PAGEME1000
Technical User
Anyone here had any experience of this software solution for traffic monitoring or a switch/routed network?
Cheers
Page
Cheers
Page
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Netscouts nGenius RTM for Cisco Catalyst 6500 3
- Thread starter PAGEME1000
- Start date
- Status
Page,
On 21 January you wrote: "...but I am looking to store vlan traffic information with the purpose of billing customers 4 network usuage..."
Someting you might consider that will further suit that requirement is Cisco's NetFlow Collector and Data Analyzer. Netflow data is a record of conversations between two hosts that details time, number of packets and octets, protocol, and TCP/UDP ports being used on both ends. Once a conversation between two hosts is completed, the data is saved to cache. By default, Cisco routers collect netflow information and it is stored in cache for x amount of time. One can view the netflow data in the router by typing the following command: show ip cache flow
Cisco's NetFlow Collector and Data Analyzer retrieves the netflow data from the routers and presents it to the user in a user-friendly format with charts, histograms and tables that can be exported to a spreadsheet or database. The software is written for a Sun System, but there is a display export tool that is compatible for PCs for one to view the reports frpom a web browser. We are using the system for problem determination and there is a lot of info that you may not need for your purposes, hence, you may want to investigate other, more affordable products. When I researched other NetFlow collection systems, there were a few others identified for much less money but they only gave billing info (time and total number of octets for each conversation) in their reports.
On 21 January you wrote: "...but I am looking to store vlan traffic information with the purpose of billing customers 4 network usuage..."
Someting you might consider that will further suit that requirement is Cisco's NetFlow Collector and Data Analyzer. Netflow data is a record of conversations between two hosts that details time, number of packets and octets, protocol, and TCP/UDP ports being used on both ends. Once a conversation between two hosts is completed, the data is saved to cache. By default, Cisco routers collect netflow information and it is stored in cache for x amount of time. One can view the netflow data in the router by typing the following command: show ip cache flow
Cisco's NetFlow Collector and Data Analyzer retrieves the netflow data from the routers and presents it to the user in a user-friendly format with charts, histograms and tables that can be exported to a spreadsheet or database. The software is written for a Sun System, but there is a display export tool that is compatible for PCs for one to view the reports frpom a web browser. We are using the system for problem determination and there is a lot of info that you may not need for your purposes, hence, you may want to investigate other, more affordable products. When I researched other NetFlow collection systems, there were a few others identified for much less money but they only gave billing info (time and total number of octets for each conversation) in their reports.
- Thread starter
- #22
PAGEME1000
Technical User
Thanxs Pris....
A Cisco SSE led me to believe there was no real tool for the cat 6500 series.....the 5500 has the netflow feature card but there is nought for the 6500. The only real suggestion was to use the NAM plus I will be using the performance monitoring aspects etc at a later date.....
Page
"Deep in RMON"
A Cisco SSE led me to believe there was no real tool for the cat 6500 series.....the 5500 has the netflow feature card but there is nought for the 6500. The only real suggestion was to use the NAM plus I will be using the performance monitoring aspects etc at a later date.....
Page
"Deep in RMON"
Page,
Talk to the SSE again, this time ask him/her specifically about NetFlow Collector and Data Analyzer. If he/she is unfamiliar with the product, tell them to get some help from the Team Leader. This product is not to be confused with the NetFlow Feature card technology offered for Cat 5500 switches. This system is for collecting data from a router, such as a 7500 series router or a MSFC routing device that can be placed onboard the Supervisor card in a Cat 6500 switch. The following is a sample of the flow cache from a MSFC, which is the data that is exported to the NetFlow Collector for processing and presentation (I realize this may be awkward to read due to the frame size of the forum's viewer, but maybe you can cut-and-paste the output into a word processor and expand the page size to an appropriate setting.):
IP packet size distribution (4459909 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .876 .053 .017 .004 .003 .001 .004 .004 .005 .005 .000 .001 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .001 .019 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 4456704 bytes
60 active, 65476 inactive, 623663 added
17379359 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 10727 0.0 1 69 0.0 0.0 15.3
TCP-FTP 1388 0.0 1 51 0.0 0.0 14.9
TCP-FTPD 28 0.0 1 624 0.0 0.0 15.0
TCP-WWW 30547 0.1 1 55 0.1 0.0 14.1
TCP-SMTP 3226 0.0 1 50 0.0 0.6 13.6
TCP-X 6064 0.0 1 159 0.0 0.0 15.4
TCP-NNTP 63 0.0 1 46 0.0 0.0 14.3
TCP-Frag 3 0.0 1 32 0.0 0.0 15.6
TCP-other 68900 0.2 1 74 0.2 0.2 14.6
UDP-DNS 5470 0.0 1 69 0.0 0.7 15.4
UDP-NTP 36802 0.1 1 76 0.1 0.0 15.5
UDP-TFTP 13377 0.0 1 48 0.0 3.9 15.4
UDP-Frag 167 0.0 1 912 0.0 0.0 15.4
UDP-other 254303 0.9 15 58 15.3 12.8 15.3
ICMP 192445 0.7 1 641 0.8 0.1 15.4
GRE 96 0.0 1 91 0.0 0.0 15.4
IP-other 7 0.0 1 80 0.0 0.0 15.6
Total: 623613 2.3 7 87 16.9 5.4 15.2
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Vl883 9.3.185.182 Vl3 9.5.104.11 06 0017 D441 1
Vl884 9.3.254.37 Vl3 68.33.184.63 06 0EE9 04BE 1
Vl5 9.3.0.21 Local 9.3.0.206 01 0000 0800 5
Vl3 9.53.183.2 Vl884 9.3.186.39 11 0035 1079 1
If you want, email me at lewism@us.ibm.com and I will send a screen print of sample data as it is presented from the NetFlow Collector/Data Analyzer system.
Cheers!
Talk to the SSE again, this time ask him/her specifically about NetFlow Collector and Data Analyzer. If he/she is unfamiliar with the product, tell them to get some help from the Team Leader. This product is not to be confused with the NetFlow Feature card technology offered for Cat 5500 switches. This system is for collecting data from a router, such as a 7500 series router or a MSFC routing device that can be placed onboard the Supervisor card in a Cat 6500 switch. The following is a sample of the flow cache from a MSFC, which is the data that is exported to the NetFlow Collector for processing and presentation (I realize this may be awkward to read due to the frame size of the forum's viewer, but maybe you can cut-and-paste the output into a word processor and expand the page size to an appropriate setting.):
IP packet size distribution (4459909 total packets):
1-32 64 96 128 160 192 224 256 288 320 352 384 416 448 480
.000 .876 .053 .017 .004 .003 .001 .004 .004 .005 .005 .000 .001 .000 .000
512 544 576 1024 1536 2048 2560 3072 3584 4096 4608
.000 .000 .000 .001 .019 .000 .000 .000 .000 .000 .000
IP Flow Switching Cache, 4456704 bytes
60 active, 65476 inactive, 623663 added
17379359 ager polls, 0 flow alloc failures
Active flows timeout in 30 minutes
Inactive flows timeout in 15 seconds
last clearing of statistics never
Protocol Total Flows Packets Bytes Packets Active(Sec) Idle(Sec)
-------- Flows /Sec /Flow /Pkt /Sec /Flow /Flow
