have them exported to your server running NetFlow Analyzer. And yes, you do not have to worry about the bandwidth taken up by NetFlow export as NetFlow itself does not utilize more than 2% to 3% of the link capacity.
You can view a live demo of the product from here. Do post your suggestions and download NetFlow Analyzer trail edition to see what more you can do with the product.
Regards,
Don Thomas Jacob
Emails are an important aspect in every organization’s business needs. Email fetching issues or delay in mail delivery triggers many questions and raising of incident tickets by almost every employee ranging from the managers to CTO’s. Ensuring the up-time of the servers running business critical applications and links that connect to these servers are a big priority for a Network Administrator.
As a Network Administrator, you would definitely look forward to monitoring your organization’s email server to know if there is any unwanted traffic originating from it or to it, if the link connected to the server has the right capacity to carry the traffic, if the provided bandwidth is being choked and which hosts are the main contributors of the traffic.
But which is the cost effective solution? That is the “million-dollar”(pun intended!) question. The answer lies in NetFlow Analyzer and its IP Group feature. NetFlow Analyzer, an all software bandwidth monitoring solution, can monitor your network bandwidth and report on traffic usage across the links. By using the IP Group feature, you can monitor specific server or even a numbers of servers and get network reports on the traffic utilization, applications contributing to the traffic, hosts involved with the traffic and etc. This helps to find if only those applications that are actually supposed to contribute traffic to server are doing so, if any unwanted applications are running on the server, which specific host is sending high volumes of traffic, if the bandwidth provided is indeed right or if there is any bandwidth choke and at what time it happens.
You can create the IP Group by including the IP Address of your mail server and associate it with the interface that carries traffic to the mail server. You can also set the IP Group speed based on the speed of the interface carrying traffic to the server or based on the maximum speed to be taken by the traffic to the server. This speed is used for calculating the utilization percentage of traffic to the server.
Creating the IP Group
The IP Group created will show the traffic based on volume, speed, utilization and packets. You can thus find if the link has the right speed to handle all the traffic to the server or if the provided speed is much higher than needed (This might not be an issue when considering the LAN traffic).
The application tab shows you what applications contributed to the traffic to or from the server. You can see if the majority of traffic that came to or went out of the server is indeed SMTP or if there are applications like maybe FTP which should never have happened or an unexpected large volume of HTTP traffic. The advantages does not stop there. You can even drill down on an application to find what hosts were using these applications and volume of traffic they contributed.
Unwanted traffic to the mail server
Who was FTPing to the mail server
Thanks and Regards,
Don Thomas Jacob
