Quantcast
Channel: THWACK: Popular Discussions - NetFlow Traffic Analyzer
Viewing all 4057 articles
Browse latest View live

Which Ports to Configure for Netflow?

October 4, 2016, 3:53 am
$
0
0

Hello,

 

I am trying to set up Solarwinds NTA but I am having a bit trouble conceptulising the deployment and configuration. Can someone advise on which ports Netflow should be enabled within a multi-campus network environment?

 

I have three sites A, B and C that are connected with WAN links (A to B, B to C and C to A). There is a Cisco 3850 core switch at each site which is capable of doing Cisco Flexible Netflow. My question is on which interfaces should I enable Netflow on the cores?

 

I presume to enable it on the L3 WAN Link ports between each of the sites.

 

1. Should I enable Netflow on the trunk ports between the Core and Edge Switches at each site?

 

2. For each interface where Netflow is enabled, what direction should it be enabled for (Ingress, Egress or Both)? I did find this article which said not to enable both Ingress and Egress capture for Netflow interfaces due to double-capturing data. But if you just enable Ingress monitoring on each interface then the Egress statistics in NTA are blank.  Should this be how it is done?

 

3. How is traffic between two ports on the same VLAN, on the same edge switch captured by Netflow? Or is NTA with Netflow only designed to capture routed traffic?

 

Thanks

Search

There was an error rendering: Netflow Collector Services

April 6, 2018, 11:06 am
$
0
0

This is the error I am getting from on My Dashboards > Settings > All Settings > NTA Settings:

 

 

When I click on “View Details”, I get this screen:

 

 

So, not sure really where to start, have gone into the Customer Success Center and use “Netflow Collector Services” in the search window.

 

 

Link #1 - NetFlow collector services - SolarWinds Worldwide, LLC. Help and Support

Did not help as I am unable to get past the Netflow Collector Services.

 

Link #2 - NetFlow Collector Services resource

NetFlow Collector Services resource - SolarWinds Worldwide, LLC. Help and Support

Did not help with a resolution.

Link #3 - Solarwinds Data Collector Processor and Solarwinds Netflow service Will not restart

Solarwinds Data Collector Processor and Solarwinds Netflow service Will not restart - SolarWinds Worldwide, LLC. Help an…

Did not help as I know my SQL Server is online.  So just to make sure I checked the following:

 

My Dashboards > Settings > All Settings > Polling Engines>

Core Orion Server – Last Database Sync – 5 Seconds ago

APE #1 (BEL) – Last Database Sync – 22 seconds ago

APE #2 (CLA) – Last Database Sync – 10 seconds ago

APE #3 (GOR) – Last Database Sync – 4 seconds ago

APE #4 (SHA) – Last Database Sync – 3 Seconds ago

 

Well the databases are good, but let me check the services to make sure everything is running.

My Dashboards > Settings > All Settings > Orion Service Manager ((Awesome Feature!!!)

So, I noticed that there were some differences in what services were running on some APE’s than others.  I logged into #2 and here it what it said:

 

1 - Netflow appears to be installed:

 

Thinking the Application was installed, I should have the service there as well:

 

No service available.  Huh!

 

Course of Action for Resolution. 

 

  1. Run the Configuration Wizard on the APE.

Other screens and windows truncated…..

 

No NETFLOW SERVICE

 

2.  Repair the NTA Application

 

Opened up Control Panel > Programs and Features > Right Click on Solarwinds Orion Netflow Analyzer 4.2 > Repair

 

Now, I get to have a discussion with System Engineers to get appropriate access to the server.

 

{{{{  Pending Resolution for Issue above }}}}

 

3.  Uninstall NTA Application and Install NTA Application

4.  Uninstall all Solarwinds Software from APE and launch Orion-Installer

5.  Repair NTA Storage Server Software

6.  Repiar NTA Orion Core Server Software

 

 

I looked through several of these links in hopes for find some more information. 

