manageengine netflow analyzer - an insight
DESCRIPTION
This video highlights some valuable features of the product in its latest edition. Some screenshots have been added for the benefit of the viewers to get the look and feel of our product.TRANSCRIPT
NetFlow Analyzer
Version 9 – Build 9000
Training
Product Introduction
• Powerful traffic analysis and network forensic tool
• All-software solution - requires no hardware probes
• Provides in-depth visibility into network traffic and its patterns
• Multiple Monitoring Technologies in a single solution• NetFlow, sFlow, IPFIX, etc – All Major Flow Formats Supported• CBQoS Monitoring for Validating QoS Policies• Cisco NBAR support – SNMP and Flexible NetFlow• Cisco IP SLA - VoIP & WAN RTT• Cisco WAAS (Wide Area Application Services) • Flow based security analytics
2
Why NFA
• Reports on Network Bandwidth usage– Traffic– Applications, Conversations, Port, Protocol– DSCP based QoS, ToS, NextHop, TCP Flags
• Class Based QoS Traffic Analysis – Validate QoS Policies• Deep-Packet Inspection for Layer7 traffic visibility• Cisco IPSLA to verify network quality and performance• Flow based security analytics• Cisco WAAS monitoring• Centralized monitoring console for entire network traffic• Multiple Monitoring Technologies – Single Product
3
How NFA Works
4
Traffic
NetFlow Enabled Router
NetFlow Analyzer
UDP NetFlowExport
Packets
NFA Web GUI
Export Packets• Approximately 1500 bytes• Typically contain 20-50 flow
records• Sent more frequently if traffic
increases on NetFlow-enabled interfaces
Features • Traffic Analysis• Network Forensics• Network Planning• IP Accounting• IPv6 (Preliminary Support)• Enhanced Cisco ASA NetFlow support• WAAS (Wide Area Application Services) monitoring • Cisco NBAR report• Reporting on Cisco CBQoS• Usage Based Billing• Capacity Planning and Application Growth Report• Flow based security analytics • Cisco IPSLA (VOIP & WAN RTT)
5
Key Features
Traffic Analysis• Visualize traffic patterns with real time graphs • View detailed time based network data
6
Who When
Where What
Top Sources and related Conversation reports
Ranging from
last minute to forever
Top destinations and related Conversation
reportsTop Applications and
protocol reports
Key Features
Network Forensics
7
Conversation Awareness Ability to examine packets and their numerous fields in
detail, so that unauthorized and hostile activity can be traced and analyzed.
Conversations and Interfaces Knowing the source IP addresses of conversations and their inbound and outbound interfaces is critical to tracking and understanding unusual behavior.
Key Features
Network Planning
8
Key Features
IP Accounting
• Identify department wise bandwidth usage• Advanced IP group classification engine• Group based on IP, Application and DSCP• Separate view for each entity
9
IPv6 Support
• Preliminary support for IPv6 Address reporting• Support for IPv6 conversations in raw NetFlow data• Future ready network monitoring• Enhancements will be done based on customer demand
Key Features
Key Features
Enhanced Cisco ASA NetFlow
• ASA NetFlow support to see Pre and Post NAT details• Original and Mapped IP Addresses shown in Conversations• View NSEL Event details – Flow creation, denied or teardown
WAAS (Wide Area Application Services) monitoring
• In depth visibility in optimization on WAN Applications.
• Reports on complete distribution of applications optimized by any WAE.
• Allows to compare with NetFlow application reports
Key Features
Reports in NetFlow Analyzer
Reports in NetFlow Analyzer
Traffic ReportsTroubleshoot ReportsConsolidated ReportsCompare ReportsSearch Report Schedule of Reports
Traffic Reports
• The Traffic tab shows real-time traffic graphs for incoming and outgoing traffic.
• 1 minute, 5 minute or 15 minute averages available. • Traffic graphs for an interface and IP group.• Can view the graph in terms of volume of traffic, speed, link
utilization, and number of packets received• Ability to select the needed time periods.
Reports in NetFlow Analyzer
Troubleshoot Reports
• Detailed information of conversation happened in a particular time interval can be obtained from ‘Troubleshoot’ report
• ‘Troubleshoot’ reports is taken directly from raw data
• Used for in-depth troubleshooting of network.
