free netflow analyzer training - diagnosing_and_troubleshooting
TRANSCRIPT
![Page 1: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/1.jpg)
Diagnosing and troubleshooting
traffic issues faster
Free training on NetFlow Analyzer: Part II
![Page 2: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/2.jpg)
Welcome to a free training onNetFlow Analyzer!
![Page 3: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/3.jpg)
Can you hear me? Can you see the presentation?
Please confirm by commenting in the chat panel.
![Page 4: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/4.jpg)
TrainerPiyushreeNetFlow Analyzer product expert
![Page 5: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/5.jpg)
Part II
Diagnosing and troubleshooting traffic issues faster
![Page 6: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/6.jpg)
Agenda
• Customizing data storage
• Customizing dashboards
• Reporting and automation
• Troubleshooting with forensics
• Traffic shaping
• Capacity planning and billing
![Page 7: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/7.jpg)
Major concerns while troubleshooting an issue
• How do I control how long data is stored for troubleshooting?
• How do I identify potential issues early and get alerted about them?
• How do I find the root cause of an issue?
• How do I troubleshoot and resolve an issue?
• How do I optimize traffic and check if my bandwidth is slowly reaching its limit?
• How do I know if I'm being overcharged by my ISP?
![Page 8: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/8.jpg)
How long data is stored for troubleshooting
![Page 9: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/9.jpg)
Customizing storage settings
Aggregated dataRaw data
One-minute data
![Page 10: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/10.jpg)
Aggregated data
Default ON
Raw data
Default OFF
Types of data storage
• Each and every detail on application, source, destination, and more
• Storage time limit (one hour to one month)• By default one day is selected
• Improve raw storage up to one year with High Perf
• Troubleshoot faster with forensics
• Stores "top 100" records for conversation by default (Up to 300 records)
• Retains data forever by default
• Capacity planning and long-termreporting
![Page 11: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/11.jpg)
Other storage settings
![Page 12: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/12.jpg)
Benefit of turning on raw data
• One-minute granularity for the most detailed traffic analysis
• Long-term storage for better root cause analysis
• Improves accuracy with each and every conversation detail
• Deeper insights for troubleshooting with forensics reports
• Real-time alerts to troubleshoot issues immediately
http://blogs.manageengine.com/product-blog/netflowanalyzer/2010/01/29/data-storage-pattern-in-netflow-analyzer.html
![Page 13: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/13.jpg)
Why you need a High Perf reporting engine database
So you can:
1. Handle huge volumes of traffic with raw data
2. Improve accuracy of traffic analysis
3. Generate insightful reports faster
4. Increase your raw data storage period up to one year
5. Follow capacity trends and troubleshoot efficiently
![Page 14: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/14.jpg)
One-minute traffic data• Interface traffic graph for any 24-hour period• Capacity planning traffic report• Compare report
Raw data• Forensics• Last 2 hour for interface snapshot graphs• Traffic details for App flow, Medianet, Multicast, AVC and ASA flow.
Aggregated data• All widgets in inventory (Application, conversation and QoS)• All interfaces and graphs, except a traffic graph for any 24-hour period• Search and custom search report• Consolidated report• Schedule report• Report profile
Data storage summary
![Page 15: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/15.jpg)
How to identify potential issues early
![Page 16: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/16.jpg)
Traffic summary dashboards
Top N applicationsDevice summary
Top N protocols Top N QoS
Top N conversations
![Page 17: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/17.jpg)
View top N traffic details from the dashboard
• Track top N details in traffic summary
• Drill down to the most consumed traffic; identify suspicious traffic
• Create new dashboards to view the details that are important to you
• Display live data in your NOC screen with auto-refresh option
![Page 18: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/18.jpg)
Proactive alerting
Link congestionUtilization % exceeds
High traffic volume Link speed is low
![Page 19: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/19.jpg)
Set alarms based on bandwidth usage
• Difference betweenalarms and events
Alarms display:• Message• Source• Category• Technician• Notes• Severity• Date/time
![Page 20: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/20.jpg)
Possible options with alarms
• Drill down to faulty router/interface from the alarm
• Note the exact time an issue occurred
• Check for traffic/application graphs
• Add notes to update the status of an alarm
• Discuss issues with team members
An alarm is raised when WAN link utilization is more than 50%
![Page 21: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/21.jpg)
How to find the root cause of an issue
![Page 22: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/22.jpg)
Easy reporting
CompareCustom search
Consolidated IP group and protocol
Forensics
![Page 23: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/23.jpg)
Drill down to any specific detail with reports
Search/custom search report
Compare report
Consolidated report
IP group consolidated report
Protocol distribution report
Bandwidth analysis reports help you:
Search specific traffic details by the associated application, protocol, host, or IP
Compare bandwidth usage at different time intervals
Track top talkers and conversations with a complete report
Visualize the combined bandwidth usage of all IP groups
View protocol-based traffic for any particular interface
![Page 24: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/24.jpg)
Save all your reports in Report Profiles
![Page 25: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/25.jpg)
Benefits of reporting
• Create criteria-based reports to identify bandwidth shortages or traffic spikes
• Automate and schedule reports at any specific time; receive notifications about reports
• Save reports and export them to PDF or CSV files to share them with upper management
• Generate historical reports to promptly diagnose bandwidth capacity
• Periodically review and optimize the usage of network bandwidth
![Page 26: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/26.jpg)
Troubleshooting with forensics
What's the root cause of a traffic spike?
