One complaint that I hear from customers is that their MyView page is slow to load.  After a little detective work, we always find quick and easy ways to speed up their interface.

For those of you who haven’t used MyView before; here is a quick introduction.  MyView is a customizable dashboard that provides users of Scrutinizer a unique view of their network traffic and management interface.  On top of that, each user can have their own customized view. You can quickly see how your MyView dashboard will be an invaluable tool for gaining complete network awareness.

I have seen MyView used in many ways.  One of the better practices is having a login for Flow Analytics, one for your custom reports and one for day to day operations.  For example, in our NOC, we have a special MyView for our demos, one for our manager and one with multiple custom reports.  Mike, our manager, has a his own special MyView that contains a few flash maps and “PlumTrack”; our in-house PBX phone monitoring application.

There are a few limitations with MyView that you need to be aware of though. You have to remember that each and every window in MyView is a micro web page that must adhere to all the caveats that you would experience with normal browsing.  In short, don’t open up too many resource consuming web pages!  What are resource consuming pages?  Well, there are three types.

The first is a static or simple page. The NOAA weather map is a great example of this.  It a simple image that is loaded every few minutes when the gadget refreshes.  It is common to have a few of these, as they have limited load times and are mostly harmless.

The next page type is one that generates its data “server side”, meaning that it makes a call to the local database . Once it completes the task, it then reports the requested information.  Many of our prepackaged gadgets use this method, including  all of your custom reports, since each one becomes an available MyView gadget.  You also need to remember that each time one of these reports is called on, it requires time to process and return the data.

The third and most resource intensive ,are those outside of our environment.  Many of todays AJAX, DHTML, Web 2.0 applications consume quite a bit of your browsers resources. Adding multiple instances of these types of applications can severely slow down your browsers performance.  Nine out of ten times this is the culprit for slowness.

Whats coming in 7.0?

We have some exciting changes coming in the next version. With the  Scrutinizer 7.0  MyView feature , you are going to have multiple sub tabs that allow you to have multiple views to one page. You will have a smoother experience with moving your gadgets  and the ability to set permissions based on specific  MyView tab content.

More importantly, we have improved the overall speed of the MyView engine.  This will allow Scrutinizer and MyView to be your preferred network management tools, since it provides seamless integration between most of your 3rd party tools.

Stay tuned for more network management goodness and other pointless bits of geek lore!

Have a happy New Year!

___________________________________________________________________

Jimmy D – “No Bull” tech support!

Did you know that you could create network maps for each of your locations (physical office or wiring closet) with Scrutinizer?  Did you know that you could plot your locations worldwide using Google maps?  Or integrate other vendor’s applications in Scrutinizer, to view device statistics with the click of a mouse? (click on mouse to test)

Read more »

Up here in the north, a person can get pretty stir crazy staying in too much during the winter. Out of boredom, I often spend extra hours working on NetFlow and sFlow as I generally find it more fun then watching TV or playing video games. Both of which I like but like many activities, they can be over done.

The days following Christmas, I found myself spending way too much time in the house with my wife & kids. I decided to try and think of things I can do with my girls. Because of the snow, we decided to go out for a bit of sledding at Gowan Park in Sanford, Maine.

Here is a short video of me and my daughter on a short ride. I hope it makes you smile and appreciate a little snow.

Lets all hope for more of the white stuff. I want to go snowmobiling!

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter

Hello Everyone,

If you would like to see other blogs on how to setup IP SLAs check out these links.

IP SLA  – ICMP Echo – 2 of 4
IP SLA – TCP Connect – 3 of 4
IP SLA - HTTP - 4 of 4 

I’m going to be putting together a four part series on some common Cisco IP SLA monitor configurations.  Cisco IP SLAs are great ways to get statistics on different types of communications between routers.  They’re relatively simple to set up, and reports can be generated by an SNMP trender.

focus on the Jitter monitor.  You can get a ton of information from the Jitter monitor, starting with latency, Packet Loss, and Jitter.  If the router’s clocks are synchronized you can also get the latencies for each way.  By adding a VoIP codec to the monitor, the router can generate the Mean Opinion Score (MOS), and the Impairment/calculated planning impairment factor (ICPIF) score.

Check out Plixer’s white paper on setting up the Jitter operation.  It will walk you through setting up a Jitter monitor, how to trend the statistics, and generate reports.

If you plan on using the jitter operation to monitor VoIP, pay special attention to make sure that you are using the codec that matches the actual codec being used.

It is also important to have realistic expectations on MOS values pertaining to each codec.  Although Cisco’s scale is 1-5 in their documentation, production environments will not see a 5.  The chart below will help in determining how well your communications are doing.

Scrutinizer Netflow Analyzer has a My View page that contains gadgets that can integrate with third party applications.  One of these applications is Denika which can trend the IP SLA statistics.  If you have Scrutinizer and Denika ask us about a custom VoIP gadget to display VoIP IP SLA Statistics.

Check out Part 2 of the IP SLA series.

Raul

Flexible NetFlow Generates Cash?
In the What’s So Flexible About Flexible NetFlow? post I discussed the key advantages of Flexible NetFlow.  In this blog I will outline how Flexible NetFlow exports 3 types of flow caches (i.e not cash) depending on the nature of what you want to export.  These caches are as follows:

• Normal Cache: used for traditional NetFlow, has an additional benefit.  The Active time can be set as low as 1 second whereas in traditional NetFlow it can only go as low as 60 seconds.  This means the data can be exported to the collector closer to real time.

