SlideShare ist ein Scribd-Unternehmen logo

NFA - Middle East Workshop

Als PPTX, PDF herunterladen
ManageEngine, Zoho Corporation
ManageEngine, Zoho Corporation

Learn about traffic and bandwidth management.

Technologie
1 von 40
Comprehensive tool for bandwidth monitoring, traffic analytics, and network anomaly detection. ManageEngine NetFlow Analyzer
NetFlow Analyzer: Introduction A single solution for bandwidth monitoring, traffic analysis, and network anomaly detection with the following technologies.  NetFlow, sFlow, IPFIX, J-Flow, NetStream, and Appflow: For bandwidth and traffic analytics  Cisco NBAR 2  Cisco CBQoS  Cisco Medianet monitoring  Cisco Application Visibility and Control (AVC)  Monitoring on Cisco WLC  DPI
Flow of NetFlow Basics
Abstract • NetFlow is a technology developed by CISCO • Used by end user applications like Netflow Analyzer. • NetFlow deals with third layer of OSI called Network layer . • Devices : Router, switches & Firewall . • Exported using User Datagram Protocol (UDP)
Flow is defined as a unidirectional stream of packets between a source and destination . Key Fields Source ip Destination ip Source port Destination port protocol ToS byte Ifindex
Series of flows form a single datagram This flows are collected in a netflow cache and form a UDP datagram after a certain time it will be send it to collector . Important Stats : Each flow is of ~150 bytes . Each UDP datagram can carry 30 flows So totally 30 * (150 bytes ) = 4500 bytes/UDP datagram . *stats prepared wrt V5 format
Architecture Router Vs Server
Router Configuration 1. Set destination address (server where NFA is installed) 2. Set Port for NetFlow export 3. Set version of NetFlow export 4. Set time interval to export flows 5. Set Source Interface for NetFlow export 6. We should say what are all the interfaces we are going to take account Enabling NetFlow on Interfaces (all Interfaces) •Ingress •Egress For configuration: http://www.manageengine.com/products/netflow/help/cisco-netflow/cisco-ios- netflow.html
router#configure terminal router(config)#ip flow-export destination 192.168.9.101 9996 router(config)#ip flow-export source FastEthernet 0/1 router(config)#ip flow-export version 5 router(config)#ip flow-cache timeout active 1 router(config)#ip flow-cache timeout inactive 15 router(config)#snmp-server ifindex persist *router(config)#interface FastEthernet 0/1 * router(config-if)#ip flow ingress *router(config-if)#exit *repeat these commands to enable NetFlow on each interface Sample configuration for Cisco
Ingress Vs Egress Enabling ingress in an interface then it will send the "IN" data to collector . Similarly egress sends out data . Advantage of using ingress & egress commands : Instead of collecting IN andOUT data of the same interface collect only IN data or OUT data on both the interfaces present and send it to collector to get the correct stats. Then make a calculation , the ifindex1's IN will provide you two things : IN of ifindex1 and that will be the OUT of ifindex2 . similarly ifindex2's IN will be IN of ifindex2 and OUT of ifindex1 .
IN IN OUT OUT R Ingress and Egress in Detail ifindex 1 ifindex 2 Consider there is a router with two interfaces and we enabled ingress on both interfaces OUT of Ifindex 1 = IN of Ifindex 2 OUT of Ifindex2 = IN of Ifindex1
Device vs Server Device side NetFlow Cache NetFlow Exporter Server side NetFlow Collector NetFlow installed server In NetFlow Analyzer we have a in-build collector . So we don't need a physical collector equipment .
Versions V5 (Most common) V7 (Used on Cisco Catalyst switches) V9 (Template Based ) V10 ( IPFIX )
Traffic NFA Web GUI Device with Flexible NetFlow, NBAR, QoS, and IPSLA enabled Cisco WAAS with WAAS CM 4.1 or higher SNMP to collect QoS, NBAR, and IPSLA stats Web Service Management Agent (WSMA) for Cisco Mediatrace UDP NetFlow for Traffic, NBAR, and Medianet reports Via API for Cisco WAAS stats NetFlow Analyzer – Working Architecture • QoS, NBAR, IPSLA, Medianet, and Mediatrace available only for Cisco devices • Non-Cisco devices export flows including sFlow, IPFIX, and more for bandwidth and traffic reports
Data Storage • Raw Data : Storing the entire information about the traffic information. • Aggregated data : Storing the top 100 information.
Text System Requirement
Device Addition
 SNMP version 1 , version 2 and version 3.  Using SNMP to get the Device name, interface name and interface speed value.  We use Interface speed value to generate the Utilization Report. Update SNMP
 Speed/Utilization/Packets/Volume  Top Source/ Destination  Application.  Conversation.  QOS. Interface details
Groups  Device Group  Interface groups (port channel)  IP Group
Threshold violation alerts  Alerts for lower and higher threshold violations.  Alerts on interface, IP group, and interface group.  Alerts based on application, port, IP, and DSCP.  Prioritized alerts based on severity.  SNMP traps to any NMS and email alerts.
The following report formats are included by default in NetFlow Analyzer: 1. Forensic report 2. Consolidated report 3. Search report 4. Compare report 5. Capacity planning report Reports in NetFlow Analyzer
Forensic report Forensics reports are detailed reports that are generated from only the raw data collected for any selected time period.
Consolidated report
Search report
Compare reports Same interfaces for different time period Different interfaces for same time period
Capacity planning Capacity Planning Report
Usage-based billing  Volume and speed based billing.  Alerts and automatically emails reports on usage or bill plan.  Charge back customers, departments, or projects for bandwidth usage.  On-demand utilization report for a bill plan.
Schedule reports  Schedule all reports available in NetFlow Analyzer.  Schedule daily, weekly, and monthly reports.  Separate schedule for interface, IP group, and interface Group.  Automatic emailing of all reports based on user-defined schedules.
Attacks  Leverages flow data.  Real-time pattern matching.  Identifies suspicious traffic, scans, bad source and destination, and DoS attacks.  Alerts based on each problem algorithm.
Application visibility and control (NBAR 2) Application visibility and control is the combination of multiple technologies found on Cisco devices. Cisco AVC is capable of: 1. Providing better application visibility 2. Validating QoS policies 3. Providing HTTP URL traffic information 4. Providing application response time (ART) reports
Application response time
Get traffic data and app traffic based on access point. Report on SSID and connected clients. Controller-based reports. Cisco WLC
WLC clients
Traffic Shaping
Text Text Text
NetFlow Analyzer editions Essential edition  Single installation product  Handle 1,000 interfaces  Scale up to 50,000 flows per second Distributed edition  Distributed architecture with Central and Collector  Handle 1,000 interfaces per Collector  Scale up to 50,000 flows per second  Comes with all add-ons bundled except High Performance.
Thank you.

