Hello,

NTA 4.0 RC is available for all customers that are covered under maintenance.

This is a whopper of a release for NetFlow Traffic Analyzer. NTA 4.0 brings one minute granularity for all data! NTA no longer aggregates data over time. This is a big change for us and a big change for you! With this change comes some critical information that you need to take into account.

First, we are no longer storing flow data in SQL, we have developed our own Flow Storage Database that will now be responsible for the processing and storage of flow data. Secondly we have introduced web based reporting for NTA.

Pre-requisites for NTA 4.0:

• 64bit Environment is required, if you have more than one poller, make sure they are all on 64bit OS’s.
  • You will be able to install a 32bit version of NTA however it will not use the new Flow Storage Database
• NPM 10.6 is required, NPM 10.6 has the new web based reporting engine which is required for NTA 4.0
• NTA Flow Storage Database install is required and should be done before upgrading / installing NTA on the pollers.
• Connection to Orion database is required, CBQoS data and some additional low level information is still stored in this DB.

Hardware requirements for NTA 4.0

• 32Bit: (does not provide the new storage and the scalability benefits that are available on 64bits)

Same as for NTA 3.11 (it means we rely on NPM’s requirements for all components)

• 64Bit: (required to get the escalability benefits of NTA 4.0)

Poller: Same as for Orion NPM, see the Admin Guide p16.

Orion Database: Same as for Orion NPM, see the Admin Guide p16.

Flow storage Database:

• Quad core 3ghz Processor or better
• 16 Gigs of Ram and should be increased as database size increases to ensure optimal performance
• 20GB (minimum) of storage on 7200rpm disk
• About 100GB for each sustained 1000 flows/s with 30 days retention period’
• 64 bit Windows Server 2003 SP4 or newer.
• Itanium-based servers are not supported

"Where do I install the Flow Storage Database?

     The Flow Storage Database can be installed on a poller (Main or additional), it can also be installed on a remote machine or VM with in your environment. The Flow Storage Server must be installed first before upgrading or installing NTA 4.0 on your pollers. Given the overhead on CPU and Memory that capturing and processing flow data requires we are strongly recommending that you install the Flow Storage DB on a separate VM or physical machine with in your network. Local poller installations are supported but will not see same type of performance increases that are capable by running the Flow Storage Database on a dedicated machine.

FAQ about the Flow Storage Database:

Where should I install my Flow Storage Database?

• We strongly recommend a dedicated machine for the NTA Flow Storage Database, Orion/NPM performance will be improved and NTA performance will be significantly improved

Can I install the Flow Storage Database on a local poller (Main or additional)

• Yes you can install this DB on a local poller, when doing so we recommend installation on a separate partition/dedicated disk. We also recommend that this machine be on the higher end of specs. 8 cores @3GHz, 16-32gb of ram and a fast disk.

Can I install the Flow Storage Database on the Orion/NPM server that is hosting the SQL DB?

• Yes you can install the FSDB on this box, this is not recommended. If your only option is to run on this machine please ensure that the NTA FSDB is installed on a separate partition with a dedicated disk for storage. Highest end machine required for this deployment 16+ cores @3GHz, 64-128GB of ram. If you have a low number of PDU’s per second (<1k) you will not need to have a high end machine

Do I need SQL installed on the machine that the Flow Storage Database will be installed on?

• No, NTA's Flow Storage Database is not a SQL DB.

What does my physical or VM server that I will install the NTA FSDB on need to have installed?

• A 64bit Windows Server 2003 SP4 or newer.
• .NET framework 3.5sp1 and 4.0 (Included in the installer if you have not previously installed them)

Do I need to open specific ports on the Flow Storage Database server?

• Yes, it is necessary to open tcp 1433 between the new data storage and the existing SQL server, as well as tcp 17777 between each of the pollers to the new storage server.

Do I need a connection to the Orion/NPM database?

• Yes, if you are installing Flow Storage DB to dedicated machine, during the configuration wizard you will be required to enter the hostname/IP and credentials of the Orion/NPM Database, NTA requires this connection for CBQoS and other information provided by NPM

How do I determine the right amount of CPU/MEM for my Flow Storage Database?

• Type following line into command line on all of your pollers (during business hours to capture the higher load):
  typeperf "\SolarWinds NetFlow Averages\PDUs Processed per second" -sc 1
  If the total count from all pollers is less than 5k, we recommend that you have a minimum of 4 cores @3ghz for processing and 8-16GB of Ram. If that number is bigger than 5k we recommend 8 cores @3gzh for processing and 16-32GB of Ram
  Note that the value returned by this command is the average flow/sec for this poller, over the last 5 minutes

How do I determine the right amount of Storage for my Flow Storage Database?

• Reference the Average PDU’s processed per second number. If you are near 2k we recommend a minimum of 200GB of local NTFS storage for a 30 day (default) retention period. Please also take into account how much data you will be migrating from your previous SQL flow storage, you will be informed on how much space is required for the migration (if you choose to) during the configuration wizard. You can also gauge this number by running this query on your Orion SQL DB (Insert Query Here). If your average PDU’s per second processed per second are between 4k and 5k we are recommending a minimum of 0.5-1.5 Terabyte of local NTFS storage. If you are near 10k we will recommend 2-4 terabytes of local NTFS storage. If you are running a huge environment that is capturing well above 10k as in 20-45k per second you will need 4-8 terabytes of storage

Why is so much storage required?

• With one minute granularity for the entirety of the retention period the storage requirements for NTA have increased 8-10x for the same retention period when compared to previous SQL storage of flow data. However, data from SQL server will be migrated so you will get some extra free space on your SQL server.

Can I change the default retention period?