• Permanent Cache: is used for accounting and for security monitoring.  This cache is sometimes used to export a byte count on an interface for specific IP addresses for accounting purposes.  We have to be careful with a Permanent Cache because if it becomes full, all new flows will be dropped so, we need to be sure that we export frequently enough to avoid lost data.  It is generally used when the amount of flows expected will be low or when there is a need to keep long-term statistics on the router.  When a cache becomes full, all new flows are ignored.  Also, the counters represent totals seen for the lifetime and not just from the last export.

• Immediate Cache: is used when each packet matching the filter is to be exported immediately to the collector.  It is generally used to export up to the first 1000 bytes from the IP payload.  Usually, “something” is monitoring traditional NetFlow which triggers an Immediate Cache.  Loaded with a good portion of the original packet, a closer look into the potential problem can be taken.

For most of us, NetFlow collection using a Normal Cache won’t change however, a NetFlow solution which can take advantage of the other Caches (i.e. Permanent and Immediate) in a beneficial way may allow your IT team to better serve the business.

In the next blog “How can my company benefit from Flexible NetFlow?” I will discuss how the IT team may take advantage of the different caches.

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter

What’s so Flexible about Flexible NetFlow?
Flexible NetFlow is basically an extension of NetFlow v9.   Cisco believes that Flexible NetFlow provides enhanced optimization, reduces costs and improves capacity planning and security detection beyond traditional flow technologies.  I understand this is pretty vague so, lets dig a little deeper. Read more »

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter

Ok, I found something I wouldn’t wish on my worst enemy…

In an earlier blog, I had posted about inadvertently getting some kind of trojan that was spamming me with irrelevant pop-ups and affecting my laptop performance.  I had run Spybot over and over again and it kept finding a trojan called VUNDO.
Let me tell you guys, this thing is a pain in the neck!!!  It’s surprising to see how many people get this stupid thing and posted in desperation asking how to remove VUNDO.  It was really aggravating to see companies reply to their posts, trying to peddle their malware detectors and offer no helpful suggestions.
It really does help me put my job as a software engineer in perspective.

“Help the customer first…”

So here’s help for those who may get this trojan on their system.

First of all, with this variation that I got, no spyware removal software could delete it.  This little baby will create a random named .dll file in your system32 folder; but to add more frustration it runs under the explorer.exe process.   If you try to manually delete the .dll file, it will say it is in use. So any software that says it removed the trojan is only half right. The software will delete the registry key, but after it is deleted, the .dll will just put it back in again.  So if you want to do anything right, just do it yourself.

Here’s 2 applications that I found that are just wonderful to remove this trojan.

Process Explorer:

This application is great! It basically told me which files are being used by which processes. It helped me figure out that this .dll file was truly locked by explorer.exe. But not only that, it allowed me to suspend the explorer.exe process, without crashing my Windows session so that I could do the next step:

Autoruns:

This beauty of an application allowed me to browse all the startup registry keys, it’s like msconfig on sterioids. This was extremely handy because I could see all the keys that were using that .dll file as a source and I just deleted them. So now that the keys were deleted, all I had to do was reboot my laptop and go into the system32 folder and delete that .dll file, which was no longer being used by the explorer.exe process.

So now I have no problems and no VUNDO…booyah.

-Nate

Whether your idea of a happy holiday is wiring temperature sensors to air ducts, catching viruses on coworker’s workstations, or sharing yuletide sentiments with family and friends, we can all agree on one thing; seeing your face plastered on a dancing elf is simply hilarious.

Thanks to the fine folks at Office Max and Elf Yourself, a few members of the team here at Plixer International will forever have the joy of living down this fine video. And so I ask, “where would be the inherent joy in said motion picture if it were not shared beyond these most hallowed walls?”

So, it is with the spirit of giving, rivaled only by that of good old Saint Nicolas, that we make available to the masses the Plixer International Elf Yourself video.

Enjoy!

Jon Mills
Marketing & Public Relations Manager
Follow Me On Twitter

We have been asked many times why the Flow Analytics module for Scrutinizer can only be installed by Plixer Technical Support engineers.

Well, it can be a simple and painless process, with the actual file download being the lengthiest step.  Or, with large networks, it can be near to a nightmare configuring the algorithms to complete in the time allotted.

Read more »

Have you ever been drilling in on a host in your NetFlow or sFlow analyzer hoping to get the kind of juicy details you get with a packet analyzer like Wireshark?  If so, you have felt the disappointment that comes about when the details simply aren’t there.   Why does this happen and what can be done about it?

The Limitations of NetFlow
NetFlow is an aggregation of traffic.  For example, if my PC sends 800 packets to John’s PC and John’s PC sends 20 back to me.  This becomes two flows.  A single NetFlow v5 packet can contain up to 30 flows (NetFlow v9 contains up to 24).    It is easy to understand how a single NetFlow UDP datagram can represent over a dozen hosts communicating over the network with thousands of packets.   NetFlows aggregation is pretty good.  Alas, it has short comings as well.

What is in NetFlow v5
Because of NetFlow’s aggregation, we only get a few details.  For   example:

* Source and Destination Interfaces
* Source and Destination Ports
* Source and Destination Autonomous System
* Source and Destination Address Prefix Mask
* Protocol (UDP, TCP, etc.)
* Total Packets, Total Octets
* Start and end times of the flow
* TCP flags
* ToS (i.e. for DSCP)
See more on V5 & V9  NetFlow packet formats

Compare NetFlow to Wireshark

Q: What if you want the raw packets like you get in Wireshark.  Can you get the details to and from a host using NetFlow?
A: You can’t get all of the same details but, if you are using Scrutinizer NetFlow & sFlow Analyzer you can get a list of all the flows to and from the host as shown below. This is about as good as it gets with NetFlow and Scrutinizer can do it.

This is just the beginning of what it takes to display NetFlow in HD (High Definition).

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter