Thursday, January 9, 2014

Solarwinds NetFlow Traffic Analyzer: How to: Group your NetFlow Traffic with IP Address Groups Advanced Reporting

 This is a part of my “How To” series on tackling common issues that IT Administrators deal with on a daily basis. This will include a single scenario, and how to use Solarwinds software to address these issues in a short time.

SCENARIO:

One outstanding feature that is little well known is IP Address Groups in NetFlow. IP Address Groups will allow you to group your IP Address ranges or specific IPs into a group to see what areas of the network are using what percentage of traffic. This is great for seeing what Remote Location is using the Internet Link, but this will also help in understanding your Network Performance as a whole.


WHAT INFORMATION WILL I NEED BEFORE I BEGIN?

Know your IP address Ranges or Specific IP Addresses

Before I begin I will tell you how I setup my network. The Network that I will show is my Internal Lab. IP Address range is fairly simple.
.1-.9 is reserved for Network Devices. DNS and Solarwinds Server happen to fall into this range since this was an earlier existing infrastructure which can be common with older Networks.
.10-.19 – Reserved for Servers
.20-.22 – Special Workstations
.50-.249 is Hosts
.250-.254 is Access Points.
.255 and 255.255.255.255 – Broadcast does not sound necessary, but when you have a broadcast Storm or Multicast issue, this will help later on.
8.8.8.8 and 8.8.4.4 (Google DNS) I also grabbed my Root DNS Servers to monitor DNS Traffic flow.

Adding IP Address Groups

You will need to go into Settings> NTA Settings> Manage IP Address Groups.
Select Add and add in your Ranges and create your Groups. Make sure to enable “ Enable display in Top XX IP Address Groups Resource. “  Here is a sample of what I created.

What am I seeing now:

So what does this give me?

This will give you 2 things
  1. Proper grouping of your Network Devices.
  2. A new view called the IP Address Group Page.

IP Address Group View

This view will get you the same resources the Interface Details page does, but only for the grouped devices. The information will include:
  • IP Address Group Details
  • Top Transmitters
  • Top Receivers
  • Top Applications (Ports)
  • Total Bytes Transferred
  • Top Conversations


When examining my Network, I now use IP Address Groups to see how well the Network is performing. I noticed as I set my groups that my connection to my Root DNS Servers was using more of my Internet Link than I realized. Now I can go into my DNS Configuration and see if there are any Network Improvements I can do to reduce my overall load.
Posted by at
Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)