• Yes, NTA 4.0 will default the retention period to 30 days, you can change that number at any time on NTA settings page, and we have found that most customers only need 2 weeks of historical data. There are also some customers who are interested in 6months to a year for their data retention. In the future we will be providing more options to our users on how to manage the retention period as well as the database growth.

What can I do if my Flow Storage has reached capacity?

• NTA will alert you if your Flow Storage Database nears or reaches capacity, in this case we recommend that you adjust your retention period to a shorter period. If you reached capacity on day 27 of your retention period, adjust your retention period accordingly and the data will be trimmed from your DB automatically the next time the midnight maintenance runs.

Does NTA’s Flow Storage Database work with Solarwinds EoC

• There is no change in behavior for NTA in regards to EoC.

My DBA wants to know more about this Flow Storage Database, how does it work?

• The NTA Flow Storage Database is a columnar oriented database that leverages a very fast bitmap indexing technology. Data is stored in partitions that are created per few sources per day or per max size. New partitions are created daily or as necessary.

How do I access this data? I used to write SQL Queries to data mine the flow data in SQL

• Now that the flow data is being stored in our own database you can directly query the raw flow data by using the SolarWinds API which leverages our own query language, aptly titled SolarWindsQueryLanguage (SWQL)

I had written some custom reports using SQL, will those still work?

• Old custom reports have been archived for you to reference, you will need to rebuild those reports using the new web reporting interface that ships with 4.0. If you are unable to write a similar report with the new web reporting, you can always use the SolarWinds API/SWQL

How does archive and restore work with new Flow Storage Database

• Archive and restore of SQL DB has not changed, to backup and restore flow data you have to use backup and restore functions of Flow Storage DB.

Any differences in the way CBQoS data is handled?

• There is no fundamental change in the way CBQoS data is handled, between 3.x and 4.0: In both, the default polling period is 300 sec, and the CBQoS data is retained for the configured retention period.

The difference is in the displaying, because NTA 3.x was aggregating the CBQoS data consistently with the flow data, in order to provide chart consistency.

In NTA 4.0 this CBQoS aggregation has been removed in order to show as-polled data. It will therefore show more granular data than 3.x, even if the polling and retention activity remains the same as in 3.x (no dabase sizing difference due to CBQoS between 3.x and 4.0)

FAQ on Migrating Data from SQL to the new Flow Storage Database:

CanI migrate my historical Data from the SQL Flow Storage?

• Yes during the configuration wizard you can choose to migrate the historical data from SQL, this will run in parallel with new flow storage until the migration has completed.

Will my historical data from SQL be cleaned up / deleted

• Yes, as the data is migrated to the new Flow Storage Database it is deleted from the SQL database

Do I have to migrate my data from SQL to the new Flow Storage Database?

• No, you have two additional options surrounding migration. You can choose to not migrate and leave the data in the SQL DB (however this data will not be accessible from NTA after upgrade, but you can still access them directly in SQL or using dedicated evaluation NPM+NTA installation), or you can choose to not migrate and clean the data out of the SQL DB.

Can I capture new flows while migration is happening?

• Yes, the migration will run in the background until complete. The application will automatically load balance the two operations (recording flows / migrating)

FAQ on Installing a Release Candidate - RC - version of NTA 4.0

Does the RC need to be applied to the database server as well as Orion and Polling engines?

• Whether you apply an NTA 4.0 RC to NTA 3.x or to a previous NTA 4.0 RC (e.g. RC2 over RC1), the RC needs to be applied to your entire NTA environment, i.e. main poller, flow storage (only for the case of RC2 applied over RC1 ), all additional pollers and all additional websites.

I am experiencing a failure of NTA Flow Storage Configurator, what happens?

• It is a known issue of RC2, which wil be adressed in a further release. For now, Cancel it, and start the NetFlowStorageServer service manually. It just takes longer for the service to start.

Ultimate goal: Monitor all the switch ports (interfaces) in our network that connect to our MPLS WAN service to assess WAN utilization metrics.

Trigger Condition

Trigger Alert when any of the following apply

     Interface ID is equal to 1     {I wish I could add a comment here so I know what '1' refers to}

     Interface ID is equal to 161

     Interface ID is equal to 219

     Interface ID is equal to 216

     Trigger Alert when all of the following apply

          Average Xmit-Recv Percent Utilization is greater than 90

Do not trigger this action until condition exists for more than 1 seconds

Reset Condition

Same as above except Utilization is less than or equal to90

Do not reset this action until condition exists for more than 10 minutes

Trigger Actions

Send E-Mail...

General

Alert Evaluation Frequency: Check this Alert every 1 minutes

To test this Alert I tried ridiculously low numbers, but I wasn't getting the results I expected/wanted, so I decomposed it into 1 simple alert to no avail.

PROBLEM: I provide unrealistic threshold values just to test functionality but I only receive 1 email alert notification after I initially enable the Alert.

I decomposed 'Average Xmit-Recv Percent Utilization' to 'Recv Percent Utilization' and set the value to a ridiculous value of 1

The trigger condition must exist for more than 1 minute

The Reset Condition is set to the basic 'Reset when trigger conditions are no longer true'

The Alert is checked every 1 minute

Trigger actions: Send me an email (that contains...)

     Interface Full Name

     InPercentUtil

     AlertTriggerTime

     AlertTriggerCount {This inserted just to test if consecutive alerts triggered}

I'm expecting to receive a continuous flow of email traffic, but I'm not - why not?Your advice, suggestions, comments, shared misery is welcome!

Theories:

1. The utilization value reported is a snapshot in time and not a calculated valued based over a period of time

2. There is a relationship to the polling interval that I'm not considering

I am using the Flow Navigator tool to creat a Summary view and search for traffic to/from certain domains. Domains such as "pandora.com" work fine and yield results, but when I search for domains such as "neflix.com" and "hulu.com", I get the following error:

event though I have been streaming from those two domains for a good 20 minutes. Obviously, I have the domain formatted correctly, so is NTA telling me that it sees no traffic? If so, how can that be?

Thanks for any help/ This has always confused me.

Let your colleagues know how impressed you are with NTA on LinkedInand earn 300 pointsyou can use in the thwack store.  Simply go to this link, recommend NetFlow Traffic Analyzer, and then message DanielleH or email danielle.higgins@solarwinds.com with your thwack username.

Hi there,

I wonder if someone could help-- I'm pushing out V5 Netflow data from our Juniper SRX1400 using a sample rate of 100, but NTA is not accounting for the sample rate. I have to multiply all amounts by 100 to get the actual figure.

According to the changelog in NTA 3.11, this version should detect the sample rate. I certainly can't see anywhere to change it.

Any help much appreciated, this is the only blocker left to a purchase.

Thanks, Phil.

Hello,

NTA 4.0 RC is available for all customers that are covered under maintenance.

This is a whopper of a release for NetFlow Traffic Analyzer. NTA 4.0 brings one minute granularity for all data! NTA no longer aggregates data over time. This is a big change for us and a big change for you! With this change comes some critical information that you need to take into account.

First, we are no longer storing flow data in SQL, we have developed our own Flow Storage Database that will now be responsible for the processing and storage of flow data. Secondly we have introduced web based reporting for NTA.

Pre-requisites for NTA 4.0:

• 64bit Environment is required, if you have more than one poller, make sure they are all on 64bit OS’s.
  • You will be able to install a 32bit version of NTA however it will not use the new Flow Storage Database
• NPM 10.6 is required, NPM 10.6 has the new web based reporting engine which is required for NTA 4.0
• NTA Flow Storage Database install is required and should be done before upgrading / installing NTA on the pollers.
• Connection to Orion database is required, CBQoS data and some additional low level information is still stored in this DB.

Hardware requirements for NTA 4.0

• 32Bit: (does not provide the new storage and the scalability benefits that are available on 64bits)

Same as for NTA 3.11 (it means we rely on NPM’s requirements for all components)

• 64Bit: (required to get the escalability benefits of NTA 4.0)

Poller: Same as for Orion NPM, see the Admin Guide p16.

Orion Database: Same as for Orion NPM, see the Admin Guide p16.

Flow storage Database:

• Quad core 3ghz Processor or better
• 16 Gigs of Ram and should be increased as database size increases to ensure optimal performance
• 20GB (minimum) of storage on 7200rpm disk
• About 100GB for each sustained 1000 flows/s with 30 days retention period’
• 64 bit Windows Server 2003 SP4 or newer.
• Itanium-based servers are not supported

"Where do I install the Flow Storage Database?

     The Flow Storage Database can be installed on a poller (Main or additional), it can also be installed on a remote machine or VM with in your environment. The Flow Storage Server must be installed first before upgrading or installing NTA 4.0 on your pollers. Given the overhead on CPU and Memory that capturing and processing flow data requires we are strongly recommending that you install the Flow Storage DB on a separate VM or physical machine with in your network. Local poller installations are supported but will not see same type of performance increases that are capable by running the Flow Storage Database on a dedicated machine.

FAQ about the Flow Storage Database:

Where should I install my Flow Storage Database?

• We strongly recommend a dedicated machine for the NTA Flow Storage Database, Orion/NPM performance will be improved and NTA performance will be significantly improved

Can I install the Flow Storage Database on a local poller (Main or additional)

• Yes you can install this DB on a local poller, when doing so we recommend installation on a separate partition/dedicated disk. We also recommend that this machine be on the higher end of specs. 8 cores @3GHz, 16-32gb of ram and a fast disk.

Can I install the Flow Storage Database on the Orion/NPM server that is hosting the SQL DB?

• Yes you can install the FSDB on this box, this is not recommended. If your only option is to run on this machine please ensure that the NTA FSDB is installed on a separate partition with a dedicated disk for storage. Highest end machine required for this deployment 16+ cores @3GHz, 64-128GB of ram. If you have a low number of PDU’s per second (<1k) you will not need to have a high end machine

Do I need SQL installed on the machine that the Flow Storage Database will be installed on?

• No, NTA's Flow Storage Database is not a SQL DB.

What does my physical or VM server that I will install the NTA FSDB on need to have installed?

• A 64bit Windows Server 2003 SP4 or newer.
• .NET framework 3.5sp1 and 4.0 (Included in the installer if you have not previously installed them)

Do I need to open specific ports on the Flow Storage Database server?

• Yes, it is necessary to open tcp 1433 between the new data storage and the existing SQL server, as well as tcp 17777 between each of the pollers to the new storage server.

Do I need a connection to the Orion/NPM database?

• Yes, if you are installing Flow Storage DB to dedicated machine, during the configuration wizard you will be required to enter the hostname/IP and credentials of the Orion/NPM Database, NTA requires this connection for CBQoS and other information provided by NPM

How do I determine the right amount of CPU/MEM for my Flow Storage Database?

• Type following line into command line on all of your pollers (during business hours to capture the higher load):
  typeperf "\SolarWinds NetFlow Averages\PDUs Processed per second" -sc 1
  If the total count from all pollers is less than 5k, we recommend that you have a minimum of 4 cores @3ghz for processing and 8-16GB of Ram. If that number is bigger than 5k we recommend 8 cores @3gzh for processing and 16-32GB of Ram
  Note that the value returned by this command is the average flow/sec for this poller, over the last 5 minutes

How do I determine the right amount of Storage for my NTA 4.0 Flow Storage Database, based on the amount of flows per sec?

