1 15 16 17 18 19 Previous Next

Geek Speak

1,238 posts

The previous article on SANS Security Survey 2013 discussed about the security needs and challenges in enterprises to detect threats and the complexity to respond to breaches and attacks, etc. Further to detecting threats and responding to them, we got some insights on the kind of data used by organizations for security analytics.

Interestingly, the most common data used to investigate security issues were:


  1. Log data from network (routers/switches) and servers, applications and/or endpoints
  2. Monitoring data provided through firewalls, network-based vulnerability scanners, IDS/IPS, UTMs, etc.
  3. Access data from applications and access control systems


By doing log analysis, you can understand what transpires within your network. Each log file contains many pieces of information that can be invaluable, especially if you know how to read them and analyse them. With proper analysis of this actionable data you can identify intrusion attempts, misconfigured equipment, and many more.


Security Reports

Next, you cannot afford to undermine the importance of security reporting as it would give you critical information like the vulnerabilities, suspicious behavior on your network, network traffic, etc.


Satisfaction with Current Analytics and Intelligence Capabilities

survey pic.png

The above statistics are based on the SANS Security Survey conducted early this year. For detailed survey results and reports, please click here.

59% of respondent organizations

  • Not satisfied with their library of appropriate queries and reports

56% of respondent organizations

  • Not satisfied with their relevant event context intelligence
  • Have no visibility into actionable security events


How do Security Reports help?

From the above chart you can see the various factors that organizations look for when it comes to reports. While it is absolute necessity to have an effective security reporting to stay informed about the various security issues, it is also important to understand the different areas where reports can be used.


Compliance Reporting:

Being in line with IT compliance regulations such as PCI DSS, GLBA, SOX, NERC CIP, and HIPAA requires businesses to monitor and control access to and usage of sensitive information. Scheduling periodic report generation can help you in gaining visibility over your network and help you adhere to various compliance regulations, which in turn means protection of your customers’ data.

Security Auditing:

Security audit is a continuous process, hence you need to conduct security audits regularly. Reports help you conduct an audit of network events and establish a security baseline. You can make it even more effective automating the audit process with the help of SIEM tools.

IT Security Forensics:

You can use reports to identify suspicious behavior patterns on your network, traffic patterns, malicious codes, summary of various events on your network, and many more.


Are you all set to meet us at SANS Network Security meet? Look for us at Booth 14. We'll be the ones with awesome t-shirts, buttons, and giveaways! Make sure that you stop by and have a chat with us and also check-out our line-up of security products.


Come, grab some!!

Visit: www.solarwinds.com/sans

top 5 reports.PNG

Finally, SAM 6.0 has been realized and released! The improvements and additions are spectacular. Unlike Microsoft and their Windows 8 debacle, we listen to the people who use our software. This is the very reason we have thwack.com. All of the new features in this release came from the users in one form or another, including a lesser known one highlighting the differences between each version of the Administrator's Guide. A sole voice emailed me requesting this little improvement and explained to me why it was important to him. My thought process was simple, "Done." Now every SAM user can benefit from this simple little improvement requested by one user. And here it is:


Granted, this won't garner the praise that actual features will, but it is indicative of something larger. We listen and we care. One voice was heard. Was it yours? In fact, I continue to ask for more input from you. Take this article for example. In the article I asked users to demonstrate how they do things. This wasn't for my amusement. I wanted the responses I got to become a collection of "How To" topics so I could add them to a new section of the Administrator's Guide, or even better, create a separate book on the subject. This How To book would demonstrate examples, rather than me telling you how to do something. Here you would be able to "see" something that works, rather than be told. The difference is important because seeing a working version of something allows you to take away what you need from it. Being told how to do something is certainly more restrictive.


And while I'm here, let me ask you for How To videos! Yup, I want to start adding videos to the Help system so you can see how things are done. I think a How To section and a How To video section would help users immensely. What do you think? Share your videos and How To operations in the comment section below, or feel free to DM me and we can talk about more ambitious ideas you may have offline.


