Traffic monitoring with sflow and ProCurve Manager Plus



Similar documents
Synchronizing ProCurve IDM and Windows Active Directory

How to configure 802.1X authentication with a Windows XP or Vista supplicant

IP videoconferencing solution with ProCurve switches and Tandberg terminals

How to configure MAC authentication on a ProCurve switch

How to Configure Web Authentication on a ProCurve Switch

Interoperability between Cisco Unified IP 7900 Series phones and ProCurve switches

Traffic Monitoring using sflow

Interoperability between Avaya IP phones and ProCurve switches

HP OpenView Internet Services. SNMP Integration with HP Operations Manager for Windows White Paper

USB Secure Management for ProCurve Switches

HP IMC User Behavior Auditor

Interoperability between Mitel IP Phones and ProCurve Switches

HP network adapter teaming: load balancing in ProLiant servers running Microsoft Windows operating systems

HP Device Manager 4.6

FTP Server Configuration

HP E-PCM Plus Network Management Software Series

HP Intelligent Management Center v7.1 Network Traffic Analyzer Administrator Guide

HP Device Manager 4.6

Traffic monitoring on ProCurve switches with sflow and InMon Traffic Sentinel

Network Access Control ProCurve and Microsoft NAP Integration

AlliedWare Plus OS How To Use sflow in a Network

ProCurve Networking. Troubleshooting WLAN Connectivity. Technical White paper

HP ProCurve Identity Driven Manager 3.0

HP Device Manager 4.6

HP Intelligent Management Center v7.1 Virtualization Monitor Administrator Guide

HP Device Manager 4.7

LogLogic Cisco NetFlow Log Configuration Guide

Network Immunity Solution. Technical White paper. ProCurve Networking

Integrating HP Insight Management WBEM (WMI) Providers for Windows with HP System Insight Manager

Appendix A Remote Network Monitoring

Network Traffic Analyzer

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

How to configure an Advanced Expert Probe as NetFlow Collector

HP Device Manager 4.6

HP Remote Monitoring. How do I acquire it? What types of remote monitoring tools are in use? What is HP Remote Monitoring?

HP Identity Driven Manager Software Series Overview

Flow Analysis Versus Packet Analysis. What Should You Choose?

Sharing Pictures, Music, and Videos on Windows Media Center Extender

How To Manage A Network With An Ipc (Ipc) And Ipc V2 (Ipv) On An Ipa (Ipa) On A Network On An Hp Zl (Ips) And V2 On A Pc (

Scrutinizer. Getting Started Guide. A message from Plixer International:

Using HP ProLiant Network Teaming Software with Microsoft Windows Server 2008 Hyper-V or with Microsoft Windows Server 2008 R2 Hyper-V

HP Load Balancing Module

HP LeftHand SAN Solutions

HP Auto Port Aggregation (APA) Release Notes

Release Notes: Version P.1.8 Software. Related Publications. for HP ProCurve 1810G Switches

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

HP LeftHand SAN Solutions

HP PCM Plus v4 Network Management Software Series

Flow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION CHAPTER 2 RSPAN CONFIGURATION CHAPTER 3 SFLOW CONFIGURATION...

ProCurve Switch ProCurve Switch

HP PCM Plus v3 Network Management Software Series Overview

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

Cisco ASA and NetFlow Using ASA NetFlow with LiveAction Flow Software

QuickSpecs. HP PCM Plus v4 Network Management Software Series (Retired) Key features

Brocade sflow for Network Traffic Monitoring

ProCurve Networking. Hardening ProCurve Switches. Technical White Paper

Traffic Monitoring in a Switched Environment

ProCurve Manager Plus 2.2

Using HP Systems Insight Manager to achieve high availability for Microsoft Team Foundation Server

Bluetooth Pairing. User Guide

HP LeftHand SAN Solutions

HP Operations Smart Plug-in for Virtualization Infrastructure

HP ProCurve Networking. Networking solutions for small and growing businesses

Network traffic monitoring and management. Sonia Panchen 11 th November 2010

HP LeftHand SAN Solutions

Whitepaper. NetFlow vs. sflow: A Technical Review. plixer. International

Netflow Collection with AlienVault Alienvault 2013

ProCurve Secure Access 700wl Series Wireless Data Privacy Technical Brief

A message from Plixer International:

Beyond Monitoring Root-Cause Analysis

Integration with CA Transaction Impact Monitor

Getting Started with the License Administration Workbench 2.0 (LAW 2.0)

LogLogic Cisco IPS Log Configuration Guide

Flow Monitor Configuration. Content CHAPTER 1 MIRROR CONFIGURATION CHAPTER 2 SFLOW CONFIGURATION CHAPTER 3 RSPAN CONFIGURATION...

HP IMC Firewall Manager

HP Data Protector Integration with Autonomy IDOL Server

SolarWinds Technical Reference

HP Thin Client Imaging Tool

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

HP ilo mobile app for Android

Migration from Cisco GLBP to industry standard VRRPE

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data

Using IPM to Measure Network Performance

Overview of Network Traffic Analysis

Firewall Load Balancing

HP TippingPoint Security Management System User Guide

Network Agent Quick Start

Module 1: Reviewing the Suite of TCP/IP Protocols

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

HP ProCurve 1800 Switches. Management and Configuration Guide

Emerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc.

