Network Traffic Analyzer



Similar documents
How-To Configure NetFlow v5 & v9 on Cisco Routers

UltraFlow -Cisco Netflow tools-

NetFlow Auditor Manual Getting Started

Overview of Network Traffic Analysis

SolarWinds Technical Reference

SolarWinds Technical Reference

Configuring NetFlow Switching

Tech Note #015. General requirements


Traffic monitoring with sflow and ProCurve Manager Plus

Fluke Networks NetFlow Tracker

A message from Plixer International:

Appendix A Remote Network Monitoring

Configuring SNMP and using the NetFlow MIB to Monitor NetFlow Data

Sampled NetFlow. Feature Overview. Benefits

NetFlow The De Facto Standard for Traffic Analytics

Enabling NetFlow and NetFlow Data Export (NDE) on Cisco Catalyst Switches

Scrutinizer. Getting Started Guide. A message from Plixer International:

Configuring NetFlow Secure Event Logging (NSEL)

Cisco ASA and NetFlow Using ASA NetFlow with LiveAction Flow Software

Monitoring Netflow with NFsen

Configuring Static and Dynamic NAT Simultaneously

Catalyst 6500/6000 Switches NetFlow Configuration and Troubleshooting

Configuring NetFlow-lite

Netflow Overview. PacNOG 6 Nadi, Fiji


Securing and Monitoring BYOD Networks using NetFlow

Flow Monitor for WhatsUp Gold v16.2 User Guide

Using The Paessler PRTG Traffic Grapher In a Cisco Wide Area Application Services Proof of Concept

Configuring Flexible NetFlow

SolarWinds Technical Reference

Table Of Contents INTRODUCTION...4. What's New in this Release?... 5 INSTALLATION AND SETUP...9. System Requirements Prerequisites...

Lab Characterizing Network Applications

Network forensics 101 Network monitoring with Netflow, nfsen + nfdump

Network Management & Monitoring

NetFlow: What is it, why and how to use it? Miloš Zeković, ICmyNet Chief Customer Officer Soneco d.o.o.

Configuring NetFlow Secure Event Logging (NSEL)

Contents. Lancope The Leader in NetFlow Collection & Analysis. Cisco NetFlow Configuration. Cisco IOS NetFlow Configuration Guide

NetFlow v9 Export Format

NetFlow Aggregation. Feature Overview. Aggregation Cache Schemes

Flow Monitor for WhatsUp Gold v16.1 User Guide

NetFlow-Lite offers network administrators and engineers the following capabilities:

AlliedWare Plus OS How To Use sflow in a Network

Blue Coat Systems. Reference Guide. WCCP Reference Guide. For SGOS 5.3

Configuring NetFlow. Information About NetFlow. Send document comments to CHAPTER

Tue Apr 19 11:03:19 PDT 2005 by Andrew Gristina thanks to Luca Deri and the ntop team

Introduction to Netflow

Table of Contents INTRODUCTION What's New in this Release?... 6 INSTALLATION AND SETUP System Requirements...14

Emerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc.

Agenda. sflow intro. sflow architecture. sflow config example. Summary

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to CHAPTER

Network Monitoring and Management NetFlow Overview

Blue Coat Systems. Reference Guide. WCCP Reference Guide. For SGOS

WhatsUpGold. v15.0. Flow Monitor User Guide

PANDORA FMS NETWORK DEVICES MONITORING

How To - Implement Clientless Single Sign On Authentication with Active Directory

Configuring NetFlow. Information About NetFlow. NetFlow Overview. Send document comments to CHAPTER

Lab Load Balancing Across Multiple Paths

Table of Contents. Cisco Blocking Peer to Peer File Sharing Programs with the PIX Firewall

NetFlow Subinterface Support

PANDORA FMS NETWORK DEVICE MONITORING

How To Configure The Fortigate Cluster Protocol In A Cluster Of Three (Fcfc) On A Microsoft Ipo (For A Powerpoint) On An Ipo 2.5 (For An Ipos 2.2.5)

CHAPTER 1 WhatsUp Flow Monitor Overview. CHAPTER 2 Configuring WhatsUp Flow Monitor. CHAPTER 3 Navigating WhatsUp Flow Monitor

NetFlow Policy Routing

LogLogic Cisco NetFlow Log Configuration Guide

Netflow Collection with AlienVault Alienvault 2013

Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches

Netflow For Incident Detection 1

School of Information Technology and Engineering (SITE) CEG 4395: Computer Network Management. Lab 4: Remote Monitoring (RMON) Operations

NetStream (Integrated) Technology White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 01. Date

Network Management Back to the Basics. Brad Hale

Introduction to Cisco IOS Flexible NetFlow

IP Accounting C H A P T E R

Configuring NetFlow Data Export (NDE)

IPv6 Network Management.

