The NetworkAnalysis-NetFlow service template analyzes nfcapd export files stored on the NetFlow collector in order to establish statistics on bandwidth usage of network interfaces monitored by NetFlow.

• It is used to monitor and analyze bandwidth consumption by focusing on a given service, e.g. application, user or protocol, over a given period.
• It collects performance data such as bandwidth consumption in both absolute values and percentages, average peak usage, etc.
• It is used to generate charts and alerts if the specified thresholds are exceeded for each service deployed.

      See NetFlow network traffic monitoring: Operating principle
 

NetworkTrafficMonitoringChallenges

Notes

• One service must be deployed for each application, source IP and destination IP to be monitored by NetFlow.

• NetFlow flow exports are identified as a combination of the following key fields: source IP address, destination IP address, source port number, destination port number, IP protocol, input logical interface and type of IP service. These are used to collect bandwidth usage statistics.
  • This information must be specified in the Availability and checks tab each time the service template is deployed for a given service, e.g. application, server, router, etc.
  • Any information other than this in this tab is optional. It is used to fine-tune surveillance of bandwidth usage for the monitored service.

Best Practice

• Link the NetworkAnalysis-NetFlow service template and a NetFlow exporter, i.e. the switch or router exporting NetFlow data. 

• Give a meaningful name to each service linked to the service template so users can identify it easily.

  example  

  • Analysis of FTP bandwidth usage ==> FTP_bandwidth  service
  • Analysis of CRM bandwidth usage ==> CRM_bandwidth service

• Use the NetworkAnalysis-NetFlow-TOPList and NetworkAnalysis-NetFlow-TOPList_CONNECTIONS service templates in addition to the NetworkAnalysis-NetFlow service template to collect the source IP addresses, connections and protocols with the highest bandwidth consumption.

Procedure: How to use the service template

Note: To use services based on the NetworkAnalysis-NetFlow service template, specific prerequisites must first be met. The NetFlow collector must be installed and configured and NetFlow must be enabled on the network interfaces to be monitored.
    See the detailed procedure
 

1. Go to the Web app.

2. Create a new service template.

• Select Configuration > Services > List in the menu.
• Click + Add in the Mode: Box tab. 

3. Specify the information below.

General information tab
    

• Service template: Select the NetworkAnalysis-NetFlow service template.
• Name: Enter the name of the new service to be created. Its name should correspond to the event to be captured.
   

Availability and checks tab
    

• Collector Storage: IP address of the NetFlow collector.

• Protocol: 

• Destination IP: IP address of the network interface monitored by NetFlow.

• Destination port: Listening port of the network interface monitored by NetFlow.

• Source IP: 

• Source port: 

• Destination network: 

• Source network: 

• Allocated bandwidth: Value allocated to the bandwidth in the specified output unit.
  • The allocated value will be used in calculating usage ratios.

• Units: Output unit (Kbps, Mbps, Gbps).

• Warning threshold: Warning threshold for bandwidth consumption, expressed as a percentage.

• Critical threshold: Critical threshold for bandwidth consumption, expressed as a percentage.

• Directory name: Destination folder for network interface flow exports.

• Absence status: Status indicated if there is no export data.

  example  

  • Value 0 indicates that the status is normal (OK)
  • Value 1 indicates that the status is critical (NOK)

4. Click Apply to save the new service template.

Use cases

UseCases