Netflow

Aug 11 2009   6:40AM GMT

Manage Engine releases Netflow Analyzer 7.5

Posted by: Yasir Irfan
Networking, Manage Engine Netflow Analyzer 7.5, Cisco IOS, Cisco Netflow, NetFlow Analyzer, Scrutinizer net flow analyzer, Manage Engine Net flow analyzer, sFlow, Network Monitoring, You Tube, Router Monitoring, Cisco 6500 Netflow, LAN Bandwitdh, Network Security, Custom Net Flow Reports, Netflow Reports, Cisco IOS NetFlow, Monitor, Router, Network, Administration, Network Traffic, Cisco Systems Inc., Netflow, Site-to-Site traffic monitoring, Network Bandwidth Monitoring

 

In one of my past posts, I mentioned about the Scrutinizer netflow analyzer, still I am testing some more netflow analyzers . Manage Engine recently released the latest version of its Manage Engine Netflow Analyzer 7.5.

 

So I though let me try the demo version of Manage Engine Netflow Analyzer 7.5, the new version features a customizable administrator dashboards allows an IT administrator to monitor the critical parts of the network infrastructure.

 

The new  Manage Engine Netflow Analyzer 7.5 ‘s Site-to-Site traffic monitoring capability helps businesses track network traffic patterns between separate physical locations, ensuring business-critical applications have the right amount of bandwidth allocated for maximum performance. This level of understanding is vital for the day-to-day performance of existing applications, as well as for planning infrastructure growth. It is also key to IT departments that chargeback business units for the volume of network traffic generated, and for service providers who bill customers based on volume and speed.

 

Some of the features of Manage Engine  Netflow Analyzer 7.5 are as follows

Network Bandwidth Monitoring Bandwidth Reporting Netflow Monitoring Network Traffic Analysis Site to site traffic monitoring

Application Performance Optimization Network Security Netflow Reporting Automating Reports Customizable Dashboard

 

The Manage Engine Netflow Analyzer 7.5 is worth trying the demo version for 30 days.  The good thing about the Manage Engine Netflow Analyzer 7.5 is the enhanced reporting tool, customizable dash board and ease to manage and install.

Jun 17 2009   7:56AM GMT

Scrutinizer NetFlow analyzer simple and easy to manage

Posted by: Yasir Irfan
Networking, Cisco IOS, Cisco Netflow, NetFlow Analyzer, Scrutinizer net flow analyzer, Manage Engine Net flow analyzer, sFlow, Network Monitoring, You Tube, Router Monitoring, Cisco 6500 Netflow, LAN Bandwitdh, Network Security, Custom Net Flow Reports, Netflow Reports, Cisco IOS NetFlow, Monitor, Router, Network, Administration, Network Traffic, Cisco Systems Inc., Netflow

 

It’s my habit to always  try something new or some interesting. As we have a huge project coming up, hence  I am in the process of testing many windows supported netflow analyzers.  Since I am aware of Manage Engine Netflow analyzer I thought for a change let me start over with Scrutinizer netflow analyzer.

I just went to the Scrutinizer web site and downloaded the latest Scrutinizer netflow analyzer; there support seems to be good, the moment I downloaded the  Scrutinizer netflow analyzer;  I received an email offering a trial key with few faqs of the Scrutinizer netflow analyzer.

  Continued »

Dec 3 2008   5:58AM GMT

Switching Secrets for Multimedia by TechWise TV

Posted by: Yasir Irfan
Switches, Switching, Routing and Switching, VSS, Netflow, Cisco Learning, Cisco News, Cisco Systems, Cisco Events, Switching Secrets, Cisco Virtual Switching System, PISA, TechWise TV

Dear Friends here is one more opportunity from Cisco Systems TechWise TV which reveals how to use the techniques, tools and innovations you might already have to effectively support rich communication and full service video without adding bandwidth. 

Industry

Large Corporations Mid Size / Enterprise Business

Who Should Attend

Technology decision makers.