LAB II: Securing The Data Path and Routing Infrastructure

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES

Cisco NetFlow TM Briefing Paper. Release 2.2 Monday, 02 August 2004

How To Mirror On An Ipfix On An Rspan Vlan On A Pc Or Mac Or Ipfix (Networking) On A Network On A Pnet (Netnet) On An Uniden (Netlan

Enabling NetFlow on Virtual Switches ESX Server 3.5

Enabling and Monitoring NetFlow on Subinterfaces

SolarWinds Technical Reference

WhatsUpGold. v NetFlow Monitor User Guide

How to configure an Advanced Expert Probe as NetFlow Collector

Configuring a Router

Firewall Load Balancing

Applicazioni Telematiche

Cisco IOS Flexible NetFlow Command Reference

Cisco IOS NetFlow Command Reference

Telnet, Console and AUX Port Passwords on Cisco Routers Configuration Example

6.0. Getting Started Guide

FortiGate High Availability Overview Technical Note

Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, :32 pm Pacific

Getting Started with Configuring Cisco IOS NetFlow and NetFlow Data Export

Traffic Mirroring Commands on the Cisco IOS XR Software

Flow Analysis. Make A Right Policy for Your Network. GenieNRM

I cannot find the answer to my problem in the manuals, what do I need to do?

Transcription:

Network Traffic Analyzer Configuring NetFlow or sflow on Network Devices Revision 1.2.9 - (11-03-2015)!1

Introduction This document explains how to configure network devices such as Switches to send NetFlow or sflow statistics to a Monitoring Server like BLËSK. Please take a note that commands as explained into this document may vary according to your device version and models. Enable & Export NetFlow on Cisco IOS Device To ensure that the necessary hardware is enabled, issue the show module command, as follows: show module all Mod Submodule Model Serial No. Hw Status ----+-----------------------+-----------------+------------+----+--------- 1 Netflow Services Card WS-F4531 JAB062209CG 0.2 Ok If the NetFlow module is available, you should see something like the above. The following sequence of IOS commands can be used as a model for configuring NetFlow. router#enable Password:***** router#configure terminal router-2621(config)#interface FastEthernet 0/1 router-2621(config-if)#ip route-cache flow router-2621(config-if)#exit router-2621(config)#ip flow-export destination x.x.x.x 6343 router-2621(config)#ip flow-export source FastEthernet 0/1 router-2621(config)#ip flow-export version 5 router-2621(config)#ip flow-cache timeout active 1 router-2621(config)#ip flow-cache timeout inactive 15 router-2621(config)#snmp-server ifindex persist router-2621(config)#^z router#write In the above example, the ip flow-export destination x.x.x.x is the IP address of the BLËSK monitoring server. The 6343 in the ip flow-export destination command example corresponds to the Local Collector UDP Port number configured for the NetFlow plugin. The flow export source interface will vary, depending on the interface providing the source traffic.!2

