Bandwidth reporting, capacity planning, and traffic shaping: NetFlow Analyzer Training

Free training on NetFlow Analyzer - Part II
Diagnosing and troubleshooting
traffic issues faster

Agenda
• Customizing data storage
• Customizing dashboards
• Reporting and automation
• Troubleshooting with forensics
• Traffic shaping
• Capacity planning and billing

How long data is stored for
troubleshooting

Customizing storage settings
Aggregated dataRaw data
One-minute data

Aggregated data
Default ON
Raw data
Default OFF
Types of data storage
• Each and every detail on application, source,
destination, and more
• Storage time limit (one hour to one month)
• By default one day is selected
• Improve raw storage up to one year with High
Perf
• Troubleshoot faster with forensics
• Stores "top 100" records for
conversation by default (Up to 300
records)
• Retains data forever by default
• Historical reporting

Benefit of turning on raw data
• One-minute granularity for the most detailed traffic analysis
• Long-term storage for better root cause analysis
• Improves accuracy with each and every conversation detail
• Deeper insights for troubleshooting with forensics reports
• Real-time alerts to troubleshoot issues immediately
http://blogs.manageengine.com/product-blog/netflowanalyzer/2010/01/29/data-storage-pattern-in-netflow-analyzer.html

One-minute traffic data
• Interface traffic graph for any 24-hour period
• Capacity planning traffic report
• Compare report
Raw data
• Forensics
• Last 2 hour for interface snapshot graphs
• Traffic details for App flow, Medianet, Multicast, AVC and ASA flow.
Aggregated data
• All widgets in inventory (Application, conversation and QoS)
• All interfaces and graphs, except a traffic graph for any 24-hour period
• Search and custom search report
• Consolidated report
• Schedule report
• Report profile
Data storage summary

How to identify potential issues early

Traffic summary dashboards
Top N applicationsDevice summary
Top N protocols Top N QoS
Top N conversations

View top N traffic details from the dashboard
• Track top N details in traffic summary
• Drill down to the most consumed traffic;
identify suspicious traffic
• Create new dashboards to view the
details that are important to you
• Display live data in your NOC screen
with auto-refresh option

Proactive alerting
Link congestionUtilization % exceeds
High traffic volume Link speed is low

Set alarms based on bandwidth usage
• Difference between
alarms and events
Alarms display:
• Message
• Source
• Category
• Technician
• Notes
• Severity
• Date/time

Possible options with alarms
• Drill down to faulty router/interface from
the alarm
• Note the exact time an issue occurred
• Check for traffic/application graphs
• Add notes to update the status of an
alarm
• Discuss issues with team members
An alarm is raised when WAN link utilization is more than 50%

How to find the root cause of an
issue

Easy reporting
CompareCustom search
Consolidated IP group and protocol
Forensics

Drill down to any specific detail with reports
Search/custom search report
Compare report
Consolidated report
IP group consolidated report
Protocol distribution report
Bandwidth analysis reports help you:
Search specific traffic details by the
associated application, protocol, host, or IP
Compare bandwidth usage at different
time intervals
Track top talkers and conversations with a
complete report
Visualize the combined bandwidth usage
of all IP groups
View protocol-based traffic for any
particular interface

Save all your reports in Report Profiles

Benefits of reporting
• Create criteria-based reports to identify bandwidth shortages or traffic spikes
• Automate and schedule reports at any specific time; receive notifications about reports
• Save reports and export them to PDF or CSV files to share them with upper management
• Generate historical reports to promptly diagnose bandwidth capacity
• Periodically review and optimize the usage of network bandwidth

Troubleshooting with forensics
What's the root cause of a traffic spike?

Benefits of forensics
• Get more granular traffic statistics using raw
data
• Drill down to identify which users,
applications, and protocols are consuming
the most bandwidth at a specific time
• Troubleshoot accurately by defining multiple
criteria to filter required traffic
• Flexibility to review historical data and find
out why a particular spike was generated

There was major network congestion and
critical applications were running slowly...

...which affected all users connected to
the network. The biggest challenge was
figuring out how to quickly resolve the
issue.
Step 1: Determine which part of the network was experiencing congestion
Step 2: Identify what caused the congestion. App or user or external attack?
Step 3: Troubleshoot by applying policies and bring the network back up

Step 1: Determine which part of the network
was experiencing congestion
• Where is the congestion and is it notified to me?
• Which applications were contributing to the most traffic?
• What QoS precedence value was the traffic utilizing at the time?
• What were the top source, destination & conversations in the network?
The dashboard immediately provided
details on what was being affected.

Step 2: Use forensics to identify what
caused the congestion
• Which applications or users were consuming the most traffic?
• What was the top conversation in the network at that time?
Forensics help locate the real cause.
The issue was with a patch management upgrade that
happened on all windows server during business hours.

1. Block the IP using an access control list (ACL)
2. Reduce the traffic bandwidth utilization
3. Load share the traffic with the help of Compare Reports
4. Reschedule the action to occur during non-business hours
How to troubleshoot and fix the issue

1. Filter out excess router
traffic by blocking IP/ IP
network
2. Allow certain packets and
deny everything else
#1. Block the IP with an ACL

1. Tweak your traffic policies
with CBQoS configurations
2. Shape interface traffic and
prioritize your critical
applications
3. Monitor the policy change in
CBQoS graphs
#2. Reduce the bandwidth utilization

1. Compare multiple
devices across the same
time period to view each
one's capacity
2. Decide how much to
deviate traffic on each
interface/device
#3 and #4: Load share the traffic or
rescheduling using Compare Reports

Once the issue is resolved, generate a
consolidated report to view the traffic stats.

What should you do if your
bandwidth is slowly reaching its
limit?

Capacity planning
Know immediately when you've reached your maximum capacity.
Generate short-term or long-term reports to view your network's usage
trends.
Get meaningful insight into application growth, average usage, and any usage
deviations.

How to bill your customers correctly

Billing
Measure bandwidth usage to verify your ISP billing.
Generate bill plans for your customers/clients if you're an ISP.

How to optimize your current bandwidth?

2. Understand historic trends and shape non-business traffic.
3. Prioritize critical applications.
1. Segment the network by creating groups.
Bandwidth optimization techniques

Need more help?
youtube.com/opmanagertechvideos
help.netflowanalyzer.com
forums.manageengine.com/netflowanalyzer
netflowanalyzer-support@manageengine.com
+1 (888) 720-9500 / +1 (408) 916 - 9595

Thank you!
netflowanalyzer-support@manageengine.com

Bandwidth reporting, capacity planning, and traffic shaping: NetFlow Analyzer Training

More Related Content

What's hot (20)

Similar to Bandwidth reporting, capacity planning, and traffic shaping: NetFlow Analyzer Training (20)

More from ManageEngine, Zoho Corporation (20)

Recently uploaded (20)

Bandwidth reporting, capacity planning, and traffic shaping: NetFlow Analyzer Training