BTW, enjoy SAM 6.0MG.

In conjunction with SANS, SolarWinds recently conducted a security survey amongst 647 respondents who are security and network administration professionals from various public and private organizations including federal government agencies, banking, financial, and healthcare institutions across the US and Canada. The results of this survey gave us a deep understanding of the pressing security needs in enterprises, the challenges faced to deal with breaches and attacks, and preparedness of the IT infrastructure teams to contain and respond to security threats.


Threat Detection

As security professionals, we know it’s paramount to have a mechanism in place to detect threats as early as possible to be able to contain them, or respond to them with corrective or preventive action. This is where organizations are facing the challenge and they are not able to detect threats in time which also increases the time span for the attack to wreak maximum damage.


Difficult Threats to Detect

In the past couple of years,

Image 1.png


This is an alarming figure as it shows there were so many threats that couldn’t be detected soon. Imagine the impact of the attacks until they were discovered. Until the threat is detected and action is taken there can be so much of data loss, system malfunction, failure and even compromise.


Impact on Systems

Image 2.png


Threat Response & Remediation

The challenge doesn't stop with just detecting the threat. From this survey we found that organizations are also finding it hard to respond to attacks after discovering them.

Image 3.png


We didn't just stop with detecting and responding to threats. We wanted to find out what was stopping organizations from getting this visibility.


Top 3 Impediments for Organizations to Discover & Follow Up on Attacks


Top 3 Impediments.png


As we can see from all these statistics, there is a clear lack of preparedness in the IT teams to defend their data and systems from breaches and attacks. Log management is an efficient way to identify abnormal behavior patterns on the network and spot threats. A security information & event management (SIEM) software will help you collect, correlate log data in real time to isolate zero-day threat vectors and allow you to remediate the threat with automated response. Threat detection, response and remediation simplified!


Join SolarWinds at SANS Network Security 2013 Las Vegas

You are invited to stop by at booth No. 14 on September 18th 2013 to meet our security experts and geeks, and attend live product demos and find a solution to your security challenges. And yes, there is a lot of cool geek gear to grab and wear – complimentary of course!

Visit: www.solarwinds.com/sans

SANS event.png

If you own more than one Orion platform product, chances are, there are benefits to be had via their inherent integrations that you aren't leveraging. What you say? I can get more out of what I have right now? It's true! Because so many SolarWinds products have built-in integration points. there's a lot of power there that is yours for the taking. So if you ever find yourself asking:


  • What products integrate with the product that I own?
  • What products does SolarWinds have, in general?
  • What would these integration points do for me?
  • How do I set it up?


Well, we're going to tell you. In the "Admin" section of your Orion products, you'll see a new resource.



Click on the "Integration Overview" to see a large diagram of our products and how they fit together. It's a large diagram, so you'll only see part of it here.



Click on any link (any product) to read about commonly integrated products and to get step by step, illustrated guides about implementing those integrations.


Let us know what you think of this new feature at productintegration@solarwinds.com.

It’s not a vendor-dependent network management world anymore. There are so many players in the market. Vendor-specific enterprise solutions, third-party software and Open Source tools are all being used across corporate networks subject to individual network requirements. Network management systems (NMS) are becoming vendor-agnostic, offering the capability to support networking hardware’s from a wide variety of manufacturers and device models.

When we spoke to some of our customers who had previously used BIG 4 (HP®, Cisco®, IBM®, CA®) network management solutions, some of the foremost reasons on why they made a switch to SolarWinds were, the difficulty of managing an enterprise NMS suite, affordability and the total cost of ownership of these products that, over time, started choking IT management budgets for organizations. Big 4 users felt that they paid for features they did not use and were not getting an adequate return-on-investment.

With increase in network complexity, users seldom need a tool that overshoots their existing problems. In order to find an easier way to achieve what users want at a reasonable cost, we had to dig deep to find the difficulties faced by them while using one of the Big 4 products.