Empfohlen

How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco Routers
SolarWinds
 
Internet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom PasekaInternet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom Paseka
MyNOG
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Open Networking Summit
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
MyNOG
 
Building the Internet of Things with Thingsquare and Contiki - day 1, part 2
Building the Internet of Things with Thingsquare and Contiki - day 1, part 2Building the Internet of Things with Thingsquare and Contiki - day 1, part 2
Building the Internet of Things with Thingsquare and Contiki - day 1, part 2
Adam Dunkels
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
MyNOG
 
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
Adam Dunkels
 
Ipx protocol slide share
Ipx protocol slide shareIpx protocol slide share
Ipx protocol slide share
MUHAMMED SIDIBEH
 

Empfohlen

How to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco RoutersHow to Configure NetFlow v5 & v9 on Cisco Routers
How to Configure NetFlow v5 & v9 on Cisco Routers
SolarWinds
 
Internet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom PasekaInternet Noise (A Story About Two Little Subnets - Tom Paseka
Internet Noise (A Story About Two Little Subnets - Tom Paseka
MyNOG
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAMNext-gen Network Telemetry is Within Your Packets: In-band OAM
Next-gen Network Telemetry is Within Your Packets: In-band OAM
Open Networking Summit
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF ChuiNext Generation DDoS Services – can we do this with NFV? - CF Chui
Next Generation DDoS Services – can we do this with NFV? - CF Chui
MyNOG
 