NTA 4.x installation FAQ - SolarWinds Worldwide, LLC. Help and Support

CPU Router is very high

April 13, 2018, 2:47 am
$
0
0

Hi all

 

I am trying Solarwind NPM and NTA for monitoring network traffic on my company. Someday, router CPU load 100% and how do I detect why it consume 100%. This is follow traffic

 

Please help me. Thanks so much

Datacom DM 4100 Netflow/Sflow

July 7, 2015, 1:13 pm
$
0
0

Hello,

 

I need some help with NTA on a client network.

 

Im trying to configure a Datacom DM 4100 switch, i made the sflow config on the switch, and solarwinds tells me that he is receiving something, but there are no samples.

 

I used wireshark to see whats happening, and i can see a "Lenght = 6" error. Anyone know what that means?


Any help is welcome...

 

Btw, here is the configuration i made on the datacom:

 

configure

              interface ethernet 1/1

                           sflow

                              sflow counter-interval 60

                              exit

                sflow enable

                sflow agent-ip 10.0.13.40

                sflow receiver 1

                              enable

                              ip-address 10.0.1.1

                              port 6343

       exit

Netflow Collector Service shown down

April 12, 2018, 5:50 am
$
0
0

About a month ago we had to rebuild the main polling engine for our environment due to corrupt service. After we let the server baseline, two of our three Polling Engines are shown with NetFlow Collector Services down. I was able to get the service to work properly on one of the engines but not the other two. I do have a Support Ticket open for this issue but the Engineers are saying they are unable to find a reason. Thought I would see if any assistance could be found here.

 

Here is what is seen in the NTA.BusinessLayer.log file from a Polling Engine with this problem. The messages below keep repeating themselves even with a service reinstall.

 

2018-04-12 05:41:38,767 [20] INFO  SolarWinds.ServiceDirectory.LocalCache.ServiceDirectoryLocalCache - Service Directory in-memory cache reloaded with 87 entries from a local persistent storage.

2018-04-12 05:42:38,764 [27] INFO  SolarWinds.ServiceDirectory.LocalCache.ServiceDirectoryLocalCache - Service Directory local persistent storage updated, reloading in-memory cache.

2018-04-12 05:42:38,779 [27] INFO  SolarWinds.ServiceDirectory.LocalCache.ServiceDirectoryLocalCache - Service Directory in-memory cache reloaded with 87 entries from a local persistent storage.

2018-04-12 05:43:38,896 [4] INFO  SolarWinds.ServiceDirectory.LocalCache.ServiceDirectoryLocalCache - Service Directory local persistent storage updated, reloading in-memory cache.

2018-04-12 05:43:38,912 [4] INFO  SolarWinds.ServiceDirectory.LocalCache.ServiceDirectoryLocalCache - Service Directory in-memory cache reloaded with 87 entries from a local persistent storage.

2018-04-12 05:44:38,836 [42] INFO  SolarWinds.ServiceDirectory.LocalCache.ServiceDirectoryLocalCache - Service Directory local persistent storage updated, reloading in-memory cache.

2018-04-12 05:44:38,852 [42] INFO  SolarWinds.ServiceDirectory.LocalCache.ServiceDirectoryLocalCache - Service Directory in-memory cache reloaded with 87 entries from a local persistent storage.

2018-04-12 05:45:38,979 [63] INFO  SolarWinds.ServiceDirectory.LocalCache.ServiceDirectoryLocalCache - Service Directory local persistent storage updated, reloading in-memory cache.

2018-04-12 05:45:38,979 [63] INFO  SolarWinds.ServiceDirectory.LocalCache.ServiceDirectoryLocalCache - Service Directory in-memory cache reloaded with 87 entries from a local persistent storage.

2018-04-12 05:46:38,919 [37] INFO  SolarWinds.ServiceDirectory.LocalCache.ServiceDirectoryLocalCache - Service Directory local persistent storage updated, reloading in-memory cache.