TCP-Telnet 10727 0.0 1 69 0.0 0.0 15.3
TCP-FTP 1388 0.0 1 51 0.0 0.0 14.9
TCP-FTPD 28 0.0 1 624 0.0 0.0 15.0
TCP-WWW 30547 0.1 1 55 0.1 0.0 14.1
TCP-SMTP 3226 0.0 1 50 0.0 0.6 13.6
TCP-X 6064 0.0 1 159 0.0 0.0 15.4
TCP-NNTP 63 0.0 1 46 0.0 0.0 14.3
TCP-Frag 3 0.0 1 32 0.0 0.0 15.6
TCP-other 68900 0.2 1 74 0.2 0.2 14.6
UDP-DNS 5470 0.0 1 69 0.0 0.7 15.4
UDP-NTP 36802 0.1 1 76 0.1 0.0 15.5
UDP-TFTP 13377 0.0 1 48 0.0 3.9 15.4
UDP-Frag 167 0.0 1 912 0.0 0.0 15.4
UDP-other 254303 0.9 15 58 15.3 12.8 15.3
ICMP 192445 0.7 1 641 0.8 0.1 15.4
GRE 96 0.0 1 91 0.0 0.0 15.4
IP-other 7 0.0 1 80 0.0 0.0 15.6
Total: 623613 2.3 7 87 16.9 5.4 15.2
SrcIf SrcIPaddress DstIf DstIPaddress Pr SrcP DstP Pkts
Vl883 9.3.185.182 Vl3 9.5.104.11 06 0017 D441 1
Vl884 9.3.254.37 Vl3 68.33.184.63 06 0EE9 04BE 1
Vl5 9.3.0.21 Local 9.3.0.206 01 0000 0800 5
Vl3 9.53.183.2 Vl884 9.3.186.39 11 0035 1079 1
If you want, email me at lewism@us.ibm.com and I will send a screen print of sample data as it is presented from the NetFlow Collector/Data Analyzer system.
Cheers!
-
1
- #24
In regard to Switch Probes and NAM modules. I have 4 6509's at the core with about 600 other devices spread out over the distribution and access layers.
I do not have switch probes or NAM modules. How much more information will these hardware additons give me with CW2K and RTM that I am not getting now with RMON etc?
I do not have switch probes or NAM modules. How much more information will these hardware additons give me with CW2K and RTM that I am not getting now with RMON etc?
Hi Agape234,
In a nutshell, you can get the whole shooting match with probes and/or NAM modules. You can capture individual packets on the network and decode them to see exactly what one host is sending to another host (i.e. read email, http requests for downloads from dodgy sites, follow paths a packet takes and look for acks, identify virus attack packets, etc.). Without a "probe" type device, all you can gather from the switch is mini-RMON (statistical) data.
In a nutshell, you can get the whole shooting match with probes and/or NAM modules. You can capture individual packets on the network and decode them to see exactly what one host is sending to another host (i.e. read email, http requests for downloads from dodgy sites, follow paths a packet takes and look for acks, identify virus attack packets, etc.). Without a "probe" type device, all you can gather from the switch is mini-RMON (statistical) data.
CW2K running on a Solaris platform.
1. Can I load RTM and NetFlow Collector on this same platform and have enough juice to run all three apps simultaneously, without walking on each other.
2. I have read, (url escapes me at this point) that RTM is rather security indifferent, meaning, by default, allows your server to be pretty open to Hack attempts. The article also mentioned putting a router with some basic ACLs, between the RTM server and your network to limit this vulnerability.
Anyone seen either of these issues come up. Are YOU Sancho?....No you are not. Is Scott Baio Sancho?....NO, he is not!....Only.."I"....am Sancho!
1. Can I load RTM and NetFlow Collector on this same platform and have enough juice to run all three apps simultaneously, without walking on each other.
2. I have read, (url escapes me at this point) that RTM is rather security indifferent, meaning, by default, allows your server to be pretty open to Hack attempts. The article also mentioned putting a router with some basic ACLs, between the RTM server and your network to limit this vulnerability.
Anyone seen either of these issues come up. Are YOU Sancho?....No you are not. Is Scott Baio Sancho?....NO, he is not!....Only.."I"....am Sancho!
- Status
Similar threads
- Locked
- Question
- Locked
- Question