Monitoring network traffic with IP SLA and Cisco NetFlow

Posted in Denika, General, IP SLA, NetFlow, NetFlow Analyzer, Network Traffic Monitor, Scrutinizer on May 20th, 2009 by mike@plixer.com
Monitoring network traffic with IP SLA and Cisco NetFlow

As most of you know, IP SLA and Cisco NetFlow are both free features on your Cisco routers. If you are looking to somehow get a higher level status report on both, here is an idea.  Why not put both in your maps.
ipslanetflowmap1

Notice that there are two links between devices that refresh every few minutes. One link represents utilization from NetFlow and the other link represents the MOS (Mean Option Score) on the link which is helpful with VoIP traffic monitoring. The second link can be based on any SNMP value (errors, latency, jitter, etc.) and is done using the Denika plugin.

This feature is 100% web based to configure and view in our Application Performance Dashboard ‘MyView’ and can be a nice addition to your network traffic monitoring needs. Within the maps, you can click on the links to bring up a trend of the interface. This is especially useful when the link changes color based on utilization and you want to drill in for details.

Call us if you need help setting this up.

Michael Patterson
Founder and CEO

For a free 30 day trial of Scrutinizer, Download Now!

Tags: , ,

NetFlow Detective – A cold day in this dark city

Posted in Denika, General, Logalot, NetFlow, Netflow Detective, Network Traffic Analysis, Scrutinizer on March 30th, 2009 by Jimmyd

It was a cold day in March, colder than usual for this time of year. The phone rang and it was Jon telling me that his router wasn’t performing well and was having issues. They all have an issue in this city. Some are big and some are small, but they all have issues.  As for Jon, his issue was big and that’s why he called me… I’m Jimmy D, the Cisco NetFlow Detective.

His story was the same old song; everyday around a specific time, his network would slow down and the CPU on is his router would peg at 90%. He needed to know why, and fast. His company was getting ready to release a hot new piece of software and they needed the bandwidth to support it.

He had taken the first step; he was already monitoring his bandwidth with Scrutinizer. But Jon needed more. He needed to know what times his CPU utilization was high and what traffic patterns occurred during that time. If this was a perfect world, he would also be alerted when it happened.

“Let’s go get a cup of coffee.” I said.

“Jon, we can trend your CPU utilization via SNMP with Denika. We can also set up alarms and alerts in both Scrutinizer and Denika. We can also capture syslogs from the router with Logalot. All this information can be tied together to give us a better picture and possibly point out a pattern.”

“Awesome, that’s what I was looking for! Can you help me?” he replied.

“Sure Jon, I’m the NetFlow detective, that’s what I do.”

Later that day, we took some time to set up both products. I explained how the process worked and what we were looking for. I let him know that although we can store this data forever, We were specifically interested in the next 24 hours. I was positive that our culprit would strike again.

He let me know that he would call me the next day.

“Jimmy, I just got an alert!” said Jon.

“Lets look at what it said.” I asked.

It was 5:01 p.m. and I wasn’t surprised. Nasty things, like rats and bad packets, show up quickly. After a few minutes of searching, I could see a pattern and it wasn’t pretty.

“I believe that I found your issues Jon.”

I looked at the time of the CPU spikes in Denika’s SNMP reports. We then looked at the Layer 3 traffic reports within Scrutinizer. I compared the timeframes and quickly saw the traffic matched.

“We now know it is a user. So now let’s find out who it is. To do so, we can drill down through the IP addresses in Scrutinizer and find out what IP is causing the traffic. Here you go Jon, are you ready to see who is hogging your bandwidth and causing the high CPU utilization?”

In one click, I quickly resolved the top talkers and saw that it was jenny.abcorp.com.

“Oh no, that’s my girlfriend!” said Jon, “Can we tell who she was talking to?”

We quickly changed to the conversations destination and could see that she was uploading 6 gigs of information to cbacorp.com at 5 p.m. every day. Jon knew the rest of the story because it was a common one. Geek programmer meets cute Russian model who thinks he is Superman, but soon finds out that he had been taken by a pretty face. She was uploading the latest builds of their hot new software to the competitors. She was a spy.

“Thank you Jimmy, you saved our company.” said Jon.

“Don’t sweat it kid. My job is to shed some light in a dark world…”

Most of these names and happenings in this story are true. Some have been changed to protect the innocent.


Jimmy D the Netflow Detective

For a free 30 day trial of Scrutinizer, Download Now!

Join the NetFlow Developments group on LinkedIn.

Tags: , ,

NetFlow Rap – A Mix Master Mitch Production

Posted in Denika, General, NetFlow, Network Health Report, Scrutinizer, Voice Over IP Stress Test, WebNM on March 25th, 2009 by Brian
NetFlow Rap - A Mix Master Mitch Production

Plixer International is proud to present the YouTube debut of Mix Master Mitch’s first single, “NetFlow Rap”.

Enjoy! Read more »

Brian

For a free 30 day trial of Scrutinizer, Download Now!

Tags: , ,

How did Plixer get in the NetFlow business?

Posted in Denika, General, Logalot, Scrutinizer, WebNM on February 10th, 2009 by Jeff
How did Plixer get in the NetFlow business?

Does your curiosity ever extend to how Plixer International began? When the company was formed, why it was named Plixer, where the idea of the company was born?

Well, if so, then read on……
Read more »

Utilization Understated on Nortel IPFIX capable equipment, part II

Posted in Denika, General, Network Problem Resolution, Scrutinizer on January 20th, 2009 by Jeff
Utilization Understated on Nortel IPFIX capable equipment, part II

Last week I wrote about a possible internal Hash overflow issue with the Nortel hardware that could cause utilization to be understated.

This week, I’ll be discussing limitations with IPFIX on the ERS 5500 series stackable switches.
Read more »

Tags: , ,