2018-04-12 05:46:38,919 [37] INFO  SolarWinds.ServiceDirectory.LocalCache.ServiceDirectoryLocalCache - Service Directory in-memory cache reloaded with 87 entries from a local persistent storage.

Cannot view farther than 1 month back for a utilization chart in NTA

April 16, 2018, 11:17 am
$
0
0

Can anyone assist with:

 

1) How do I view farther than 1 month back for a utilization line chart I have on one of my interfaces for a node?  The chart shows distinguished lines for 1 month back then fades away to dots.  There is a scroller on the bottom of the chart which I can go farther back past a month but I get nothing on the chart.  I'm thinking that my history is set to hold information for only the past month which would lead me to my next question...

 

2) How do I change the holding period for history?  Right now I'm assuming it's only for 1 month back but how do I do it for 3-months back or longer?  Also, what will the impact be regarding performance on my database and/or web console?

 

Thank you in advance.

Netflow configure Cisco ASR 1002

November 17, 2014, 7:53 am
$
0
0

We just installed a Cisco ASR 1002, The old net flow commands used in our 3845 do not work. Has anyone set configuration to export Top-Talkers?

 

Thanks

Netflow per Second - Industry Average/Estimate

April 16, 2018, 11:37 pm
$
0
0

Dear Experts,

 

I am completely new to the Network concepts, and in precise very new to Netflow Techniques.

 

Below is my understanding about Netflow

 

Routers and switches that support NetFlow can collect IP traffic statistics on all interfaces where NetFlow is enabled, and later export those statistics as NetFlow records toward Solarwinds NTA collector(main/addional Poller).

 

Sample architecture

And we need 8 GB for every 1000 flow per second at NTA storage End

 

From my understanding above, the main poller or the additional Poller will receive all Netflow packets initially and then will send  to dedicated flow storage Data base server using MS Messaging Queue.

 

As polling engine is the primary receiver, do we need to consider any extra storage to accommodate these Flow at polling engines.

 

Kindly provide your inputs & also please correct me if I am wrong some where

Search

Collecting sFlow in NTA

September 3, 2008, 7:34 am
$
0
0

We installed  NTA 3 SP3 to demo how Solarwinds can work with Foundry equipment and cannot get any information from our sFlow devices.  I have added the collector to the Foundry device and set all the other parameters that the documentation asked for.  I added the device in NTA and can see all the ports but everything still says Never for Last Data Recieved.  Ironview is getting the data with no problems.  Is there another step that I might be missing?

Reporting on NetFlow data

November 29, 2016, 8:23 am
$
0
0

I've been asked by our Security team for reporting on our internet connections.  They want who's going where and for what content.

 

First, I would think that a report like this should already be available.  It seems like a no-brainer to me 

 

However, the canned web console reports don't have the ability to filter to specific interfaces, and Report Writer doesn't have any NetFlow data sources.  I find this ridiculous at best, and aggravating at worst.

 

What's the point of having all the NetFlow data if I can't report on it?

 

Has anybody else faced this situation?

NTA Retention Period

April 16, 2018, 11:48 am
$
0
0

This is for NTA 4.2.0

 

Retention period is currently set to 30 days and has been like this for some time.  What will the impact be if I change this to 90 days?  When I press "CALCULATE" in the Database Size section, it shows:

 

Current size: 3.2 GB

Projected size: Retention period is full, see the current database size

 

So if I change my retention period to 90 days, will my current size be increased to 9.6 GB (3.2 * 3 = 9.6)?  Other than taking up more database storage, will there be more lag, loading time, etc regarding NPM and/or the web console?  I would really like to know before making the change.

Cisco 4500X switch & Flexible Netflow

May 5, 2016, 1:21 am
$
0
0

Hi,

 

We have 2 x Cisco 4500X switches running in VRRP mode , we think we have flexible netflow  configured properly but NTA is not receiving any flows. Has anybody had or got a similar issue ?