• Reference the Average PDU’s processed per second number (see above). If you are near 2k we recommend a minimum of 200GB of local NTFS storage for a 30 day (default) retention period. Please also take into account how much data you will be migrating from your previous SQL flow storage, you will be informed on how much space is required for the migration (if you choose to) during the configuration wizard. You can also gauge this number by running this query on your Orion SQL DB (Insert Query Here). If your average PDU’s per second processed per second are between 4k and 5k we are recommending a minimum of 0.5-1.5 Terabyte of local NTFS storage. If you are near 10k we will recommend 2-4 terabytes of local NTFS storage. If you are running a huge environment that is capturing well above 10k as in 20-45k per second you will need 4-8 terabytes of storage

How do I determine the right amount of Storage for my NTA 4.0 Flow Storage Database, based on the my NTA 3.x usage?

• This procedures applies to customers activelly using NTA 3.x
• Run the below script. The result should look like this:

• This is the *estimated* size (in GB) required by the NTA 4.0 FSDB, after upgrade from 3.x and for the currently configured retention period (default=30 days), assuming the flow pattern remains similar to what it is in NTA 3.x.
• Note: This size is calculated based on lasthour activity, so there can be significant variations, as the last hour may not reflect longer periods of time. We recommend customers to use this as a general guideline and perform their own testing in their own environment.

Why is so much storage required?

• With one minute granularity for the entirety of the retention period the storage requirements for NTA have increased 8-10x for the same retention period when compared to previous SQL storage of flow data. However, data from SQL server will be migrated so you will get some extra free space on your SQL server.

Can I change the default retention period?

• Yes, NTA 4.0 will default the retention period to 30 days, you can change that number at any time on NTA settings page, and we have found that most customers only need 2 weeks of historical data. There are also some customers who are interested in 6months to a year for their data retention. In the future we will be providing more options to our users on how to manage the retention period as well as the database growth.

What can I do if my Flow Storage has reached capacity?

• NTA will alert you if your Flow Storage Database nears or reaches capacity, in this case we recommend that you adjust your retention period to a shorter period. If you reached capacity on day 27 of your retention period, adjust your retention period accordingly and the data will be trimmed from your DB automatically the next time the midnight maintenance runs.

Does NTA’s Flow Storage Database work with SolarWinds EoC

• NTA 4.0 is supported by SolarWinds EOC – Enterprise Operations Console. (no change compared to NTA 3.x)

How do I set up redundancy for the NTA Flow Storage database Server?

• There are no specific requirements for ensuring redundancy of your NTA Flow Storage; you can use a distributed file system, leverage network attached storage, or use VM Ware High Availability. If redundancy is required for your NTA Flow Storage, please check with your server or systems team on how to best solve this for your specific environment.
  SolarWinds' FoE (Fail Over Engine) does not handle the NTA databases (neither SQL nor FSDB). However, NTA 4.0 provides a mean to manually or periodically (scheduled) backup the FSDB database.

My DBA wants to know more about this Flow Storage Database, how does it work?

• The NTA Flow Storage Database is a columnar oriented database that leverages a very fast bitmap indexing technology. Data is stored in partitions that are created per few sources per day or per max size. New partitions are created daily or as necessary.

How do I access this data? I used to write SQL Queries to data mine the flow data in SQL

• Now that the flow data is being stored in our own database you can directly query the raw flow data by using the SolarWinds API which leverages our own query language, aptly titled SolarWindsQueryLanguage (SWQL)

I had written some custom reports using SQL, will those still work?

• Old custom reports have been archived for you to reference, you will need to rebuild those reports using the new web reporting interface that ships with 4.0. If you are unable to write a similar report with the new web reporting, you can always use the SolarWinds API/SWQL

How does archive and restore work with new Flow Storage Database

• Archive and restore of SQL DB has not changed, to backup and restore flow data you have to use backup and restore functions of Flow Storage DB.

Any differences in the way CBQoS data is handled?

• There is no fundamental change in the way CBQoS data is handled, between 3.x and 4.0: In both, the default polling period is 300 sec, and the CBQoS data is retained for the configured retention period.

The difference is in the displaying, because NTA 3.x was aggregating the CBQoS data consistently with the flow data, in order to provide chart consistency.

In NTA 4.0 this CBQoS aggregation has been removed in order to show as-polled data. It will therefore show more granular data than 3.x, even if the polling and retention activity remains the same as in 3.x (no dabase sizing difference due to CBQoS between 3.x and 4.0)

FAQ on Migrating Data from SQL to the new Flow Storage Database:

CanI migrate my historical Data from the SQL Flow Storage?

• Yes during the configuration wizard you can choose to migrate the historical data from SQL, this will run in parallel with new flow storage until the migration has completed.

Will my historical data from SQL be cleaned up / deleted

• Yes, as the data is migrated to the new Flow Storage Database it is deleted from the SQL database

Do I have to migrate my data from SQL to the new Flow Storage Database?

• No, you have two additional options surrounding migration. You can choose to not migrate and leave the data in the SQL DB (however this data will not be accessible from NTA after upgrade, but you can still access them directly in SQL or using dedicated evaluation NPM+NTA installation), or you can choose to not migrate and clean the data out of the SQL DB.

Can I capture new flows while migration is happening?

• Yes, the migration will run in the background until complete. The application will automatically load balance the two operations (recording flows / migrating)

FAQ on Installing a Release Candidate - RC - version of NTA 4.0

Does the RC need to be applied to the database server as well as Orion and Polling engines?

• Whether you apply an NTA 4.0 RC to NTA 3.x or to a previous NTA 4.0 RC (e.g. RC2 over RC1), the RC needs to be applied to your entire NTA environment, i.e. main poller, flow storage (only for the case of RC2 applied over RC1 ), all additional pollers and all additional websites.

I am experiencing a failure of NTA Flow Storage Configurator, what happens?