Building the Internet of Things with Thingsquare and Contiki - day 1, part 2
Building the Internet of Things with Thingsquare and Contiki - day 1, part 2Building the Internet of Things with Thingsquare and Contiki - day 1, part 2
Building the Internet of Things with Thingsquare and Contiki - day 1, part 2
Adam Dunkels
 
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo ChengThe Stories of IXP Development and the Way Forward by Che-Hoo Cheng
The Stories of IXP Development and the Way Forward by Che-Hoo Cheng
MyNOG
 
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
Advanced Internet of Things firmware engineering with Thingsquare and Contiki...
Adam Dunkels
 
Ipx protocol slide share
Ipx protocol slide shareIpx protocol slide share
Ipx protocol slide share
MUHAMMED SIDIBEH
 
CapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionCapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet Inspection
Chris Harrington
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li In
mhaviv
 
A week with analysing RPKI status
A week with analysing RPKI statusA week with analysing RPKI status
A week with analysing RPKI status
APNIC
 
Linux firewall
Linux firewallLinux firewall
Linux firewall
chanmyaeag
 
Wireshark
WiresharkWireshark
Wireshark
Kasun Madusanke
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry Services
MyNOG
 
Iuwne10 S02 L06
Iuwne10 S02 L06Iuwne10 S02 L06
Iuwne10 S02 L06
Ravi Ranjan
 
The Need for Complex Analytics from Forwarding Pipelines
The Need for Complex Analytics from Forwarding Pipelines The Need for Complex Analytics from Forwarding Pipelines
The Need for Complex Analytics from Forwarding Pipelines
Netronome
 
Software Define Network (SDN) and Openflow
Software Define Network (SDN) and OpenflowSoftware Define Network (SDN) and Openflow
Software Define Network (SDN) and Openflow
KHNOG
 
Packet Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-logPacket Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-log
Rafat Khandaker
 
OpenContrail Cloudwatt Feedback
OpenContrail Cloudwatt FeedbackOpenContrail Cloudwatt Feedback
OpenContrail Cloudwatt Feedback
ethuleau
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
Michelle Holley
 
BKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSBKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoS
APNIC
 
Multi-operator "IPC" VPN Slices: Applying RINA to Overlay Networking
Multi-operator "IPC" VPN Slices: Applying RINA to Overlay NetworkingMulti-operator "IPC" VPN Slices: Applying RINA to Overlay Networking
Multi-operator "IPC" VPN Slices: Applying RINA to Overlay Networking
ARCFIRE ICT
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developments
Pavel Odintsov
 
Consultech International:PacketViper Solution
Consultech International:PacketViper SolutionConsultech International:PacketViper Solution
Consultech International:PacketViper Solution
Consultech International
 
Wifi api android
Wifi api androidWifi api android
Wifi api android
Tim ArtLaw
 
Ipv6 - Hamzeh Al-Qudah
Ipv6 - Hamzeh Al-QudahIpv6 - Hamzeh Al-Qudah
Ipv6 - Hamzeh Al-Qudah
Hamza Al-Qudah
 
Reflexive Access List
Reflexive Access ListReflexive Access List
Reflexive Access List
NetProtocol Xpert
 
Route Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for OperatorsRoute Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for Operators
Bangladesh Network Operators Group
 
Manageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An InsightManageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An Insight
Sai Sundhar Padmanabhan
 
Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowApplication Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible Netflow
Cisco DevNet
 

Weitere ähnliche Inhalte

Was ist angesagt?

Consultech International:PacketViper Solution
Consultech International:PacketViper SolutionConsultech International:PacketViper Solution
Consultech International:PacketViper Solution
Consultech International
 
Wifi api android
Wifi api androidWifi api android
Wifi api android
Tim ArtLaw
 

Was ist angesagt? (20)

CapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet InspectionCapAnalysis - Deep Packet Inspection
CapAnalysis - Deep Packet Inspection
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li In
 
A week with analysing RPKI status
A week with analysing RPKI statusA week with analysing RPKI status
A week with analysing RPKI status
 
Linux firewall
Linux firewallLinux firewall
Linux firewall
 
Wireshark
WiresharkWireshark
Wireshark
 
The Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry ServicesThe Next Generation Internet Number Registry Services
The Next Generation Internet Number Registry Services
 
Iuwne10 S02 L06
Iuwne10 S02 L06Iuwne10 S02 L06
Iuwne10 S02 L06
 
The Need for Complex Analytics from Forwarding Pipelines
The Need for Complex Analytics from Forwarding Pipelines The Need for Complex Analytics from Forwarding Pipelines
The Need for Complex Analytics from Forwarding Pipelines
 
Software Define Network (SDN) and Openflow
Software Define Network (SDN) and OpenflowSoftware Define Network (SDN) and Openflow
Software Define Network (SDN) and Openflow
 
Packet Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-logPacket Tracer: SNMP, Netflow, Sys-log
Packet Tracer: SNMP, Netflow, Sys-log
 
OpenContrail Cloudwatt Feedback
OpenContrail Cloudwatt FeedbackOpenContrail Cloudwatt Feedback
OpenContrail Cloudwatt Feedback
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
 
BKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoSBKNIX Peering Forum 2017: Community tools to fight DDoS
BKNIX Peering Forum 2017: Community tools to fight DDoS
 
Multi-operator "IPC" VPN Slices: Applying RINA to Overlay Networking
Multi-operator "IPC" VPN Slices: Applying RINA to Overlay NetworkingMulti-operator "IPC" VPN Slices: Applying RINA to Overlay Networking
Multi-operator "IPC" VPN Slices: Applying RINA to Overlay Networking
 
BGP FlowSpec experience and future developments
BGP FlowSpec experience and future developmentsBGP FlowSpec experience and future developments
BGP FlowSpec experience and future developments
 
Consultech International:PacketViper Solution
Consultech International:PacketViper SolutionConsultech International:PacketViper Solution
Consultech International:PacketViper Solution
 
Wifi api android
Wifi api androidWifi api android
Wifi api android
 
Ipv6 - Hamzeh Al-Qudah
Ipv6 - Hamzeh Al-QudahIpv6 - Hamzeh Al-Qudah
Ipv6 - Hamzeh Al-Qudah
 
Reflexive Access List
Reflexive Access ListReflexive Access List
Reflexive Access List
 
Route Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for OperatorsRoute Origin Validation With Routinator - A MANRS Approach for Operators
Route Origin Validation With Routinator - A MANRS Approach for Operators
 

Ähnlich wie NFA - Middle East Workshop

Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowApplication Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible Netflow
Cisco DevNet
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
Lancope, Inc.
 
Enhancing Network Visibility Based On Open Converged Network Appliance
Enhancing Network Visibility Based On Open Converged Network ApplianceEnhancing Network Visibility Based On Open Converged Network Appliance
Enhancing Network Visibility Based On Open Converged Network Appliance
Open Networking Summit
 
NETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEW
NetFlow Analyzer
 
network monitoring system ppt
network monitoring system pptnetwork monitoring system ppt
network monitoring system ppt
ashutosh rai
 

Ähnlich wie NFA - Middle East Workshop (20)

Manageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An InsightManageengine Netflow analyzer - An Insight
Manageengine Netflow analyzer - An Insight
 
Application Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible NetflowApplication Visibility and Experience through Flexible Netflow
Application Visibility and Experience through Flexible Netflow
 
NetFlow Analyzer Training Part I: Getting the initial settings right
NetFlow Analyzer Training Part I: Getting the initial settings rightNetFlow Analyzer Training Part I: Getting the initial settings right
NetFlow Analyzer Training Part I: Getting the initial settings right
 
Export flows, group traffic, map application traffic and more: NetFlow Analyz...
Export flows, group traffic, map application traffic and more: NetFlow Analyz...Export flows, group traffic, map application traffic and more: NetFlow Analyz...
Export flows, group traffic, map application traffic and more: NetFlow Analyz...
 