 

Config on the switch looks like this.

 

flow record FR1

match ipv4 source address

match ipv4 destination address

collect counter bytes long

collect counter packets long

collect timestamp sys-uptime first

collect timestamp sys-uptime last

!

!

flow exporter FE1

destination 10.71.4.115

source Vlan7

transport udp 2055

!

!

flow monitor FM1

exporter FE1

cache timeout inactive 30

cache timeout active 60

cache entries 1000

record FR1

 

interface TenGigabitEthernet2/1/21

description router_x 5/0/1

no switchport

ip flow monitor FM1 input

ip address x.x.x.x 255.255.255.252

ip pim sparse-mode

there was no endpoint listening at net.tcp://cppunit:17777/orion/core/businesslayer

May 23, 2012, 12:30 pm
$
0
0

After the software install and running for few days. We have power fail, after reboot, I cannot access the Orion Web console, erroe message pop up "there was no endpoint listening at net.tcp://cpputil:17777/orion/core/businesslayer". I check with all required service were up and running. (UTIL is the collerctor/server)

Netflow configure Cisco ASR 1002

November 17, 2014, 7:53 am
$
0
0

We just installed a Cisco ASR 1002, The old net flow commands used in our 3845 do not work. Has anyone set configuration to export Top-Talkers?

 

Thanks

Reporting on NetFlow data

November 29, 2016, 8:23 am
$
0
0

I've been asked by our Security team for reporting on our internet connections.  They want who's going where and for what content.

 

First, I would think that a report like this should already be available.  It seems like a no-brainer to me 

 

However, the canned web console reports don't have the ability to filter to specific interfaces, and Report Writer doesn't have any NetFlow data sources.  I find this ridiculous at best, and aggravating at worst.

 

What's the point of having all the NetFlow data if I can't report on it?

 

Has anybody else faced this situation?

Search

Application data showing significantly less data than Total Bytes Transferred

April 22, 2018, 4:10 am
$
0
0

Hi I am new to Orion,

 

I am currently monitoring one side of a tunnel interface and can see large amounts of data going to and from the interface. However when I go look at the top applications the amount of data being recorded is tiny compared to the amount of data I know to be traversing that interface. I was wondering if this is common with netflow or if anyone knows what this could be.

 

Regards

Setting up Netflow for Cisco 2960s

August 14, 2013, 12:13 pm
$
0
0

All,

 

I'm trying to setup netflow to monitor our Cisco 2960s switches.  They are layer 2 switches and Solarwinds tech support suggested I look at nprobe application to, but they don't support it or know how it should be configured. Any help would be appreciated or if you know of any other software that will work with getting the information to netflow.  Thanks.

NTA Deployment

April 7, 2016, 9:08 pm
$
0
0

In a hub and spoke deployment, is it necessary to add netflow export at the spoke and the hub or is spoke adequate?

In a deployment with netflow on at hub and spokes, would the traffic be counted twice by NTA when comparing traffic volumes?

 

Regards

Frankie

LIcensing - pricing mode

June 2, 2010, 10:41 am
$
0
0

We are currently running Orion and APM.  

We have been running a trail of the Netflow Traffic Analyzer.   We like the product but the price is crazy.   The pricing is based on the number of nodes in Orion, NOT the number of routers we want to monitor.  Even with a huge discount, it is still out of line. 

Why don't they offer Netflow by a router count instead of total nodes?

Thanks,
D.

Collecting sFlow in NTA

September 3, 2008, 7:34 am
$
0
0

We installed  NTA 3 SP3 to demo how Solarwinds can work with Foundry equipment and cannot get any information from our sFlow devices.  I have added the collector to the Foundry device and set all the other parameters that the documentation asked for.  I added the device in NTA and can see all the ports but everything still says Never for Last Data Recieved.  Ironview is getting the data with no problems.  Is there another step that I might be missing?

Viewing all 4057 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>