With the branches of an enterprise extending to various locations and connectivity between the branches being a top priority, monitoring traffic between specific sites to ensure uptime and priority for business critical traffic is also very important.
The Site to Site option under IP Groups in Manage Engine NetFlow Analyzer lets you monitor traffic between two specific sites based on IP Address or IP Network. This comes in handy to analyze who contributed to the traffic between the sites, if critical applications are indeed the ones utilizing the bandwidth and if the provided bandwidth does meet the requirement.
To explain how to use this feature and on how to interpret the data shown in the reports pertaining to the IP Group, we will make use of a simple example scenario.
Consider a network where you have a central office whose router is being monitored with NetFlow Analyzer. There are multiple branches, A, B and C, all of which communicate with one another through the main office router. Your requirement is to track the traffic specifically between Site A (192.16.1.82) and Site B (10.15.8.47).
[/caption]
In such a circumstance, you can make use of the Site to Site option under IP Groups.
For this, create an IP Group and select the Between Sites option. Here, add the Site A (192.168.1.82) under the ‘From’ field and Site B (10.15.8.47) under the ‘To’ field. You can add additional filter options like Port/Protocol and/or DSCP fields to this IP Group which would further filter the results based on the added criteria.
In ‘Site to Site’ IP Groups, for traffic classification purposes, the IP Address under the ‘From’ field is the primary IP and so all reports will be shown in relation to this IP Address or network. So, in our scenario, the IP Address 192.16.1.82, ie. Site A, is the primary IP Address.
Data Interpretation:
Traffic IN and OUT:
Traffic is shown based on volume, speed, utilization and number of packets for the IP Group and is classified on an IN and OUT basis.
Traffic IN refers to the traffic that came into the IP Group. Site A is considered as the primary IP Address and so any traffic that comes to Site A is classified as the IN traffic for the IP Group. The OUT traffic refers to the traffic that went out of the IP Group and so traffic leaving Site A is accounted as the OUT traffic.
Application:
Application IN and OUT shows the applications that came in or went out of the IP Group and is classified the same way as Traffic IN and OUT. Applications which formed the traffic to Site A is shown under Application IN. Those applications which constituted the traffic from Site A is Application OUT as Site A is considered the primary IP Address.
Source:
The Source tab for the IP Group will show the source of traffic originating from the IP Group. When traffic flows from Site A to Site B, the source of the traffic is 192.16.1.82 and the destination of the traffic is 10.15.8.47. Since the IP under ‘From’ field is the primary IP Address, 192.16.1.82 will form the addresses shown the source tab.
Destination:
The Destination tab for the IP Group will show the destination of traffic reaching the IP Group. When Site A receives traffic from Site B, the source of the traffic is 10.15.8.47 and the destination of the traffic is 192.16.1.82. Since Site A is the primary IP Address, the IP Address 192.16.1.82 forms the destination address for the IP Group.
For both Source and Destination, you can click on the IP Address and drill down to find the related conversations. Source Address drill down will show the IP Address to which traffic was sent and Destination Address drill down shows the IP Addresses from where traffic originated for the IP Group.
Conversation IN and OUT:
The Conversation IN and OUT is the same as for Traffic IN and OUT. All conversations which came into the IP Group will be classified as Conversation IN and conversations which went out of the IP Group is Conversation OUT. So, Site B to Site A forms the Conversation IN and Site A to Site B forms the Conversation OUT for the IP Group.
Hope this gives you a better understanding on how to monitor traffic between various branches much more effectively and how to interpret the data in Site to Site IP Groups. Do email us at netflowanalyzer-support@manageengine.com if you have any further queries. You can download the latest version of NetFlow Analyzer from here and see the features available in NetFlow Analyzer from this link.
Regards,
Don Thomas Jacob