Affordability and Total Cost of Ownership

Big 4 network management solutions are high priced, from the initial cost of licenses purchased till the maintenance and support of their products. Big 4 customers end up spending too much for the features and capabilities they didn’t use, nevertheless the charges for the additional support they would require which results in a much higher total cost of ownership (TCO). The following are some examples where Big 4 customers face the heat of additional costs.

Maintenance – Traditionally Big 4 enterprise solutions have an expensive annual maintenance charges. Users have to subscribe in order to receive latest patches and updates.

License – Organizations who purchase Big 4 products end up paying for software licenses that they rarely used. In large organizations, the guy who made the initial purchase isn’t even involved during the implementation process.

Consulting/Services – Additional services rendered by the vendor usually draws additional costs that wasn’t included in initial purchase. Services may comprise of user training sessions, services during implementations, deployment, etc.

Return on Investment (ROI) – Most of the time, Big 4 customers were skeptical on how to justify the ROI on their network management solution when it came down to total cost of ownership. To maximize the ROI, they have to spend extra money for training their own staff. And with higher maintenance fees, organizations are looking at diminishing ROI when they are looking for more scalability and integration within their environment in future.


Big 4 users always complain about the complex user interface and not so easy-to-read dashboards. Mostly, they have to get a special training to understand the processes involved in operating the network management tool, which additionally consumes more time and effort. Users go through a series of tedious tasks to operate the basic functionalities like reports, alerts, etc. Some of the factors that inhibits the ease-of-use are,

Complex User Interface – Absence of clear and easy-to-read real-time network information has been the Achilles heel of Big 4 products. Lack of visibility, by having a broken dashboard view of network infrastructure and operations can distort the users from easily finding out the network issues.

Integration – Expensive enterprise network management solutions are difficult to integrate with other products based on different platforms, which might be critical to make users job much easier is to manage their network environment through integration.

ReportingBig 4 users also have a difficulty while generating reports because of the lack of out-of-the-box reporting functionality. Users sometimes manually create reports based on their need which is time consuming.

Management overhead – With extra features that has little or rare use, organizations require resources to manage them if the need arises. The lack of staff time and resources creates an operational nightmare if the users doesn’t know how to manage them due to complexity.

Ideally, customers want a network monitoring tool that’s affordable, easy-to-download, easy-to-install and easy-to-deploy with minimal effort. SolarWinds Network Performance Monitor (NPM) is an easy to use network monitoring tool that is modular and scalable. NPM is an affordable enterprise class network monitoring solution, when installed its up and running under an hour. You can get 80% of features present in Big 4 NMS products at 20% of the cost. You can download our fully functional 30 day free trial or test drive our demo.



Learn More

Save Big Bucks over the Big 4

Rightsizing Your Network Performance Management Solution: 4 Case Studies

According to this article, SMB hiring of IT staff is at a stand-still with only 26% planning to add head count. This can only mean that SMBs expect more out of their current IT staff. On the other hand, SMB IT budget has increased by 7% to 162K. As a result, you won’t get to pawn off your unwanted projects on the newbie. But, you may have some extra cash in the budget to buy software to take some of the work off your hands.


5 Easy Tips to Do More with Less


  1. Spend Less Time on the Phone: Get the most out of a server monitoring tool that will make you look like a rockstar so you’re not stuck on the phone troubleshooting all day.
  2. Don’t Buy Hardware Until It’s Time: Manage your virtual environment in an organized manner. That way you can ensure there is less or no clutter.
  3. Consolidate Your Inventory: Streamline your inventory so your workload of consolidating hardware, OS, and apps become easier.
  4. Automate Patching of 3rd Party Apps: Think about ways of automating patch management. That way your productivity goes through the roof and you end up saving hours of manual work.
  5. Automate Mundane Active Directory® Tasks: You can leverage free tools that will automate Active Directory tasks which are otherwise boring, tedious, and time consuming.


Checkout this short presentation that teaches you five simple ways for adding extra hands without hiring an extra body.