• It is a known issue of RC2, which wil be adressed in a further release. For now, Cancel it, and start the NetFlowStorageServer service manually. It just takes longer for the service to start.

Hi,

My fortigate 110C has version 5.0 build 147

NTA version 3.11

I configured to push flows from WAN interface of firewall to Solarwind, but in NTA it show up "never receive flow"

I install wireshark to monitor the NIC in Server and I can see the flows from Fortigate. Other netflow sources are OK.

I do a search, some said that the problem is in the OS ver 4.0, but mine is 5.0.

What wrong with me? Please give me some advices

Thanks a lot!!!

Hi there,

I wonder if someone could help-- I'm pushing out V5 Netflow data from our Juniper SRX1400 using a sample rate of 100, but NTA is not accounting for the sample rate. I have to multiply all amounts by 100 to get the actual figure.

According to the changelog in NTA 3.11, this version should detect the sample rate. I certainly can't see anywhere to change it.

Any help much appreciated, this is the only blocker left to a purchase.

Thanks, Phil.

We have this 6509 in a high school and it stopped sending netflow since Oct. 14. Hopefully some one can help me to troubleshoot it to see why.

I have captured the following pieces to go through the netflow settings on this switch. Let me know if I need to provide additional information.

When I telnet to 10.x.254.1 and did "show ip flow export"

Flow export is enabled

  Exporting flows to 10.1.1.248 (2055)

  Exporting using source interface Vlan254

  Version 5 flow records

  24422797 flows exported in 987830 udp datagrams

  0 flows failed due to lack of export packet

  0 export packets were sent up to process level

  0 export packets were dropped due to no fib

  0 export packets were dropped due to adjacency issues

  0 export packets were dropped due to fragmentation failures

  0 export packets were dropped due to encapsulation fixup failures

  0 export packets were dropped enqueuing for the RP

  0 export packets were dropped due to IPC rate limiting

"show ver"...

Cisco Internetwork Operating System Software

IOS (tm) MSFC2 Software (C6MSFC2-DSV-M), Version 12.1(26)E9, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by cisco Systems, Inc.

Compiled Sat 11-Aug-07 07:37 by hqluong

Image text-base: 0x40008F90, data-base: 0x41AC0000

ROM: System Bootstrap, Version 12.1(4r)E, RELEASE SOFTWARE (fc1)

BOOTLDR: MSFC2 Software (C6MSFC2-DSV-M), Version 12.1(26)E9, RELEASE SOFTWARE (fc1)

CLHS-B2R102M-6509MSFC uptime is 16 weeks, 5 days, 23 hours, 4 minutes

System returned to ROM by power-on

System restarted at 14:55:25 edt Fri Jul 19 2013

System image file is "bootflash:c6msfc2-dsv-mz.121-26.E9.bin"

cisco MSFC2 (R7000) processor with 114688K/16384K bytes of memory.

Processor board ID SAD052902NE

R7000 CPU at 300Mhz, Implementation 39, Rev 2.1, 256KB L2, 1024KB L3 Cache

Last reset from power-on

Bridging software.

X.25 software, Version 3.0.0.

31 Virtual Ethernet/IEEE 802.3  interface(s)

509K bytes of non-volatile configuration memory.

16384K bytes of Flash internal SIMM (Sector size 512K).

Configuration register is 0x102

"show boot"...

BOOT variable = bootflash:c6msfc2-dsv-mz.121-26.E9.bin,1
CONFIG_FILE variable =
BOOTLDR variable =
Configuration register is 0x102

-------------------------------------------------------------------------------------------------------------------------------------------

When I telnet to 10.x.254.5 and did "show mls nde"...

Netflow Data Export version: 7  (**this is the only version available to choose from)

Netflow Data Export enabled

Netflow Data Export configured for port 2055 on host 10.1.1.248

Destination port filter is 2055

Filter type: include

Total packets exported = 7152

"Show ver"...

WS-C6509 Software, Version NmpSW: 6.4(21)

Copyright (c) 1995-2006 by Cisco Systems

NMP S/W compiled on Feb 16 2006, 16:53:21

System Bootstrap Version: 5.3(1)

System Web Interface Version: Engine Version: 5.3.4 ADP Device: Cat6000 ADP Version: 1.9 ADK: 40

Hardware Version: 2.0  Model: WS-C6509  Serial #: SCA0504021Q

PS1  Module: WS-CAC-1300W    Serial #: SON04503284

PS2  Module: WS-CAC-1300W    Serial #: SON04512899

Mod Port Model               Serial #    Versions

--- ---- ------------------- ----------- --------------------------------------

1   2    WS-X6K-SUP1A-2GE    SAD052904DE Hw : 7.0

                                         Fw : 5.3(1)

                                         Fw1: 5.4(2)

                                         Sw : 6.4(21)

                                         Sw1: 6.4(21)

         WS-F6K-PFC          SAD052803N1 Hw : 1.1

3   16   WS-X6416-GBIC       SAL06468LUC Hw : 2.5

                                         Fw : 5.4(2)

                                         Sw : 6.4(21)

4   48   WS-X6348-RJ-45      SAL0501147V Hw : 1.9

                                         Fw : 5.4(2)

                                         Sw : 6.4(21)

5   48   WS-X6348-RJ-45      SAL05084HYG Hw : 2.0

                                         Fw : 5.4(2)

                                         Sw : 6.4(21)

6   48   WS-X6348-RJ-45      SAL0539C5GM Hw : 5.0

                                         Fw : 5.4(2)

                                         Sw : 6.4(21)

15  1    WS-F6K-MSFC2        SAD052902NE Hw : 1.2

                                         Fw : 12.1(26)E9

                                         Sw : 12.1(26)E9

       DRAM                    FLASH                   NVRAM

Module Total   Used    Free    Total   Used    Free    Total Used  Free

------ ------- ------- ------- ------- ------- ------- ----- ----- -----

1       65408K  53566K  11842K  16384K  15481K    903K  512K  329K  183K

"show boot"...

