Being a niche player in the SAAS market, Zoho brings an amazing level of engineering expertise to ManageEngine in building highly secure and scalable distributed applications. And hopefully you know, Adventnet has recently changed its name to Zoho Corp and formed three divisions namely ManageEngine, Zoho, and WebNMS.
Growing network needs complicate the job of network administrators and bring in new challenges. Network Administrators need robust,cutting-edge network management tools to quickly troubleshoot network incidents and increase the network performance. However considering the economic situation, it is very important to choose the right application which can leverage on network performance management data from multiple technologies and of course at an affordable cost.
ManageEngine NetFlow Analyzer team constantly interacts with its customers, technology companies and VARS to prioritize the road map. Whenever a new technology is introduced in the product, all existing customers see an immediate value by means of simple free upgrade instead of paying a hefty price. Here the ROI includes cutting bandwidth upgrade costs due to increased visibility using ManageEngine NetFlow Analyzer, avoid unauthorized bandwidth usage and increase the efficiency of business critical applications with almost zero implementation cost.
Multiple technologies - Single Solution:
Cisco NetFlow:
Cisco's NetFlow technology exports flow records from any IOS capable routers and switches. The exported flow records contain information about protocols, ports, source, destination IP addresses and much more.
NetFlow Analyzer provides several instant reports to monitor bandwidth including top talkers, top protocols, top conversations, and more. Apart from these pre-defined bandwidth reports, NetFlow Analyzer also includes options to search for specific bandwidth usage details based on IP address, host name, protocol, and more.
Bandwidth Monitoring without Probes
NetFlow Analyzer does network bandwidth monitoring using NetFlow. NetFlow exports are collected, correlated, and analyzed to get granular details to monitor bandwidth usage across each WAN link. There is no need for hardware probes to monitor bandwidth usage. NetFlow Analyzer is an all software solution which is suitable for both Windows and Linux.
Real-time Bandwidth Monitoring
Bandwidth monitoring reports for each interface shows the current, average, and peak bandwidth usage patterns across each NetFlow-enabled interface. With these bandwidth usage statistics you can get instant visibility into how much bandwidth was used up by hosts, applications, and conversations across a specific interfaces.
Application-wise Bandwidth Distribution
To monitor bandwidth utilized by different applications, NetFlow Analyzer gives you instant visibility into which applications are using up maximum bandwidth. You can also drill down to see the top sources, destinations and conversations using the bandwidth. With such granular detail, network troubleshooting and problem resolution take far less time than with traditional tools.
Cisco NBAR:
Cisco NBAR (Network Based Application Recognition) engine runs on the IOS and does deep packet inspection to identify applications riding on regular ports. For example TCP 80 can be identified as kazza2, BitTorrent, Napster etc. The respective utilization, volume and speed can be polled through SNMP protocol over time.
NBAR reports are very useful to set the Quality of Service (CB-QoS) policies. NBAR and QoS policies can work together to prevent bandwidth stealing applications and increase the efficiency of business critical applications.
Cisco CB-QoS (Class Based - Quality of Service):
We have discussed a lot about deploying CB-QoS policies for improved network performance. You can find CB-QoS blog series in this link. Cisco CB-QoS is the simplest way to prioritize network traffic.
Having insights over pre and post policy metrics, network administrators can modify their CB-QoS policy configuration for improved performance and to avoid any impact to business critical applications due to misconfiguration.
This is why we call ManageEngine NetFlow Analyzer is a powerful traffic analysis and forensic solution for a network of any size. Try our 30 days all feature version and write your queries to netflowanalyzer-support@manageengine.com
Thanks
Raj
One of the common problems Network Administrators face while using ingress based NetFlow configuration is reporting of incorrect DSCP markings for the traffic going out from the WAN interfaces. This is absolutely due to the behavior of the ingress based NetFlow export configuration and this can be fixed by enabling egress based NetFlow data export.
Most of the enterprises deploy ISP provisioned circuits to its branch offices and configure output QoS markings on WAN interfaces for traffic prioritization. This ensures that business critical applications are given high priority for optimum performance. The following picture depicts a typical enterprise way of connecting branch offices and datacenters.
An Enterprise headquarters is connected to its branch offices and datacenter using an ISP circuit. The edge router in HQ is enabled with ingress based NetFlow data export. Let’s see how NetFlow Analyzer interprets QoS markings using the flow record.
As I mentioned earlier NetFlow data export is ingress based. Whenever a host with IP address 1.1.1.1 inside the LAN network starts sending data to server B in the branch office, the HQ router creates a NetFlow record in the cache with the following entries.
| Field | Src IP | Dst IP | Port | Protocol | DSCP | Src Inf | Dst Inf |
| Data | 192.168.1.2 | 10.1.10.1 | 2113 | TCP | Default | LAN – Fa0/0 | WAN-Serial0/0/0 |
In the meanwhile due to the output QoS policy configuration in the WAN interface, the DSCP code of the traffic is altered to a high priority value and routed. And this priority change is not captured in the ingress based NetFlow traffic exported to Analyzer server since the flow cache was populated before the QoS policy action. Due to this NetFlow Analyzer reports the right DSCP value for the incoming traffic on the LAN interface and since the same flow record is used to calculate the out traffic for the WAN, WAN interface does not report the prioritized DSCP value on the outgoing traffic.