Today we conclude our seven part series discussing how to use a handful of overlooked best practices to improve network configuration management.  Over the course of these posts we have highlighted the difficulty involved in managing hundreds or even thousands of switches and managing complex configurations consisting of hundreds of command-line statements.  The probability for human error is high. Even the smallest of errors can adversely affect service. Therefore, every step must be taken to get it right.  This is where Network Configuration Manager (NCM) and our five overlooked best practices come into play.




Control Change

Today we’ll look at best practice #5 which advocates using a well-defined change control process for reviewing, approving and making changes to your device configurations and a process for tracking device end-of-life (EOL).  The reason why this practice is so powerful is because once you have spent a great deal of time and effort implementing and stabilizing your configurations, you want to maintain that stability even as your environment evolves.  Changes will be necessary so why not maintain them in a controlled fashion?


For this best practice, there are four activities we recommend you consider adding to your management regiment.  These four activities are:




The first step is to create a baseline.  To baseline a configuration is to create an internal standard that allows you to measure other configurations and future changes by.  So it goes without saying that your baselines should be error-free and stable.  Once you designate a configuration baseline then you can detect changes and determine whether those changes followed your change control processes.



Which is a great segue into our next practice – creating a well-disciplined change control process.  Ideally you want to be able to review and approve all changes prior to implementing them in your production network.  This is useful if you have teams of admins or engineers doing work.  Using a change control process will help coordinate activities between teams.  Or you may have less experienced admins or engineers making changes.  Again, a formal change control process will allow you to review all changes and detect and fix errors before the change is made.




Our next best practice suggests using automation to deploy configuration changes – especially if the change needs to be deployed across many systems.  Using automation can help ensure the change is made the very same way and error free.  Automation is your friend.




The last recommendation deals with using change control to manage end-of-life (EOL) hardware devices.  You may be wondering why tracking EOL devices is so important.  We’ll it is and for the following reasons:


  • Excessive Support Costs. The primary driver for increasing support costs for EOL hardware is due to vendor end-of-sale and end-of-life policies.  As a device approaches end-of-life the support services can become both explicitly and implicitly more expensive. Failure to secure or renew a maintenance agreement before critical end-of-life dates expire will prevent you from receiving vendor technical support and maintenance upgrades.  Therefore you may be forced to develop or maintain more expensive in-house skills or contract externally for needed services.
  • Regulatory Non-compliance. Non-conformance costs will become an issue if the device is unable to achieve control objectives defined by your policies.  This may be due to a lack of technical capability or because the device is no longer able to receive updates that address security vulnerabilities.
  • Business Disruption. This risk often produces a broad spectrum of affects caused by catastrophic device failure and can lead to business disruption and accompanying lost revenue and/or brand damage.  These problems are amplified when remediation occurs with a legacy device that consumes even more time because spares cannot be located or the replacement device requires extensive install and configuration effort.
  • Diminished Productivity. IT technology is a significant business productivity driver.  Therefore when new IT technologies are not adopted and utilized then opportunity costs may negatively affect bottom-line financial performance.  This problem is also realized when the business wants to expand service only to discover that the underlying infrastructure won’t support the business requirements because it is no longer supported.  This discovery then forces unplanned expenditures and cost overruns.


By carefully tracking EOL hardware you can work to eliminate these problems.






Experience informs us that when we follow these overlooked practices that you can eliminate network downtime.  And if you are the one who introduces your teams to these practices and are noticed for it, then you will likely find favor with your boss – which is always a good thing when you want to ask for a raise. 


Of course SolarWinds can help you with NCM v7.2.  SolarWinds Network Configuration Manager (NCM) is a network configuration management solution.  NCM is part of the SolarWinds Orion Management platform.  The Orion platform offers integrated network performance monitoring, systems and application monitoring, network configuration management, security event monitoring and more.  Using Network Configuration Manager, you can increase efficiency, reduce network downtime and manage configuration compliance by managing and automating major configuration management and change management tasks.


Why not try it today.  Click here to download your free 30-day trial!