BOOT variable = bootflash:cat6000-supcv.6-4-21.bin,1;
CONFIG_FILE variable = slot0:switch.cfg

Configuration register is 0x2102
ignore-config: disabled
auto-config: non-recurring, overwrite, sync disabled
ROMMON console baud: 9600
boot: image specified by the boot system commands

Trying to find out why it stopped exporting, and I am having difficult time to understand from iOS and CatOS on the same core switch.

According to "show ip flow export" from 10.x.254.1, the source is vlan254 and port 4/2 is set for vlan254

CLHS-B2R102M-6509CA> (enable) show port 4/2
Port  Name                 Status     Vlan       Duplex Speed Type
----- -------------------- ---------- ---------- ------ ----- ------------
4/2  -BHN MetroEthernet - connected  254          full   100 10/100BaseTX

Port  AuxiliaryVlan AuxVlan-Status     InlinePowered     PowerAllocated
                                   Admin Oper   Detected mWatt mA @42V
----- ------------- -------------- ----- ------ -------- ----- --------
4/2  none          none           -     -      -        -     -

Port  Security Violation Shutdown-Time Age-Time Max-Addr Trap     IfIndex
----- -------- --------- ------------- -------- -------- -------- -------
4/2  disabled  shutdown             0        0        1 disabled      25

Port  Num-Addr Secure-Src-Addr   Age-Left Last-Src-Addr     Shutdown/Time-Left
----- -------- ----------------- -------- ----------------- ------------------
4/2         0                 -        -                 -        -         -

Port     Broadcast-Limit Multicast Unicast Total-Drop
-------- --------------- --------- ------- --------------------
4/2                   -         -       -                    0

Port  Send FlowControl  Receive FlowControl   RxPause    TxPause
      admin    oper     admin     oper
----- -------- -------- --------- ---------   ---------- ----------
4/2  off      off      off       off         0          0         

Port  Status     Channel              Admin Ch
                 Mode                 Group Id
----- ---------- -------------------- ----- -----
4/2  connected  off                     74     0

Port  Align-Err  FCS-Err    Xmit-Err   Rcv-Err    UnderSize
----- ---------- ---------- ---------- ---------- ---------
4/2           0          0          0          0         0

Port  Single-Col Multi-Coll Late-Coll  Excess-Col Carri-Sen Runts     Giants
----- ---------- ---------- ---------- ---------- --------- --------- ---------
4/2           0          0          0          0         0         0         0

Port  Last-Time-Cleared
----- --------------------------
4/2  Fri Jul 19 2013, 14:54:44

When doing "show cdp nei 4/2"....which is up-linked with neighbor school.

Port     Device-ID                       Port-ID                   Platform
-------- ------------------------------- ------------------------- ------------
4/2     CK8S-B4R104A-3825.cisco.osceola GigabitEthernet0/1        Cisco 3825

checking on running-config for module 4...

CLHS-B2R102M-6509CA> (enable) show running-config 4

This command shows non-default configurations only.

Use 'show config <mod> all' to show both default and non-default configurations.

....................

begin

!

# ***** NON-DEFAULT CONFIGURATION *****

!

!

#time: Thu Nov 14 2013, 13:54:30 EST

!

# default port status is enable

!

!

#module 4 : 48-port 10/100BaseTX Ethernet

set vlan 5    4/41-48

set vlan 20   4/3-12,4/14-29

set vlan 172  4/1

set vlan 245  4/39

set vlan 252  4/38,4/40

set vlan 253  4/13,4/30-37

set vlan 254  4/2

set port speed      4/1-2,4/13,4/37-48  100

set port duplex     4/1-2,4/13,4/37-48  full

set port name       4/1  -B2R102M-3825-

set port name       4/2  -BHN MetroEthernet -  (**this is the connection to CK8S with ISP)