Enable & Export sflow on Brocade Device The following configuration enables sflow monitoring of all interfaces on a Brocade FGS switch, sampling packets at 1-in-10, polling counters every 20 seconds and sending the sflow to an analyzer (10.0.0.5) on UDP port 6343 (the default sflow port): fgs(config)# int e 0/1/1 to 0/1/24 fgs(config-mif-0/1/1-0/1/24)# sflow forwarding fgs(config-mif-0/1/1-0/1/24)# exit fgs(config)# sflow destination 10.0.0.5 6343 fgs(config)# sflow sample 10 fgs(config)# sflow polling-interval 20 fgs(config)# sflow enable Enable & Export sflow on HP Device The commands bellow only works on the 3500/5400/8200/6200 HP products. 1. Configure a destination: hp (config)# sflow 2 destination x.x.x.x 6343 The above commands will send sflow to the destination IP x.x.x.x which is the one used by BLËSK. 2. Enable sample rate and polling interval: hp (config)# sflow 2 sampling all 10 hp (config)# sflow 2 polling all 20 You can enable sample rate and polling interval depending of the accuracy of the received packet that you want to get. Use the all parameter in sampling and polling parameters to enable sflow on all interfaces. Enable & Export sflow on DELL Device 1. Configure a destination: dell (config)# sflow 1 destination x.x.x.x dell (config)# sflow 1 destination owner <owner_name> timeout 4294967295 The above commands will send sflow to the destination IP x.x.x.x which is the one used by BLESK. 2. Enable sample rate and polling interval: dell (config)# sflow 1 sampling ethernet 1/g1-1/g32 1024 dell (config)# sflow 1 polling ethernet 1/g1-1/g32 20 The above configure the sampling packets at 1-in-1024, and polling counters every 20 seconds.!3

Enable & Export sflow on a Force 10 Device 1. The following commands configure a Force10 switch (10.0.0.245), sampling packets at 1-in-512, polling counters every 30 seconds and sending the sflow to an analyzer (10.0.0.50) over UDP using the default sflow port (6343): config> sflow collector 10.0.0.50 agent-addr 10.0.0.245 config> sflow sample-rate 512 config> sflow polling 30 config> sflow enable 2. Then for each interface: interface> sflow enable 3. You can also use the following command to list the configuration settings: show sflow Enable & Export sflow on FortiGate appliances The recent FortiOS 4.0 MR2 release adds sflow support to Fortinet's FortiGate appliances. The following commands configure a FortiGate to sample packets at 1-in-10, poll counters every 20 seconds, and send sflow to an analyzer (10.0.0.35) over UDP using the default sflow port (6343): config system sflow set collectorip 10.0.0.35 set collectorport 6343 end Then for each interface: config sys interface edit set sflow-sampler enable set sample-rate 10 set sample-direction both set polling-interval 20 next end Configure sflow monitoring on all interfaces on the switch for full visibility. Packet sampling is implemented in hardware so all the interfaces can be monitored with very little overhead.!4

Changing the Polling Interval The polling interval defines how often sflow byte and packet counter data for a port are sent to the sflow collector(s). If multiple ports are enabled for sflow, the switch device staggers transmission of the counter data to smooth performance. For example, if sflow is enabled on two ports and the polling interval is 20 seconds, the switch device sends counter data every ten seconds. The counter data for one of the ports are sent after ten seconds, and counter data for the other port are sent after an additional ten seconds. Ten seconds later, new counter data for the first port are sent. Similarly, if sflow is enabled on five ports and the polling interval is 20 seconds, the device sends counter data every four seconds. The default polling interval is 20 seconds. You can change the interval to a value from 1 to any higher value. The interval value applies to all interfaces on which sflow is enabled. If you set the polling interval to 0, counter data sampling is disabled. Changing the Sampling Rate The sampling rate is the average ratio of the number of packets incoming on an sflow-enabled port, to the number of flow samples taken from those packets. You can change the default (global) sampling rate. You also can change the rate on an individual port, overriding the default sampling rate of 512. With a sampling rate of 512, on average, one in every 512 packets forwarded on an interface is sampled. Configuration Considerations The sampling rate is a fraction in the form 1/N, meaning that, on average, one out of every N packets will be sampled. The sflow sample command at the global level or port level specifies N, the denominator of the fraction. Thus a higher number for the denominator means a lower sampling rate since fewer packets are sampled. Likewise, a lower number for the denominator means a higher sampling rate because more packets are sampled. For example, if you change the denominator from 512 to 128, the sampling rate increases because four times as many packets will be sampled. The software rounds the value you enter to the next higher odd power of 2. This value becomes the actual default sampling rate and is one of the following. 2 8 32 128 512 2048 8192 32768 131072 524288 2097152 8388608 33554432 134217728 536870912 2147483648 For example, if the configured sampling rate is 1000, then the actual rate is 2048 and 1 in 2048 packets are sampled by the hardware.!5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information