Beyond Monitoring Root-Cause Analysis

Integrated Traffic Monitoring

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

Cisco IOS Flexible NetFlow Technology

HP JETADVANTAGE SECURITY MANAGER. Adding and Tracking Devices

HP A-IMC Firewall Manager

HP Service Manager Architecture and Security HP Software-as-a-Service

Pro Curve Networking and Adaptive EDGE Architecture

NetFlow: What is it, why and how to use it? Miloš Zeković, ICmyNet Chief Customer Officer Soneco d.o.o.

Transcription:

An HP ProCurve Networking Application Note Traffic monitoring with sflow and ProCurve Manager Plus Contents 1. Introduction... 3 2. Prerequisites... 3 3. Network diagram... 3 4. About the sflow protocol... 3 4.1 sflow history... 3 4.2 Protocol description... 4 4.3 Benefits of using sflow... 4 4.4 sflow applications... 5 5. sflow configuration on ProCurve switches... 5 5.1 Configure destination collectors... 5 5.2 View destination information... 5 5.3 Activate sampling and polling... 6 5.4 View sampling and polling statistics... 6

6. Using the PCM+ Traffic Monitor... 7 6.1 View the Traffic Monitor... 7 6.2 Specify the global port display... 8 6.3 View port metrics... 8 6.3 Other port views... 9 6. Reference documents... 11 HP ProCurve Networking 2

1. Introduction This application note presents the advantages of the sflow protocol and its implementation for traffic monitoring on ProCurve switches and ProCurve Manager Plus. 2. Prerequisites This procedure assumes you have a network containing ProCurve switches and monitored by ProCurve Manager Plus. 3. Network diagram Figure 1 details the hardware configuration referenced in this section. Figure 1. Setup for monitoring traffic flow with PCM+ and sflow The platform used to illustrate traffic monitoring consists of: One or more servers with the following services: Active Directory, DHCP, DNS, Certificate Authority, IAS ProCurve Manager Plus, latest version. Version used here is PCM+ 2.3 ProCurve switches: 5406zl, 3500yl, 2610-PWR 4. About the sflow protocol As defined in RFC 3176 written by InMon, sflow is a technology for monitoring traffic in data networks containing switches and routers. In particular, it defines the sampling mechanisms implemented in an sflow Agent for monitoring traffic, the sflow MIB for controlling the sflow Agent, and the format of sample data used by the sflow Agent when forwarding data to a central data collector. 4.1 sflow history Packet sampling has been used to monitor network traffic for over 10 years. HP first demonstrated network-wide monitoring using packet sampling at the University of Geneva and CERN at Telecom 91. This was followed by the introduction of networking products with embedded packet sampling capability HP Extended RMON in 1993. Other vendors then either implemented sflow or chose to develop proprietary packet sampling methods (e.g. Cisco Netflow). Today sflow has been accepted as a standard in the network industry. HP ProCurve Networking 3

Figure 2. History of the sflow protocol Source: www.sflow.org 4.2 Protocol description sflow operates as a combination of packet sampling and counter polling on the network equipment. Sampling: Each network switch contains an sflow agent, which reports to an sflow collector. A sampling rate, N, is defined, either for the complete agent or for a single interface. One packet out of N is captured and sent to the collector. Polling: A polling interval defines how often the sflow counters for a specific interface are sent to the collector, but an sflow agent is free to schedule polling in order maximize internal efficiency. If the regular schedule is chosen, each counter start time will be chosen differently to smooth performance. The sampled data is sent as a UDP packet to the specified host and port on the sflow collector. The default port is 6343. If counter samples are lost, new values will be sent when the next polling interval has passed. The loss of packet flow samples is a slight reduction in the effective sampling rate. The UDP payload contains the sflow datagram. Each datagram provides information about the sflow version, its originating agent s IP address, a sequence number, how many samples it contains, and usually up to 10 flow samples or counter samples. 4.3 Benefits of using sflow The advantages of using sflow include: Accuracy: sflow can be implemented in hardware (ASICs) at wire speed. Users can obtain detailed analysis of information about layer 3 though layer 7. Scalability: sflow can monitor all speeds of links, up to 10 Gbps and more. Thousands of devices can be monitored. Low cost: sflow is already implemented in most switches and routers, and can be used easily in conjunction with management platforms such as ProCurve Manager Plus and InMon. Minimal network load: sflow adds only a minimal amount to network overhead. HP ProCurve Networking 4