This issue can be fixed by enabling egress based NetFlow data export on the routers. The NetFlow Egress Support feature allows NetFlow accounting to be implemented for egress (outgoing) traffic on an interface or sub interface. Once the egress configuration is applied, NetFlow cache is populated with the information pertaining to outgoing traffic from any particular interface. For the same example which we have discussed above, the flow record will look like
| Field | Src IP | Dst IP | Port | Protocol | DSCP | Src Inf | Dst Inf |
| Data | 192.168.1.2 | 10.1.10.1 | 2113 | TCP | AF1 | LAN – Fa0/0 | WAN-Serial0/0/0 |
As you see in the DSCP field now egress configuration reports the prioritized DSCP value since the NetFlow cache population happens after the promotion of DSCP value.
Additionally this egress based exports are also helpful to see the internal LAN IP addresses in the conversation reports, while NATing is in place on the router. Egress flows holds the local LAN IP addresses instead of the NATed IP address.
Please click here for information on configuring egress based NetFlow export. This will give you more information on pre-requisites and configuration commands. Kindly write to support@netflowanalyzer.com for your questions.
Thanks
Raj
The drive for QoS has become very strong in recent years because of evolving needs for enterprises to carry different types of services including voice, video, streaming music, web pages and email on a single link. One of the most complex tasks of a network architect is to design a robust network and also ensure the quality of end to end applications delivered across branch locations and data centers.
Quality of Service refers to the ability to provide better treatment for some applications over other services in the network. The primary goal of implementing QoS in business critical networks includes priority routing for critical applications through dedicated bandwidth, controlling jitter and latency. Now a day’s most of the enterprises rely on the service provider network for their day to day branch office transactions.
Typically, networks operate on the basis of best-effort delivery, in which all traffic has an equal priority and an equal chance of being delivered. When congestion results, all traffic have an equal chance of being dropped. QoS selects network traffic, prioritizes it according to its relative importance and uses congestion avoidance to provide priority-indexed treatment. Configuring QoS can also limit the bandwidth used by non critical network traffic and so makes network performance more predictable and bandwidth utilization much more effective.
Configuring and validating quality of service involve four steps.
A. Application discovery and grouping
B. Implementing Quality of Service (QoS)
C. Verification of QoS treatment for interested traffic
D. Validating QoS configuration for application performance
This blog focuses on application discovery and grouping of similar type of applications.
Application discovery and grouping:
To apply QoS policies, it is very important to identify applications that are competing for bandwidth. NetFlow and NBAR is an excellent data source to identify most of the applications. NetFlow exports consist of port and protocol information which can be mapped to a well known application conversation. Cisco embeds NBAR (Network Based Application Recognition) engine that can identify traffic up to the application layer. It is extremely useful in identifying peer-to-peer applications.
ManageEngine NetFlow Analyzer is a unique blend of NetFlow and NBAR technologies. In addition to static NetFlow based port and protocol application detection, it also supports NBAR to identify most of the peer-to-peer applications.
Application identified through NetFlow data export
NetFlow port and protocol based application detection:
NetFlow Analyzer maintains the port and protocol mapping for more than 1500 applications for application classification. Additionally it is also possible to map new applications that are running on particular IP address/range or a range of ports. These applications can be grouped into single application. For example, the user can classify all the database applications like Oracle, MySql, MS-Sql in to one group called the database group.
Application distribution graph over time
NBAR (Network Based Application Recognition)
Intelligent application classification by examining the data payload helps ensure the network bandwidth is used efficiently by working with QoS feature. Unlike NetFlow, which relies on port & protocol for application categorization, NBAR approach is useful in dealing with malicious software using known ports to fake being “priority traffic”, as well as non-standard applications using non-determinant ports. The biggest advantage in using NetFlow Analyzer is that the user can enable NBAR on the fly from the web GUI for instant visibility and can it turn off at peak times to save CPU cycles for routing.NBAR is supported in most Cisco switches and routers and values are retrieved through SNMP. It is possible to identify applications like Kazaa, Edonkey and Skype, which use dynamic ports to transfer data. NBAR does deep packet inspection of traffic to identify these applications which normally cannot be identified with NetFlow and reports on the bandwidth they occupied.
Based on the results, we can group applications under various categories. The grouping can be done as delay sensitive applications like voice or real time video in one category, applications that use high bandwidth in another and those that are tolerant to packet loss or delay can be considered as another group. In the next blog, we will discuss about implementing QoS policies for these groups of applications based on their business criticality and priority.
Raj
ManageEngine NetFlow Analyzer
Corp