set port name       4/30 -AVSafari IP:50-

set port name       4/31 -AVMedia-

set port name       4/32 -AVMedia-

set port name       4/33 -AVMedia-

set port name       4/34 -AVMedia-

set port name       4/35 -AVMedia-

set port name       4/36 -AVMedia-

set port name       4/37 -AVLantronx IP:5-

set port name       4/38 -FacilHVAC IP:53-

set port name       4/39 -UPS IP:20-

set port name       4/40 - APC-Cooler -

set port name       4/41 -APPS HB IP:-

set port name       4/42 -VMHOST1 HB IP:-

set port name       4/43 -VMHOST2 HB IP:-

set port name       4/44 -FS HB IP:-

set port name       4/45 -APPS iLO IP:-

set port name       4/46 -VMHOST1 iLO IP:121-

set port name       4/47 -VMHOST2 iLO IP:122-

set port name       4/48 -FS iLO IP:115-

set trunk 4/1  off negotiate 1-1005,1025-4094

set trunk 4/2  off negotiate 1-1005,1025-4094

set trunk 4/3  off negotiate 1-1005,1025-4094

set trunk 4/4  off negotiate 1-1005,1025-4094

set trunk 4/5  off negotiate 1-1005,1025-4094

set trunk 4/6  off negotiate 1-1005,1025-4094

set trunk 4/7  off negotiate 1-1005,1025-4094

set trunk 4/8  off negotiate 1-1005,1025-4094

set trunk 4/9  off negotiate 1-1005,1025-4094

set trunk 4/10 off negotiate 1-1005,1025-4094

set trunk 4/11 off negotiate 1-1005,1025-4094

set trunk 4/12 off negotiate 1-1005,1025-4094

set trunk 4/13 off negotiate 1-1005,1025-4094

set trunk 4/14 off negotiate 1-1005,1025-4094

set trunk 4/15 off negotiate 1-1005,1025-4094

set trunk 4/16 off negotiate 1-1005,1025-4094

set trunk 4/17 off negotiate 1-1005,1025-4094

set trunk 4/18 off negotiate 1-1005,1025-4094

set trunk 4/19 off negotiate 1-1005,1025-4094

set trunk 4/20 off negotiate 1-1005,1025-4094

set trunk 4/21 off negotiate 1-1005,1025-4094

set trunk 4/22 off negotiate 1-1005,1025-4094

set trunk 4/23 off negotiate 1-1005,1025-4094

set trunk 4/24 off negotiate 1-1005,1025-4094

set trunk 4/25 off negotiate 1-1005,1025-4094

set trunk 4/26 off negotiate 1-1005,1025-4094

set trunk 4/27 off negotiate 1-1005,1025-4094

set trunk 4/28 off negotiate 1-1005,1025-4094

set trunk 4/29 off negotiate 1-1005,1025-4094

set trunk 4/30 off negotiate 1-1005,1025-4094

set trunk 4/31 off negotiate 1-1005,1025-4094

set trunk 4/32 off negotiate 1-1005,1025-4094

set trunk 4/33 off negotiate 1-1005,1025-4094

set trunk 4/34 off negotiate 1-1005,1025-4094

set trunk 4/35 off negotiate 1-1005,1025-4094

set trunk 4/36 off negotiate 1-1005,1025-4094

set trunk 4/37 off negotiate 1-1005,1025-4094

set trunk 4/38 off negotiate 1-1005,1025-4094

set trunk 4/39 off negotiate 1-1005,1025-4094

set trunk 4/40 off negotiate 1-1005,1025-4094

set trunk 4/41 off negotiate 1-1005,1025-4094

set trunk 4/42 off negotiate 1-1005,1025-4094

set trunk 4/43 off negotiate 1-1005,1025-4094

set trunk 4/44 off negotiate 1-1005,1025-4094

set trunk 4/45 off negotiate 1-1005,1025-4094

set trunk 4/46 off negotiate 1-1005,1025-4094

set trunk 4/47 off negotiate 1-1005,1025-4094

set trunk 4/48 off negotiate 1-1005,1025-4094

set spantree portfast    4/1,4/3-48 enable

set port qos 4/1-48 trust trust-cos

set qos acl map ACL_IP-TRUSTDSCP 4/1-48

set port channel 4/1-48 mode off

end

Hope some one can help me to spot where the problem is or guide me to what to look for.

Hi there,

i am new to SolarWinds product.

I currently installed NPM and NTA and import some interfaces to the server.

I can find the NetFlow traffic perfectly OK on NTA except in "NetFlow Sources", which shows 0.0 bps in both the "TRAFFIC IN" and "TRAFFIC OUT" column.

Would someone please help?

Thanks.

Last week, I asked in an ambassador post, “Would you automate QoS policy based on real-time flow data?” The resulting comments were a good discussion about the benefits of automating changes to a QoS policy versus the risks inherent in the software doing something stupid, leading to undesirable results.

The comments made for such a useful conversation, that I’m going to rephrase the question like so: if not QoS policy manipulation, what real-time traffic-based automation would you trust? And I’m going to place a couple of constraints around the question.

1. Let’s assume that the flow data is actually real-time, and not a netflow export that’s sampled periodically. Think about network traffic being tapped or mirrored to a device that can process the traffic. I know this is the NTA forum and so maybe I’m getting a little far afield, but bear with me.
2. Let’s also assume that the software monitoring the tapped traffic can actually process all of the data coming at it. I know you could make the case that with multiple 10G feeds, it’s too hard to keep up with the data. But let’s say we have boxes that can do it.

I think there’s a good case to be made for dynamically reprogramming network forwarding behavior based on real-time traffic analysis. I’m getting away from the specifics and more into the realm of ideas, but these are ideas I’ve heard that make sense to me.

• Temporarily redirecting traffic that’s unknown to a security device for analysis.
• Traffic steering, where traffic is balanced across links based on a combination of traffic characteristics and link utilization.
• Prioritizing specific traffic flows between two endpoints to minimize latency.

Do any of those ideas work, from your perspective? Do you have any ideas of your own where you would trust an automated process to perform network configuration based on network traffic analysis?

Since we released Netflow Traffic Analyzer - NTA - v4.0 earlier this month, some of you have been asking about recommended fail-over deployments.

We are currently working on certifying a solution based on the SolarWinds Fail-over-Engine - FoE - product. The FoE doc set is here.

The diagram below illustrates one flavor of such a solution, where the NTA FSDB - Flow Storage Database - is deployed locally to the NPM+NTA server (note that the SQL server is not on the same server as FSDB, as recommended in the NTA FAQ knowledge base doc)

We are also looking at deployments where FSDB sits on its own machine (neither with NPM+NTA nor with SQL Server) and will recommend here, the appropriate FoE deployment for this flavor. Stay tuned.

Important note: Again, this solution is currently being tested and is not certified yet, but we wanted to give you heads-up of what is coming so you can start your thinking and planning activities. We will update this thread with more, when the testing is over.

Disclaimer: Comments given in this forum should not be interpreted as a commitment that SolarWinds will deliver any specific feature in any particular time frame. All discussions of future plans or product roadmaps are based on the product teams intentions, but those plans can change at any time.

Last week, I asked in an ambassador post, “Would you automate QoS policy based on real-time flow data?” The resulting comments were a good discussion about the benefits of automating changes to a QoS policy versus the risks inherent in the software doing something stupid, leading to undesirable results.

The comments made for such a useful conversation, that I’m going to rephrase the question like so: if not QoS policy manipulation, what real-time traffic-based automation would you trust? And I’m going to place a couple of constraints around the question.

1. Let’s assume that the flow data is actually real-time, and not a netflow export that’s sampled periodically. Think about network traffic being tapped or mirrored to a device that can process the traffic. I know this is the NTA forum and so maybe I’m getting a little far afield, but bear with me.
2. Let’s also assume that the software monitoring the tapped traffic can actually process all of the data coming at it. I know you could make the case that with multiple 10G feeds, it’s too hard to keep up with the data. But let’s say we have boxes that can do it.

I think there’s a good case to be made for dynamically reprogramming network forwarding behavior based on real-time traffic analysis. I’m getting away from the specifics and more into the realm of ideas, but these are ideas I’ve heard that make sense to me.

• Temporarily redirecting traffic that’s unknown to a security device for analysis.
• Traffic steering, where traffic is balanced across links based on a combination of traffic characteristics and link utilization.
• Prioritizing specific traffic flows between two endpoints to minimize latency.

Do any of those ideas work, from your perspective? Do you have any ideas of your own where you would trust an automated process to perform network configuration based on network traffic analysis?

Hi,

we are planning a new NPM/NTA environment. At the moment NPM 10.6 and NTA 3.11 runs on the same server.

If I read the recommandations for NPM and NTA (with FlowStorage DB) then I need 3 physical and powerful servers. One for the Poller, one for the SQL-DB and one for  the Flow Storage.

I wonder if I can use the pollerserver also for the SQL-DB (separate RAID). The most DB traffic goes to the FlowStorage DB. In the SQL DB are only a few Meta-Data. Why I need a separate derver for the Meta Date stored in a SQL-DB.

We are planning with HP p-series. If "SolarWinds NetFlow - PDUs processed" in the Windows performance monitor is the right value, we have an average of 40.000 Flows/s with peaks of 120.000 Flows/s.

Thank you for your answers

regards

olaf

Good day all,

So I am fairly new to using Solarwinds since I started with a new company.  I have a Brocade Switch and on it I have configured SFlow.  When I run a show sflow command I get the following output (addresses changed to protect the innocent )

SSH@MyDevice#show sflow

sFlow version: 5

sFlow services are enabled.

sFlow agent IP address: xxx.xxx.xxx.xxx

2 collector destinations configured:

Collector IP xxx.xxx.xxx.xxx, UDP 6343

Collector IP xxx.xxx.xxx.xxx, UDP 2055

Polling interval is 20 seconds.

Configured default sampling rate: 1 per 2048 packets.

Actual default sampling rate: 1 per 2048 packets.

The maximum sFlow sample size: 128.

sFlow exporting cpu-traffic is disabled.

12202490 UDP packets exported

15433597 sFlow samples collected.

sFlow ports: ethe 14 ethe 23 to 24

Port Sampling Rates

-------------------

Port=14, configured rate=2048, actual rate=2048

Port=23, configured rate=2048, actual rate=2048

Port=24, configured rate=2048, actual rate=2048

I have also added a screen capture of what I am seeing in NetFlow for this device and I am just trying to understand where the collection is happening from.  So from the above output, I only have sflow forwarding on 3 ports and that is true.  But when I look in NetfFlow I am seeing information from many more ports and not sure I understand why and would like any assistance in better understanding this. 

Thanks for any assistance

Wally

As a long-time exporter of flow data from edge devices, I've run into the issue of data underuse. I usually export from edge devices: WAN routers & firewalls. I've not personally found too much use in exporting flow data from core devices, as that's rarely where I need to do flow analysis. The edge devices have been the key in my experience, answering questions such as:

• Who's using all the bandwidth?
• How long has a given flow been alive?
• What's the traffic mix look like across this link?

What occurs to me is that I usually only look at flow data when I've got a problem, most often when a link is saturated and I need to quickly nail down the culprit. That said, I know that's a waste of interesting historical data, if only I'd take the time to look at it. There's just so much of it to plow through, that I usually don't take the time. It seems like there's always so many more pressing things to do that I don't take the time to make large chunks of historical flow data digestible.

To kick off a discussion, I'm curious to hear the answer to a few questions.

1. Other than troubleshooting, how do you make use of your flow data?
2. How often do you look at flow data summaries, and in what form (on-demand via HTML form, automated reporting, CLI top-talkers, etc.)?
3. Summaries have the side effect of masking more granular data, i.e. smaller flows that might be interesting. In your view, is this a concern, and if so, how do you work around it?
4. How old does flow data have to get before it's no longer useful? For the sake of SQL, I was only keeping 7 days worth of flow data in NTA, assuming that it would be very unlikely I'd need to go back further than that. That was true most of the time, but there were times I wished I could dig back further.

I am new to Netflow Traffic Analyzer and I would like to know if I can view more than the Top XX statistics in the different categories.  From what I've been able to look at and drill down, it seems that all information and even the base reports are all related to the Top XX info.  Essentially, I would like to see all Netflow traffic from a specific node even beyond the Top XX info.  Every time I attempt to drill down to a node, all information is presented in a Top XX format.

Hi Thwack Master,    

Please help me to understand CBQOS are for what and also Netflow? As on my own understanding CBQOS for WAN point to point links and NETFLOW is for Ingress and Egress monitoring?. Please help me. Thank you very much

I found a report on here I was able to use and get the information I wanted. Well since NTA upgraded to 4.0 the report no longer functions. Is there someone who can help me recreate the report as I am not very good with SQL. I have tried to find the new fields to try and convert the information over but I am not finding it.

Attached is the SQL report and the results of the SQL prior to the upgrade.

Once you install the new NTA 4.0 is it possible to move the database to another server if it grows to large or performace is hinder on the current server that it is installed on?