You can also find and read past posts in this 7-part series here


Post 1:

Post 2:

Post 3:

Post 4:

Post 5:

Post 6:

Don't miss our New Release Roundup tomorrow at 1pm CT. Learn how you can easily add more power, deeper insight, more accurate alerting, and faster time to root cause with snap-in applications from SolarWinds. In this short webcast, we take you through a few of our newest releases and discuss how these products could power up your existing infrastructure. Want to be more proactive? Solve problems faster? Free yourself from routine tasks and focus on more strategic ones?


Bring any questions you have about your own infrastructure or product integrations and we’ll help you solve them.


Sept 13 @ 1pm CT REGISTER HERE
Sept 20 @ 1pm CT REGISTER HERE

We have expanded the Content Exchange for Web Help Desk to now include FAQ articles and helpdesk articles for IT staff.  Now through the end of October you can earn an extra 50 thwack points per article (totaling 100 points per article)! New sections added:


FAQ Articles - Share the most common and repetitive help desk questions and the workarounds.

Help Desk Articles for IT Staff - Share tips & tricks on getting things done, fast! Help your peers leverage your knowledge, like for example, Windows 8 Tips & Tricks or a workflow for VMware troubleshooting.

If you have ideas on how to improve the Web Help Desk Content Exchange, please comment.

If you're like this guy and you fear that sensitive data is walking out of your network on USB thumb drives,


you will be happy to know that SolarWinds' software portfolio includes an alternative to thumb drives.


Lock Down Those USBs

SolarWinds provides a technology called "USB Defender" within its Log and Event Manager software. USB Defender protects sensitive data using real-time notification and other security features when USB devices are detected, including

  • Automatically disabling user accounts
  • Imposing quarantines on work stations
  • Automatically or manually ejecting USB devices

The USB defender also audits and reports on USB usage over time.


An Alternative to Thumb Drives

Regardless of whether your organziation allows USB drives, people might still have business protocols that require them to exchange large files. One alternative to using USB thumb drives is to provide employees with universal access to their home folders and/or selected folders on existing file shares. By giving them secure access to the same files they use both inside and outside the office, you reduce the incentive to make copies on removable media or use 3rd-party web sites.


A second alternative is to provide employees with secure "ad hoc" file sharing. This allows your end users to safely send files and request files from their daily business contacts, again without using 3rd-party web sites.

Fortunately, SolarWinds offers both capabilities in the same product: Serv-U Managed File Transfer (MFT) Server.  When you deploy Serv-U in your data center, you can reuse the same security policy, procedures, people, and infrastructure that protects the rest of your data. This will enable you to finally retire those pesky USB thumb drives.


Do You Have Other Security Challenges?

Be sure to check out SolarWinds' new Security site, or leave your thoughts and comments below.


This is part six of a seven part series discussing how to use a handful of overlooked best practices to improve network configuration management.  Why?  Human error is the leading cause of network downtime.  Eliminate the error with these overlooked practices and you not only improve network up-time but also prove to the boss you are a natural born leader!

Today we’ll look at best practice #4 which recommends auditing your configurations for standards compliance.




How Configuration Compliance Can Help


Our objective with an audit is to ensure compliance to all applicable policy standards.  There are a variety of security policies and standards that each organization my chose to follow.  Most all of these are designed to protect the confidentiality, integrity and availability of company systems, data and other resources. 




Many of the standards we implement are based on industry requirements, internal risk mitigation measures and other “best practices”.  These standards are expressed as controls which are implemented as configuration settings.  Therefore, by auditing selected configuration settings you can determine your compliance to those standards you follow.








Audits are notoriously unpleasant.  They are time consuming and often reveal shortcomings that can reflect poorly on managers and administrators alike.  However, for many they are a fact of life.  By regularly reviewing your own audit reporting you can discover problems before they are noted by the auditor.  Therefore, when proactively finding and correcting violations you can dramatically reduce risk and receive higher scores.

Looking forward to our review of the remaining post, we will take a look at practice #5 which deals with using change controls to manage changing business requirements and configuration updates. In the meantime, if you've joined this discussion in progress, you can visit our earlier postings.  You can also learn what new in our recently releases NCM v7.2 or download your own fully-functional 30-day trial and start to put these practices to work in your own network.