Details

TechWiseTV Switching Secrets for Multimedia Thursday, December 18, 2008, 10–11 a.m. Pacific Time, 1–2 p.m. Eastern Time As networks become vital for connecting people and processes, full-service video and other rich media communications are quickly gaining adoption. In this environment, your network foundation becomes more important than ever. This TechWiseTV episode will show you how to make the most of the switching technologies you might already have to achieve the performance you need. Carl Solder, Cisco Distinguished Marketing Engineer and one of only four Distinguished Switch Engineers in the world, joins TechWiseTV to reveal the valuable techniques, tools, and innovations that can help you make the most of your switching investments. Discover how rich multimedia is affecting switch and network design. Find out how to architect a real-time network to support rich communication and full-service video through extensive whiteboarding sessions. Learn the most overlooked and underpublicized secrets for effective core security as well as:   How to use Generic Online Diagnostics (GOLD), NetFlow, and other built-in tools to identify and eliminate the sources of jitter   What makes a switch truly “stackable” and why the distinction is vitally important   How to use the Programmable Intelligent Services Accelerator (PISA) to achieve effective Layer 4–7 security   How to take advantage of the Cisco Virtual Switching System (VSS) to maximize availability, scalability, management, and ease of maintenance Live Q&A Our expert guests will be available to answer your switching questions during the broadcast.

Agenda

Segment 1: “A Switch Is Just a Switch, Right?” Segment 2: Enhancing Core Security Segment 3: Maximizing Redundancy Segment 4: Switch and Network Design for Rich Media

Cisco only privacy policy: You are being invited to attend a Cisco-sponsored event. By providing your contact details, a representative may contact you regarding this event. All personal information will be handled in accordance with Cisco’s privacy notice. http://www.cisco.com/en/US/swassets/sw293/privacy_statement.html

 

Register

Jun 28 2008   12:25PM GMT

How to configure ASA/PIX firewall to collect Net flow data from an external router to the netflow collector located in Inside Network.

Posted by: Yasir Irfan
Networking, Cisco, Routers, Network Documentation Policy, ASA/PIX, Netflow, PIX 525

This article provides an example of Net flow configurations in a Cisco Router, ASA/PIX firewall to collect the Net flow data in the internal network.

Components Uses
The information in this document is based on following hardware and software versions
• Cisco Router 3745 – IOS version 12.3(17b. (Network 192.168.10.0)
• PIX 525 7.0.3 ( ASA can also be used) (Internal 10.0.0.2)
• Manage Engine Net flow Analyzer 6 ( Any net flow collector can be used)(

In this example let’s start by configuring Net flow in a Cisco Router

Cisco Router Configuration
Here the IP address for the interface is 192.168.10.1

Enabling Net flow in an Interface
Enter global configuration mode on the router and issue the following commands for each interface on which you want to enable Net Flow:

interface {interface} {interface_number}
ip route-cache flow
bandwidth
exit

After applying the commands the example will be as follows
router3745#configure terminal
router-3745(config)#interface FastEthernet 0/1
router-3745(config)#ip address 192.198.10.1 255.255.255.240
router-3745(config-if)#ip route-cache flow
router-3745(config-if)Bandwidth 1000
router-3745(config-if)#exit

Exporting NetFlow Data

Issue the following commands to export Net Flow data to the server on which NetFlow Analyzer is running:

ip flow-export destination {hostname|ip_address} 9996 ( Exports the NetFlow cache entries to the specified IP address. Use the IP address of the NetFlow Analyzer server and the configured NetFlow listener port. The default port is 9996. )

ip flow-export source {interface} {interface_number} (Sets the source IP address of the NetFlow exports sent by the device to the specified IP address. NetFlow Analyzer will make SNMP requests of the device on this address.)

ip flow-export version 5 [peer-as | origin-as] (Sets the NetFlow export version to version 5. Version 5,7 & 9 are available)

ip flow-cache timeout active 1 (Breaks up long-lived flows into 1-minute fragments. You can choose any number of minutes between 1 and 60. If you leave it at the default of 30 minutes your traffic reports will have spikes.It is important to set this value to 1 minute in order to generate alerts and view troubleshooting data.)

ip flow-cache timeout inactive 15 (Ensures that flows that have finished are periodically exported. The default value is 15 seconds. You can choose any number of seconds between 10 and 600. )

snmp-server ifindex persist (Enables ifIndex persistence (interface names) globally. This ensures that the ifIndex values are persisted during device reboots.)

The following example shows the above mentioned commands

router-3745(config)#ip flow-export destination 192.168.10.5 9996
router-3745(config)#ip flow-export source FastEthernet 0/1
router-3745(config)#ip flow-export version 5
router-3745(config)#ip flow-cache timeout active 1
router-3745(config)#ip flow-cache timeout inactive 15
router-3745(config)#snmp-server ifindex persist
router-3745(config)#^Z

Issue the following commands in normal (not configuration) mode to verify whether NetFlow export has been configured correctly:

show ip flow export (Shows the current NetFlow configuration)
show ip cache flow (These commands summarize the active flows and give an indication of how much NetFlow data the device is exporting

router-3745#show ip flow export
router-3745#show ip cache flow

The next step is make a Natting in ASA/PIX

pix-525# configure t
pix-525# (config)# static (inside,outside) 192.168.10.5 10.0.0.6 netmask 255.255.255.255 dns

In order to export to the netflow statistics to the netflow analyzer located in the internal network we have configure the following access-list and apply it to outside interface to allow the Netflow traffic

pix-525# configure t
pix-525# (config)#access-list NETFLOW extended permit udp any host 192.168.10.5 eq 9996
pix-525# (config)#access-list NETFLOW extended permit tcp any any

Apply the created access-list to the outside interface
pix-525# (config)#access-group NETFLOW in interface outside

Now install the Netflow Analyzer software and configure it to recieve the netflow statists from the external router.

Troubleshooting tips

Verify Netflow is working in Cisco Router

router-3745#sho ip cache flow
IP packet size distribution (78841980 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.003 .453 .023 .012 .008 .010 .004 .003 .003 .003 .004 .003 .003 .003 .004

512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.003 .005 .022 .021 .401 .000 .000 .000 .000 .000 .000

IP Flow Switching Cache, 278544 bytes
548 active, 3548 inactive, 4045717 added
84147818 ager polls, 0 flow alloc failures
Active flows timeout in 1 minutes
Inactive flows timeout in 15 seconds
IP Sub Flow Cache, 33416 bytes
548 active, 1500 inactive, 4045717 added, 4045717 added to flow
0 alloc failures, 0 force free
2 chunks, 14 chunks added
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
——– Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 143 0.0 2 52 0.0 0.4 12.7
TCP-FTP 255 0.0 6 100 0.0 9.0 7.2
TCP-FTPD 15010 0.0 1 63 0.0 0.6 15.4
TCP-WWW 1100665 2.5 14 607 37.7 8.2 6.9
TCP-SMTP 171448 0.3 69 633 27.3 35.8 6.2
TCP-X 723 0.0 2 245 0.0 0.4 13.0
TCP-other 1966270 4.5 21 656 95.4 11.7 6.6
UDP-DNS 56825 0.1 12 66 1.5 20.5 11.6
UDP-NTP 8 0.0 1 76 0.0 0.0 15.5
UDP-Frag 1 0.0 1 1476 0.0 0.0 15.0
UDP-other 684203 1.5 11 319 17.9 4.8 14.9
ICMP 48198 0.1 1 78 0.2 1.6 15.4
GRE 1358 0.0 183 182 0.5 50.0 4.2
IP-other 62 0.0 83 108 0.0 53.4 3.2
Total: 4045169 9.2 19 601 180.9 10.6 8.3

SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Fa0/1 192.168.10.5 Tu0 69.26.190.118 11 1705 0D96 8
Fa0/1 192.168.10.5 Tu0 65.55.111.92 06 0019 10EC 32
Fa0/1 192.168.10.5 Tu0 206.190.48.113 06 0019 714B 29

Check Nating is working in the Firewall

pix-525# show xlate
2in use, 417 most used
Global 192.168.10.5 Local 10.0.0.6

Check access -list is forwading the netflow traffic

pix-525# sho access-list NETFLOW
access-list NETFLOW; 2 elements
access-list NETFLOW line 1 extended permit udp any host 192.168.10.5 eq 9996 (hitcnt=7)
access-list NETFLOW line 2 extended permit ip any any (hitcnt=140861)

To know more about Netflow Analyzer and its configuration click this link Netflow.