![Page 27: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/27.jpg)
Benefits of forensics
• Get more granular traffic statistics using raw data
• Drill down to identify which users, applications, and protocols are consuming the most bandwidth at a specific time
• Troubleshoot accurately by defining multiple criteria to filter required traffic
• Flexibility to review historical data and find out why a particular spike was generated
![Page 28: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/28.jpg)
Real-life use case
![Page 29: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/29.jpg)
There was major network congestion and critical applications were running slowly...
![Page 30: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/30.jpg)
![Page 31: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/31.jpg)
...which affected all users connected to the network. The biggest challenge was
figuring out how to quickly resolve the issue.
Step 1: Determine which part of the network was experiencing congestionStep 2: Identify what caused the congestion. App or user or external attack?Step 3: Troubleshoot by applying policies and bring the network back up
![Page 32: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/32.jpg)
Step 1: Determine which part of the network was experiencing congestion
• Where is the congestion and is it notified to me?• Which applications were contributing to the most traffic?• What QoS precedence value was the traffic utilizing at the time?• What were the top source, destination & conversations in the network?
The dashboard immediately provided details on what was being affected.
![Page 33: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/33.jpg)
Step 2: Use forensics to identify what caused the congestion
• Which applications or users were consuming the most traffic? • What was the top conversation in the network at that time?
Forensics help locate the real cause.The issue was with a patch management upgrade that
happened on all windows server during business hours.
![Page 34: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/34.jpg)
1. Block the IP using an access control list (ACL) 2. Reduce the traffic bandwidth utilization 3. Load share the traffic with the help of Compare Reports4. Reschedule the action to occur during non-business hours
How to troubleshoot and fix the issue
![Page 35: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/35.jpg)
1. Filter out excess router traffic by blocking IP/ IP network
2. Allow certain packets and deny everything else
#1. Block the IP with an ACL
![Page 36: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/36.jpg)
1. Tweak your traffic policies with CBQoS configurations
2. Shape interface traffic and prioritize your critical applications
3. Monitor the policy change in CBQoS graphs
#2. Reduce the traffic bandwidth utilization
![Page 37: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/37.jpg)
1. Compare multiple devices across the same time period to view each one's capacity
2. Decide how much to deviate traffic on each interface/device
#3 and #4: Load share the traffic or rescheduling using Compare Reports
![Page 38: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/38.jpg)
Once the issue is resolved, generate a consolidated report to view the traffic stats.
![Page 39: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/39.jpg)
What should you do if your bandwidth is slowly reaching its limit?
![Page 40: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/40.jpg)
Capacity planning
Know immediately when you've reached your maximum capacity.
Generate short-term or long-term reports to view your network's usage trends.
Get meaningful insight into application growth, average usage, and any usage deviations.
![Page 41: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/41.jpg)
How to bill your customers correctly
![Page 42: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/42.jpg)
Billing
Measure bandwidth usage to cross-check with your ISP billing.
Generate bill plans for your customers/clients if you're an ISP.
![Page 43: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/43.jpg)
iPhone app
![Page 44: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/44.jpg)
![Page 45: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/45.jpg)
Summary
![Page 46: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/46.jpg)
Need more help?
youtube.com/netflowanalyzertechvideos
help.netflowanalyzer.com
forums.manageengine.com/netflowanalyzer
+1 (888) 720-9500 / +1 (408) 916 - 9595
![Page 47: Free Netflow analyzer training - diagnosing_and_troubleshooting](https://reader036.vdocuments.site/reader036/viewer/2022062503/5a65dea27f8b9ad02f8b496d/html5/thumbnails/47.jpg)
Q&A