Wednesday, March 23, 2011

SolarWinds Orion Part 3 - Netflow

Basic interface monitoring on SNMP probably only get you some bandwidth utilization rate. But it won't give further insights and break-down on the network applications, like which is the most talkative applications? Which node generate the most traffic? To gain deeper insights, you have to enable netflow monitoring on the routers and use a netflow management console (e.g. Solarwinds Netflow module known as "Netflow Traffic Analyzer") to view the reports.

To enable netflow on the managed node:
Choose a netflow version (either 5 or 9) depending on your netflow console support. Solarwinds supports both versions
(config)# ip flow-export version 9
Send the netflow traffic to your netflow server's IP address and designated port no. VRF is optional but we use it for Out-of-band monitoring(config)# ip flow-export destination 1055 vrf vrf-name
Choose an interface that should report to the netflow server(config)# ip flow-export source interface-name
On the interfaces that you want to monitor. Add these commands at the interface level.(config-if)# ip flow ingress
(config-if)# ip flow egress

The above example is to monitor all traffic entering and leaving the interface. If you wish to monitor a specific flow, you can replace the above with Cisco Flexible Netflow (click on example). For Juniper J-flow configuration, refer to this example.

Login to your netflow server console and you should see netflow messages saying that new netflow information are being recieved and added automatically. If it doesn't, you have to ensure that the node and interfaces have been added to the Orion core. Leave it running for some time and you should start seeing detailed graphs.

No comments:

Post a Comment