You can also find and read past posts in this 7-part series here

Post 1 of 7

Post 2 of 7

Post 3 of 7

Post 4 of 7

Post 5 of 7

Post 7 of 7



Posted by vinod.mohan Sep 11, 2013

We are pleased to announce that NPM version 10.6 is now available for download.


In the previous version, NPM 10.5, we shipped some strong features such as IP multicast monitoring and network route monitoring with support for RIP v2, OSPF v2, BGP protocols. So, what’s new in NPM 10.6?


Web-based Reporting

NPM 10.6 allows you to create, edit and manage reports right from the Orion® Web console. We have added such flexibility and simplicity on the Web UI that you will love it more than the desktop-based Report Writer. (The original Orion Report Writer is still available.) Using the new Web-based Report Writer you can:

  • Create new custom reports
  • Edit existing reports
  • Duplicate existing reports
  • Add custom tables and custom charts on reports
  • Add data series to charts
  • Duplicate individual reporting resources (CPU load, packet loss, etc.) to add reporting data for more objects (nodes or interfaces)
  • Change report layouts
  • Preview reports before running them
  • Save and execute reports manually
  • Schedule reports for automated delivery

Web-based Reporting.png


New Out-of-the-Box / Built-in Reports

There’s more to reporting. We have added a bunch of new built-in reports for out-of-the-box value. These new reports can also be edited and duplicated as required. Some of these are:

  • Top 10 Interfaces Transmitting Traffic
  • Top 10 Interfaces Receiving Traffic
  • Top 10 Least Available Interfaces
  • Top 10 Interfaces Discarding Traffic


Worldwide Map (Integration with OpenStreetMap)

Worldwide Map has the capability to display the status of nodes or an aggregated group of nodes over dynamically updated street data. With the 10.6 release, NPM integrates with OpenStreetMap making it easy to layout and view where your equipment is, and it's relative status. You can drill down right from the world map down to the country, state, town, and street to get a bird’s eye view of your location/site and see device status on real-time maps. You can additionally show NPM objects on MapQuest maps added as a resource on NPM's Web Console.

Worldwide Map.jpg


Universal Device Poller (UnDP) on Maps

With NPM 10.6 you can now add UnDP objects on network maps using Orion Network Atlas™. There’s a new map tooltip for UnDP which displays UnDP statistics such as OID being polled, current value, and computed status (using thresholds). There’s also a new page for setting the "warning" and "critical" UnDP thresholds.

UNDP on Network Atlas.png



Other New Enhancement and Feature Improvements

  • F5® device support (Interface monitoring for F5 APM® via F5-BIG-IP®-SYSTEM-MIB)
  • Functionality to cancel “scheduled unmanage actions” directly from the node management resource
  • New reporting entities (wireless devices, hardware health, F5, fibre channel switches)
  • Improvements on Syslog & SNMP trap rules


NPM 10.6 is just a click away – Download Now!


On my last blog post I explained how Virtualization Manager (VMAN) is now integrated with SolarWinds Server & Application Monitor (SAM) and Network Performance Monitor (NPM) showing how now we can view application to VM to datastore performance, configuration and right sizing all in a single pane of glass.

SolarWinds Virtualization Manager (VMAN) to Storage Manager (STM) Integration

I wanted to take this a step deeper and introduce VMAN’s integration with Storage Manager (STM). For some time VMAN has had the ability to provide a link from the datastore in VMAN to the LUN/volume view in STM. This is enabled by adding the STM IP address and username/password in VMAN. Once done the datastores will be hyperlinked, when selected the link opens the underlying LUN or volume view in STM.

By having a flow from VMAN to STM, we can view datastore performance in VMAN and then simply click on the hyperlink opening the LUN view in STM. Here we can view how the underlying LUN at array level is performing. This is a great way of having end to end mapping, it really takes the guessing game out of what datastore is on what LUN and provides quick performance analysis.