Introduction to NBL
Introduction to NBLIntroduction to NBL
Introduction to NBL
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
 
Free NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings rightFree NetFlow Analyzer training - Getting the initial settings right
Free NetFlow Analyzer training - Getting the initial settings right
 
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SPKrzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
Krzysztof Mazepa - Netflow/cflow - ulubionym narzędziem operatorów SP
 
Introduction to ns3
Introduction to ns3Introduction to ns3
Introduction to ns3
 
ONS Summit 2017 SKT TINA
ONS Summit 2017 SKT TINAONS Summit 2017 SKT TINA
ONS Summit 2017 SKT TINA
 
How to configure flexible netflow export on cisco routers
How to configure flexible netflow export on cisco routersHow to configure flexible netflow export on cisco routers
How to configure flexible netflow export on cisco routers
 
Enhancing Network Visibility Based On Open Converged Network Appliance
Enhancing Network Visibility Based On Open Converged Network ApplianceEnhancing Network Visibility Based On Open Converged Network Appliance
Enhancing Network Visibility Based On Open Converged Network Appliance
 
Monitor and manage everything Cisco using OpManager
Monitor and manage everything Cisco using OpManagerMonitor and manage everything Cisco using OpManager
Monitor and manage everything Cisco using OpManager
 
NETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEWNETFLOW ANALYZER 9600 - AN OVERVIEW
NETFLOW ANALYZER 9600 - AN OVERVIEW
 
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANs
 
Free OpManager training Part3- Network performance monitoring
Free OpManager training Part3- Network performance monitoringFree OpManager training Part3- Network performance monitoring
Free OpManager training Part3- Network performance monitoring
 
Access Control List Demo
Access Control List DemoAccess Control List Demo
Access Control List Demo
 
Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1Security defined routing_cybergamut_v1_1
Security defined routing_cybergamut_v1_1
 
Network Monitoring System ppt.pdf
Network Monitoring System ppt.pdfNetwork Monitoring System ppt.pdf
Network Monitoring System ppt.pdf
 
network monitoring system ppt
network monitoring system pptnetwork monitoring system ppt
network monitoring system ppt
 

Mehr von ManageEngine, Zoho Corporation

Mehr von ManageEngine, Zoho Corporation (20)

Create seamless customer experiences
Create seamless customer experiencesCreate seamless customer experiences
Create seamless customer experiences
 
From web interface to database: Monitor what matters
From web interface to database: Monitor what mattersFrom web interface to database: Monitor what matters
From web interface to database: Monitor what matters
 
NetFlow Analyzer Free Training Series Part I - May 2020
NetFlow Analyzer Free Training Series Part I - May 2020NetFlow Analyzer Free Training Series Part I - May 2020
NetFlow Analyzer Free Training Series Part I - May 2020
 
Overcome real-time server and VM monitoring challenges
Overcome real-time server and VM monitoring challengesOvercome real-time server and VM monitoring challenges
Overcome real-time server and VM monitoring challenges
 
Modernizing Cloud and Hyperconverged Infrastructure monitoring
Modernizing Cloud and Hyperconverged Infrastructure monitoringModernizing Cloud and Hyperconverged Infrastructure monitoring
Modernizing Cloud and Hyperconverged Infrastructure monitoring
 
Deliver seamless digital experience
Deliver seamless digital experienceDeliver seamless digital experience
Deliver seamless digital experience
 
Free NetFlow Analyzer training Season 1 Part 2 - Feb 2020
Free NetFlow Analyzer training Season 1 Part 2 - Feb 2020Free NetFlow Analyzer training Season 1 Part 2 - Feb 2020
Free NetFlow Analyzer training Season 1 Part 2 - Feb 2020
 
From web interface to the database:Monitor all that matters
From web interface to the database:Monitor all that mattersFrom web interface to the database:Monitor all that matters
From web interface to the database:Monitor all that matters
 
NetFlow Analyzer Training Season 1 Part 1 - Feb 2020 - EST
NetFlow Analyzer Training Season 1 Part 1 - Feb 2020 - ESTNetFlow Analyzer Training Season 1 Part 1 - Feb 2020 - EST
NetFlow Analyzer Training Season 1 Part 1 - Feb 2020 - EST
 
NetFlow Analyzer Training Season 1 Part 1 - Feb 2020 - GMT
NetFlow Analyzer Training Season 1 Part 1 - Feb 2020 - GMTNetFlow Analyzer Training Season 1 Part 1 - Feb 2020 - GMT
NetFlow Analyzer Training Season 1 Part 1 - Feb 2020 - GMT
 
NetFlow Analyzer Product Overview
NetFlow Analyzer Product OverviewNetFlow Analyzer Product Overview
NetFlow Analyzer Product Overview
 
Monitoring cloud applications and hyperconverged infrastructure
Monitoring cloud applications and hyperconverged infrastructureMonitoring cloud applications and hyperconverged infrastructure
Monitoring cloud applications and hyperconverged infrastructure
 
Building the right website monitoring strategy
Building the right website monitoring strategyBuilding the right website monitoring strategy
Building the right website monitoring strategy
 
Unlock the value of your big data infrastructure
Unlock the value of your big data infrastructureUnlock the value of your big data infrastructure
Unlock the value of your big data infrastructure
 
Key to optimal end user experience
Key to optimal end user experienceKey to optimal end user experience
Key to optimal end user experience
 
Monitoring cloud applications and containers
Monitoring cloud applications and containersMonitoring cloud applications and containers
Monitoring cloud applications and containers
 
implementing the right website monitoring strategy
implementing the right website monitoring strategy implementing the right website monitoring strategy
implementing the right website monitoring strategy
 
Big data and non relational database
Big data and non relational databaseBig data and non relational database
Big data and non relational database
 
Visibility-from web application interface to the database
Visibility-from web application interface to the databaseVisibility-from web application interface to the database
Visibility-from web application interface to the database
 
Free OpManager training Part 4 - Monitoring Network Performance and Network Maps
Free OpManager training Part 4 - Monitoring Network Performance and Network MapsFree OpManager training Part 4 - Monitoring Network Performance and Network Maps
Free OpManager training Part 4 - Monitoring Network Performance and Network Maps
 

Kürzlich hochgeladen

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Kürzlich hochgeladen (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 