4.4 sflow applications Some typical sflow applications include: Traffic monitoring: sflow provides a minute-by-minute view of the traffic on the network: bandwidth used, protocols, connections, and more. Intrusion detection: sflow can help recognize network-based attacks (for example, in conjunction with the NBAD engine in ProCurve Network Immunity Manager). Route profiling: sflow can help to see the most active routes on the network. Accounting and billing: For billing purposes, sflow can provide detailed information about applications in use on the network. 5. sflow configuration on ProCurve switches This section provides command syntax for configuring sflow on a ProCurve switch. 5.1 Configure destination collectors On each switch, three destinations (collectors) can be configured: 5406zl(config)# sflow <1-3> destination <IP-addr> <udp-port-for-sflow> For example, to configure destination 1 to be 10.3.108.36: 5406zl(config)# sflow 1 destination 10.3.108.36 The default UDP port used for sflow is 6343. 5.2 View destination information To view information about a destination: 5406zl(config)# show sflow <1-3> destination For example: 5406zl(config)# show sflow 1 destination Destination Instance : 1 sflow : Enabled Datagrams Sent : 557592 Destination Address : 10.3.108.36 Receiver Port : 6343 Owner : 10.3.108.36;procurve-server.proact... Timeout (seconds) : 415 Max Datagram Size : 1400 Datagram Version Support : 5 HP ProCurve Networking 5

5.3 Activate sampling and polling To activate sampling on a set of switch ports, use: 5406zl(config)# sflow <1-3> sampling <ports-list> N Where 1/N is the number of sampled packets. N can vary between 0 (sampling disabled) and 16441700. For example: 5406zl(config)# sflow 1 sampling all 500 To activate polling on a set of switch ports: 5406zl(config)# sflow <1-3> sampling <ports-list> P Where P is the interval in seconds between two polls of counters. P can vary between 0 (polling disabled) and 16777215. 5.4 View sampling and polling statistics To view sampling and polling statistics: 5406zl(config)# show sflow 1 sampling Port Sampling Dropped Polling Enabled Rate Header Samples Enabled Interval ----- + ------- -------- ------ ---------- + ------- -------- A1 Yes(1) 60 128 0 Yes(1) 20 A23 Yes(1) 60 128 0 Yes(1) 20 A24 Yes(1) 60 128 0 Yes(1) 20 B24 Yes(1) 60 128 0 Yes(1) 20 5406zl(config)# show sflow 1 sampling A1 Port Sampling Dropped Polling Enabled Rate Header Samples Enabled Interval ----- + ------- -------- ------ ---------- + ------- -------- A1 Yes(1) 60 128 0 Yes(1) 20 HP ProCurve Networking 6

6. Using the PCM+ Traffic Monitor You can use the ProCurve Manager Plus Traffic Manager, with its built-in Traffic Monitor, to monitor network traffic. Traffic monitoring is set to run automatically, with the capability for simultaneously performing statistics polling and sflow sampling. 6.1 View the Traffic Monitor The ProCurve Manager Plus Traffic Monitor is accessed from the Traffic tab when clicking on a network equipment or on a group of network equipment: In the Traffic tab on the left side, the top ports are listed for different categories: Utilization, Frames/Sec, Broadcasts/Sec, Multicasts/Sec, and Errors/Sec. HP ProCurve Networking 7

6.2 Specify the global port display To set the number of top X ports you want to list for each category, go to Preferences > Traffic. You see the Global Traffic window: This window lets you can also enable/disable traffic monitoring, choose the monitoring mode (sampling and polling, or polling only), and control logging (on critical or warning violations). 6.3 View port metrics Clicking on a port in the traffic view displays metrics (for example, utilization) for that port on the right side of the window. You have two charts: Rx and Tx, indicating received and transmitted traffic on the port. The bottom part of the traffic view lists all the ports of the chosen device or group, even the inactive ones. To view only active ports, click to disable Show Inactive Ports. HP ProCurve Networking 8

6.3 Other port views If you right-click on a port in the left or bottom pane you can choose between several views: The views include: Port Top Talkers: Gives a view of the protocols and connections that generate the most traffic on the port at a given time. You can obtain the view by connections, destinations, sources or protocols: Port summary: Gives more precise figures on port statistics, threshold violations, and other information about the port or device: HP ProCurve Networking 9

Configure thresholds: Enables you to set the limits for warning and critical thresholds for the different metrics: Other options allow you to: Manually or automatically enable/disable sampling or polling-only. Enable/disable automatic data logging for warning or critical data. Gain access to the Device menu. HP ProCurve Networking 10

6. Reference documents This concludes the procedure for traffic flow monitoring using ProCurve Manager Plus and sflow. For further information about how to configure ProCurve switches and ProCurve Manager to support security, please refer to the following links: For PCM+ and IDM manuals: http://www.hp.com/rnd/support/manuals/procurve-manager.htm http://www.hp.com/rnd/support/manuals/idm.htm For user manuals for ProCurve 3500yl-5400zl-8212zl switches: http://www.hp.com/rnd/support/manuals/3500-6200-5400-chapterfiles.htm For ProCurve Switch 2610 series manuals: http://www.hp.com/rnd/support/manuals/2610.htm For information on sflow: http://sflow.org/ For further information, please visit www.procurve.eu 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. sflow is a registered trademark of InMon, Corp. HP ProCurve Networking 4AA2-1626EEE, July 2008 11

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information