SolarWinds Server and Application Monitor (SAM) to Virtualization Manager (VM) to Storage Manager (STM)

If we have the link from VMAN to STM enabled, and we then enable the integration from VMAN to SAM then we will also have a hyperlinked datastore to STM from SAM.

This adds really nice functionality and workflow from the application to VM to datastore and LUN all from SAM.

In SAM we can click on a server, and choose the storage tab or simply click on the storage submenu



I now have the LUN view and it is hyperlinked, so from here I can simply click on the link and the LUN/volume will open in STM!



SolarWinds Systems Management solutions like SAM, VMan and STM help solve the daily challenges of the sysadmin, to find out more, read the eBook “A Day in the Life of a SysAdmin” now.

Please join us for a monthly product update from the SolarWinds Product Management team. The team will cover what’s new, what’s coming, and what we’re thinking about for future releases. Each session  will be very collaborative. We want to hear your thoughts, questions, and requests.


September 11  

In September, we’ll show you some interesting new developments centering around Orion platform product integrations. Plus, our NCM PM will give a brief overview of what’s new and what’s coming up. Be sure to bring any questions on our recent releases, and we’ll get them answered.


Register here.

What is IP Multicasting?

While traditional IP communication allows a host to send packets to a single host (unicast transmission) or to all hosts (broadcast transmission), IP multicast is new a bandwidth-conserving technology that allows a host to send packets to a subset of all hosts as a group transmission. Multicast transmission reduces traffic by simultaneously delivering a single stream of information to multiple receivers.



Key Benefits

  • Considerable bandwidth savings as there’s just a single stream of traffic transmitted
  • Elimination of network redundancy
  • Reduced load on servers and CPUs
  • Functionality to choose individual receivers or group of receivers


Thus, IP multicasting allows you to efficiently distribute video, voice and data to virtually any number of corporate recipients and homes. Multicast is increasingly being deployed in enterprises for services such as multimedia distribution, finance, education and desktop imaging.


Why Monitor Multicast Traffic?

It’s important to monitor multicast traffic because you need to be sure of the availability of the multicast receivers, and whether there’s any packet loss or latency with packet transmission via protocols such as IGMP and PIM. As a network admin, you also need to know what the multicast route path is, and whether the network devices and their interface transmitting the multicast data are having any performance issues that inhibit the multicast data delivery.


What Multicast Metrics You Need to Monitor?

Network Devices by Multicast Traffic

At a high-level this statistic will allow you to be informed of the top consumers of multicast traffic on your network.

pic 1.png


Multicast Group Members

To be able to easily isolate issues happening in multicast groups, you need to know the multicast devices and interfaces that are part of a multicast packet transmission, and monitor their availability, health, and performance right alongside multicast data.

Pic 2.png


Multicast Traffic Metrics at the Device Level

  • How a network device shares multicast traffic from various transmissions?
  • What is the node utilization over time by multicast traffic?

Pic 3.png


Multicast Traffic Metrics at the Interface Level

  • Current rate of transmitted multicast (pps)
  • Current rate of transmitted multicast (pps)
  • Current incoming multicast traffic to interface (pps)
  • Current outgoing multicast traffic from interface (pps)


Multicast Topology

For any given network device routing multicast traffic, knowing what the upstream and downstream routers are can help get a view of immediate topology. You can get to know what interfaces are used for packet transmission and reception from the topology, whether they are available or not, and what amount of traffic is passing through them, etc.

Pic 4.png


Troubleshooting multicast related performance issues is a time consuming, manual process requiring knowledge of CLI and advanced scripting. SolarWinds Network Performance Monitor (NPM) gives you the ability to automatically monitor your multicast network and alert you when performance issues arise allowing you to reduce your time to resolution. SolarWinds NPM combines views of real-time multicast information alongside device information so you can drill down and see route details of multicast nodes and monitor routers, switches and end-points that receive and forward multicast packets.


Learn More

Read this white paper to further understand how to monitor IP multicast traffic.

Multicast White paper.png

Filter Blog

By date:
By tag: