Viavi Observer GigaStor NetFlow Support

One of the things that I really like about my position as a Technical Support Representative is that I often work with customers who show me NetFlow configurations on vendor devices that I didn’t know support NetFlow as a monitoring protocol. Plixer’s NetFlow collector has seen it all and helping other vendors without a doubt keeps us on our toes. Last week I had the opportunity to work with a customer who wanted to get more visibility out of his Viavi Observer GigaStor deployment.

What is Viavi Observer GigaStor?

The Viavi Observer Platform is a full-service solution for retrospective network analysis. You can literally hit rewind to go “back in time” and review past network activity. This solution can  take you to the exact moment a problem  occurred and display the detailed packet-level views before, during, and after an incident.

Being an integral part of the Observer Platform, the GigaStor probe plays a key role in creating IT management solutions for complex transaction-heavy environments. It works well in tandem with Observer Apex™, Observer Analyzer, and Observer SightOps™, as well as third-party solutions.

As a matter of fact, the Viavi Observer platform virtually eliminates all analysis traffic from the network. This results in a 97% reduction in overhead and bandwidth, as well as an increase in scalability. Users also  get the ability to add more visibility points without impacting network traffic or the ability to process from a single console.

With that said, Viavi Observer GigaStor probe is  a great solution for troubleshooting, security, and compliance. Among the benefits that the solution offers are

• Post-event packet storage to more than a petabyte
• High-speed data captures on fully saturated links for complete data collection
• Exclusive Gen2™ packet-capture technology
• Exportation of captures to security devices, compliance tools, and other network analyzers
• Tracking of bandwidth utilization, network Top Talkers, application metrics and even VoIP quality statistics.

How do you configure NetFlow?

Using the NetFlow Agent, the Viavi Observer GigaStor probe has the ability to publish any NetFlow flows generated by its network adapter. The probe generates the flows adhering to the Cisco NetFlow v9 standards and sends them to a NetFlow collector for further analysis.

Here’s how you can set up Viavi Observer GigaStor NetFlow configuration:

1. Select Capture > GigaStor Control Panel. To open the GigaStor Settings dialog, click the Settings button.
2. Navigate to the NetFlow Agent tab and choose the Enable NetFlow Agent option.
3. Then click Add and enter the IP address of the system with your NetFlow collector in the Destinations section. Port 9996 is used for NetFlow by default.
4. Next you can enable the various data outputs and select how frequently you want the template published (the fixed collection interval is 15 seconds). The GigaStor deployment is now configured to publish NetFlow records to your NetFlow collector.
5. Finally, if you’d like to view the NetFlow records in the GigaStor Control Panel, navigate to File > Load and Analyze Observer Capture Buffer. Then find the buffer file you want and open it. As it opens to the Decode and Analysis tab, select the Decode tab and search the buffer for the records that you might be interested in.

The picture below shows how Observer displays captured NetFlow records and what the NetFlow templates format is for that record:

Now that the  Gigastor is sending flows, our NetFlow collector, Scrutinizer will automatically pick up on the data and start reporting on it. You can also design you own report templates with Scrutinizer’s report designer. If you’d like to learn  more about the Viavi Observer GigaStor NetFlow reporting or need any help setting it up please give us a call.