Reports in NetFlow Analyzer
Consolidated Reports
• Available for device, interface and IP Groups• Lists the traffic graph for a selected interface or IP group with
the top 10 Applications, Source and Destination for IN and OUT directions.
• Device consolidated Report lists traffic graph with Top Interfaces based on Utilization and Speed, Top Application, Protocol, Source, Destination, Conversation, DSCP, etc. for a device.
• Report generated from Aggregated data.
Reports in NetFlow AnalyzerInterface/IP Group Consolidated Report
Device Consolidated Report
Reports in NetFlow Analyzer
Compare Reports
• Compare traffic pattern of interfaces and/or IP groups over different time periods or with one other.
Reports in NetFlow Analyzer
Search Report
• Search Reports lets you set several criteria and view specific reports.
• Works like ‘Troubleshoot’ report but reports are generated from aggregated data for time period more than 2 hours.
Reports in NetFlow Analyzer
Schedule of Reports
• Lets you create reports about the needed information and have it automatically emailed to you on a daily, weekly or monthly basis
• Reports can be send to multiple email addresses defined and the reports are also saved within the product for later access
• The reports for Traffic, Application, Source, Destination, Conversation, QoS, NBAR, CBQoS, etc can be scheduled.
Reports in NetFlow Analyzer
Features available with NetFlow Analyzer Professional Plus Edition
NBAR CBQoS Billing Capacity Planning
Professional Plus Features
Cisco NBAR Support – Pro Plus edition feature
• Application Recognition through Deep Packet Analysis• Allows identification of applications which use dynamic ports
as well as those using well known ports• NBAR Reporting - Via SNMP and Flexible NetFlow• Flexible NetFlow - NBAR
• Removes Requirement for SNMP Polling• NBAR data exported along with NetFlow data• Deeper Visibility than through SNMP based NBAR
22
Professional Plus Features
Cisco CBQoS Reporting – Pro Plus edition feature
• Validation of QoS Policies• For monitoring – Class based pre and post policy traffic usage– Class based drops– Class based queuing – Reports for each Match Statement
23
Professional Plus Features
Usage Based Billing – Pro Plus edition feature
• Generation of periodic bills for accounting and for charge-back.
• Useful for service providers and enterprises• Value addition to the basic need of traffic analysis and
network forensics• With no additional infrastructure cost
24
Professional Plus Features
• Trend analysis over a period of time
• Helps predict the traffic growth in your network
• Application Growth Report - time wise split of top 10 applications used
Capacity Planning – Pro Plus edition feature
Add-ons available for NetFlow Analyzer Professional / Professional Plus Edition
ASAM (Advanced Security Analytics tool) Cisco IPSLA – VOIP & WAN RTT
Add On Features
• Network anomaly detection leveraging on NetFlow data • Detect anomalies that surpass firewall and IDS• Detect anomalies by problems and problem classes for easy
understanding• Detailed forensic investigation.
Advanced Security Analytics Module (ASAM)
Add On FeaturesCisco IPSLA (VOIP & WAN RTT)
• Monitor Network performance using Cisco IPSLA• Reports on Jitter, Latency, Packet Loss, MoS .• VOIP - helps find the exact cause of VoIP issues in the
network.• WAN RTT - monitors Link Availability and Round-Trip-Time to
ensure best performance of WAN traffic .
Vertical Enhancements
Other Major Features
• Support for sampled NetFlow v5 and v9• Geo-Location Report for IP Address• User specific Customizable Dashboard• New Graphical Widgets• Network links in Google Map• SNMP V3 Support• Report Profiles• Schedule all UI reports including conversations
Benefits
• Multiple bandwidth monitoring technologies in a single product
• Leverages on the power of Cisco NetFlow, sFlow, IPFIX, NetStream, NBAR, CBQoS and IPSLA
• Delivers unmatched network forensics, troubleshooting and reporting capabilities
• All software solution - runs on Windows & Linux operating systems
• Multiple versions to suit the SMBs and large enterprises
30
Thank You