EV Observe - Use NetworkAnalysis-NetFlow Service Template

Last modified on 2023/06/23 16:43
Contents

The NetworkAnalysis-NetFlow service template analyzes nfcapd export files stored on the NetFlow collector in order to establish statistics on bandwidth usage of network interfaces monitored by NetFlow.

  • It is used to monitor and analyze bandwidth consumption by focusing on a given service, e.g. application, user or protocol, over a given period.
  • It collects performance data such as bandwidth consumption in both absolute values and percentages, average peak usage, etc.
  • It is used to generate charts and alerts if the specified thresholds are exceeded for each service deployed.

     Open url.png See NetFlow network traffic monitoring: Operating principle
 

NetworkTrafficMonitoringChallenges

Challenges in network traffic monitoring

  • Identify the users, applications and protocols with the highest bandwidth consumption in order to optimize the performance of the infrastructure and Internet access costs, and improve the quality of service.
  • Anticipate the risk of incidents and adopt measures to prevent technical network failure.
  • Define bandwidth consumption strategies, implement the required corrective measures and anticipate bandwidth upgrades.
  • Identify the causes of bandwidth bottlenecks rapidly to ensure a return to normal operations as quickly as possible.

Notes

  • One service must be deployed for each application, source IP and destination IP to be monitored by NetFlow.
  • NetFlow flow exports are identified as a combination of the following key fields: source IP address, destination IP address, source port number, destination port number, IP protocol, input logical interface and type of IP service. These are used to collect bandwidth usage statistics.
    • This information must be specified in the Availability and checks tab each time the service template is deployed for a given service, e.g. application, server, router, etc.
    • Any information other than this in this tab is optional. It is used to fine-tune surveillance of bandwidth usage for the monitored service.

Best Practice

  • Link the NetworkAnalysis-NetFlow service template and a NetFlow exporter, i.e. the switch or router exporting NetFlow data. 
  • Give a meaningful name to each service linked to the service template so users can identify it easily.

    example  

    • Analysis of FTP bandwidth usage ==> FTP_bandwidth  service
    • Analysis of CRM bandwidth usage ==> CRM_bandwidth service
  • Use the NetworkAnalysis-NetFlow-TOPList and NetworkAnalysis-NetFlow-TOPList_CONNECTIONS service templates in addition to the NetworkAnalysis-NetFlow service template to collect the source IP addresses, connections and protocols with the highest bandwidth consumption.

Procedure: How to use the NetworkAnalysis-NetFlow service template

Prerequisites

     Open url.png See the detailed procedure Configure NetFlow Monitoring Prerequisites
 

Step 1: Create the new service

SelectCompanyInCompanyTree_Procedure

1. Go to the Web app.

2. Select the company from the company tree structure.

Notes:

  • The selected company must be associated with a Box.
  • You can create a new company. Open url.png See the procedure

    Company tree structure.png

3. Create a new service.

  • Select Configuration > Services > List in the menu.
  • Click + Add in the Mode: Box tab.

4. Specify the information below.

General information tab
    NetworkAnalysis-NetFlow configuration.png

  • Service template: Select the NetworkAnalysis-NetFlow service template.
  • Name: Enter the name of the new service to be created. Its name should correspond to the event to be captured.
     

Availability and checks tab
    NetworkAnalysis-NetFlow - Availability and checks tab.png

  • Collector Storage: IP address of the NetFlow collector.
  • Protocol
  • Destination IP: IP address of the network interface monitored by NetFlow.
  • Destination port: Listening port of the network interface monitored by NetFlow.
  • Source IP
  • Source port
  • Destination network
  • Source network
  • Allocated bandwidth: Value allocated to the bandwidth in the specified output unit.
    • The allocated value will be used in calculating usage ratios.
  • Units: Output unit (Kbps, Mbps, Gbps).
  • Warning threshold: Warning threshold for bandwidth consumption, expressed as a percentage.
  • Critical threshold: Critical threshold for bandwidth consumption, expressed as a percentage.
  • Directory name: Destination folder for network interface flow exports.
  • Absence status: Status indicated if there is no export data.

    example  

    • Value 0 indicates that the status is normal (OK)
    • Value 1 indicates that the status is critical (NOK)

5. Click Apply.

Use cases

UseCases
  • Detect non-business traffic, e.g. YouTube videos, Spotify, etc.
  • Monitor the peak loads of replication services such as backups.
  • Monitor the throughput generated by the email server.
  • Display performance data in both absolute values and percentages, and the average peak usage.
         Performance data example.png
  • Display the overall bandwidth consumption for the LAN network and its breakdown by service, e.g. Web, phone systems, CRM, etc.
         Dashboard example.png
Tags:
Powered by XWiki © EasyVista 2022