The NetworkAnalysis-sFlow service template analyzes nfcapd export files stored on the sFlow collector in order to establish statistics on bandwidth usage of network interfaces monitored by sFlow.

• It is used to monitor and analyze bandwidth consumption by focusing on a given service, e.g. application, user or protocol, over a given period.
• It collects performance data such as bandwidth consumption in both absolute values and percentages, average peak usage, etc.
• It is used to generate charts and alerts if the specified thresholds are exceeded for each service deployed.

      See sFlow network traffic monitoring: Operating principle
 

NetworkTrafficMonitoringChallenges

Notes

• One service must be deployed for each application, source IP and destination IP to be monitored by sFlow.

• sFlow flow exports are identified as a combination of the following key fields: source IP address, destination IP address, source port number, destination port number, IP protocol, input logical interface and type of IP service. These are used to collect bandwidth usage statistics.
  • This information must be specified in the Availability and checks tab each time the service template is deployed for a given service, e.g. application, server, router, etc.
  • Any information other than this in this tab is optional. It is used to fine-tune surveillance of bandwidth usage for the monitored service.

Best Practice

• Link the NetworkAnalysis-sFlow service template and an sFlow agent, i.e. the switch or router exporting sFlow data. 

• Give a meaningful name to each service linked to the service template so users can identify it easily.

  example  

  • Analysis of FTP bandwidth usage ==> FTP_bandwidth  service
  • Analysis of CRM bandwidth usage ==> CRM_bandwidth service

• Use the NetworkAnalysis-sFlow-TOPList service template in addition to the NetworkAnalysis-sFlow service template to collect the source IP addresses, connections and protocols with the highest bandwidth consumption.

Procedure: How to use the service template

Note: To use services based on the NetworkAnalysis-sFlow service template, specific prerequisites must first be met. The sFlow collector must be installed and configured and sFlow must be enabled on the network interfaces to be monitored.
     See the detailed procedure
 

1. Go to the Web app.

2. Create a new service template.

• Select Configuration > Services > List in the menu.
• Click + Add in the Mode: Box tab. 

3. Specify the information below.

General information tab
     

• Service template: Select the NetworkAnalysis-sFlow service template.
• Name: Enter the name of the new service to be created. Its name should correspond to the event to be captured.
   

Availability and checks tab
     

• Collector Storage: IP address of the sFlow collector.

• Protocol: 

• Destination IP: IP address of the network interface monitored by sFlow.

• Destination port: Listening port of the network interface monitored by sFlow.

• Source IP: 

• Source port: 

• Destination network: 

• Source network: 

• Allocated bandwidth: Value allocated to the bandwidth in the specified output unit.
  • The allocated value will be used in calculating usage ratios.

• Units: Output unit (Kbps, Mbps, Gbps).

• Warning threshold: Warning threshold for bandwidth consumption, expressed as a percentage.

• Critical threshold: Critical threshold for bandwidth consumption, expressed as a percentage.

• Directory name: Destination folder for network interface flow exports.

• Absence status: Status indicated if there is no export data.

  example  

  • Value 0 indicates that the status is normal (OK)
  • Value 1 indicates that the status is critical (NOK)

4. Click Apply to save the new service template.

Use cases

UseCases