NFA - Middle East Workshop

  • 1. Comprehensive tool for bandwidth monitoring, traffic analytics, and network anomaly detection. ManageEngine NetFlow Analyzer
  • 2. NetFlow Analyzer: Introduction A single solution for bandwidth monitoring, traffic analysis, and network anomaly detection with the following technologies.  NetFlow, sFlow, IPFIX, J-Flow, NetStream, and Appflow: For bandwidth and traffic analytics  Cisco NBAR 2  Cisco CBQoS  Cisco Medianet monitoring  Cisco Application Visibility and Control (AVC)  Monitoring on Cisco WLC  DPI
  • 4. Abstract • NetFlow is a technology developed by CISCO • Used by end user applications like Netflow Analyzer. • NetFlow deals with third layer of OSI called Network layer . • Devices : Router, switches & Firewall . • Exported using User Datagram Protocol (UDP)
  • 5. Flow is defined as a unidirectional stream of packets between a source and destination . Key Fields Source ip Destination ip Source port Destination port protocol ToS byte Ifindex
  • 6. Series of flows form a single datagram This flows are collected in a netflow cache and form a UDP datagram after a certain time it will be send it to collector . Important Stats : Each flow is of ~150 bytes . Each UDP datagram can carry 30 flows So totally 30 * (150 bytes ) = 4500 bytes/UDP datagram . *stats prepared wrt V5 format
  • 8. Router Configuration 1. Set destination address (server where NFA is installed) 2. Set Port for NetFlow export 3. Set version of NetFlow export 4. Set time interval to export flows 5. Set Source Interface for NetFlow export 6. We should say what are all the interfaces we are going to take account Enabling NetFlow on Interfaces (all Interfaces) •Ingress •Egress For configuration: http://www.manageengine.com/products/netflow/help/cisco-netflow/cisco-ios- netflow.html
  • 9. router#configure terminal router(config)#ip flow-export destination 192.168.9.101 9996 router(config)#ip flow-export source FastEthernet 0/1 router(config)#ip flow-export version 5 router(config)#ip flow-cache timeout active 1 router(config)#ip flow-cache timeout inactive 15 router(config)#snmp-server ifindex persist *router(config)#interface FastEthernet 0/1 * router(config-if)#ip flow ingress *router(config-if)#exit *repeat these commands to enable NetFlow on each interface Sample configuration for Cisco
  • 10. Ingress Vs Egress Enabling ingress in an interface then it will send the "IN" data to collector . Similarly egress sends out data . Advantage of using ingress & egress commands : Instead of collecting IN andOUT data of the same interface collect only IN data or OUT data on both the interfaces present and send it to collector to get the correct stats. Then make a calculation , the ifindex1's IN will provide you two things : IN of ifindex1 and that will be the OUT of ifindex2 . similarly ifindex2's IN will be IN of ifindex2 and OUT of ifindex1 .
  • 11. IN IN OUT OUT R Ingress and Egress in Detail ifindex 1 ifindex 2 Consider there is a router with two interfaces and we enabled ingress on both interfaces OUT of Ifindex 1 = IN of Ifindex 2 OUT of Ifindex2 = IN of Ifindex1
  • 12. Device vs Server Device side NetFlow Cache NetFlow Exporter Server side NetFlow Collector NetFlow installed server In NetFlow Analyzer we have a in-build collector . So we don't need a physical collector equipment .
  • 13. Versions V5 (Most common) V7 (Used on Cisco Catalyst switches) V9 (Template Based ) V10 ( IPFIX )
  • 14. Traffic NFA Web GUI Device with Flexible NetFlow, NBAR, QoS, and IPSLA enabled Cisco WAAS with WAAS CM 4.1 or higher SNMP to collect QoS, NBAR, and IPSLA stats Web Service Management Agent (WSMA) for Cisco Mediatrace UDP NetFlow for Traffic, NBAR, and Medianet reports Via API for Cisco WAAS stats NetFlow Analyzer – Working Architecture • QoS, NBAR, IPSLA, Medianet, and Mediatrace available only for Cisco devices • Non-Cisco devices export flows including sFlow, IPFIX, and more for bandwidth and traffic reports
  • 15. Data Storage • Raw Data : Storing the entire information about the traffic information. • Aggregated data : Storing the top 100 information.
  • 17.
  • 19.  SNMP version 1 , version 2 and version 3.  Using SNMP to get the Device name, interface name and interface speed value.  We use Interface speed value to generate the Utilization Report. Update SNMP
  • 20.  Speed/Utilization/Packets/Volume  Top Source/ Destination  Application.  Conversation.  QOS. Interface details
  • 21. Groups  Device Group  Interface groups (port channel)  IP Group
  • 22. Threshold violation alerts  Alerts for lower and higher threshold violations.  Alerts on interface, IP group, and interface group.  Alerts based on application, port, IP, and DSCP.  Prioritized alerts based on severity.  SNMP traps to any NMS and email alerts.
  • 23. The following report formats are included by default in NetFlow Analyzer: 1. Forensic report 2. Consolidated report 3. Search report 4. Compare report 5. Capacity planning report Reports in NetFlow Analyzer
  • 24. Forensic report Forensics reports are detailed reports that are generated from only the raw data collected for any selected time period.
  • 27. Compare reports Same interfaces for different time period Different interfaces for same time period
  • 29. Usage-based billing  Volume and speed based billing.  Alerts and automatically emails reports on usage or bill plan.  Charge back customers, departments, or projects for bandwidth usage.  On-demand utilization report for a bill plan.
  • 30. Schedule reports  Schedule all reports available in NetFlow Analyzer.  Schedule daily, weekly, and monthly reports.  Separate schedule for interface, IP group, and interface Group.  Automatic emailing of all reports based on user-defined schedules.
  • 31. Attacks  Leverages flow data.  Real-time pattern matching.  Identifies suspicious traffic, scans, bad source and destination, and DoS attacks.  Alerts based on each problem algorithm.
  • 32. Application visibility and control (NBAR 2) Application visibility and control is the combination of multiple technologies found on Cisco devices. Cisco AVC is capable of: 1. Providing better application visibility 2. Validating QoS policies 3. Providing HTTP URL traffic information 4. Providing application response time (ART) reports
  • 34. Get traffic data and app traffic based on access point. Report on SSID and connected clients. Controller-based reports. Cisco WLC
  • 38.
  • 39. NetFlow Analyzer editions Essential edition  Single installation product  Handle 1,000 interfaces  Scale up to 50,000 flows per second Distributed edition  Distributed architecture with Central and Collector  Handle 1,000 interfaces per Collector  Scale up to 50,000 flows per second  Comes with all add-ons bundled except High Performance.