Hello out there. I'm out in sunny Orlando Florida at Cisco Networkers Live this week. Come by the booth and see us if you're out in this neck of the woods...
It never ceases to amaze me when I talk to companies that run large networks and don't even have the most basic of configuration management systems in place. I talked with some guys today that run a network with over 100,000 routers, switches, and firewalls and do all of their config changes by hand and don't have an easy way of backing up the device configs. I've been there - and it's a scary way to live...
I think the reason for this is that so many of us have had horrible experiences with traditional configuration management solutions and we'd rather live with the fear of doing nothing than live with the nightmare that these systems can become. Look at this way - the number of companies that don't leverage a configuration management application is high. The number of companies that have never purchased a configuration management solution is low. Therefore, there are a lot of companies that have spent money on configuration management solutions and then decided it was easier to stop using them.
I normally don't push product in this blog, but ff you're in this position you really need to take another look at some of the products out on the market today. While my opinion isn't exactly neutral, my obvious favorite is the Cirrus Configuration Manager that we offer here at SolarWinds. You can download a free evaluation copy from our website and try it for yourself. There are some pretty good open source tools out there as well, but for the money Cirrus is well worth the investment for what you'll save in time implementing an open source app.
A few minutes ago I was walking through the office checking on things and answering questions when some of the guys stopped me to ask why the "internet" was running so slow. My first reaction was to explain that the internet was actually running quite normally but that our connection to the internet seemed to be experiencing higher than average latency. However, as I looked over the shoulders of the guys asking me I noticed that each one of them had a window open trying to watch streaming video from the U.S. Open and I realized that any explanation I could give would be futile.
One of the challenges that we face today is that our users are used to having much more bandwidth at home than most of us can provide here at the office. Take me for instance. I have a 15 Mbps connection at home pretty much all to myself. If I'm really feeling hoggish I can load balance between my cable connection and my neighbor's DSL and get even better speeds. But here at work I'm sharing the same corporate connection with everyone else and so sometimes it feels slow even though I'm technical enough to understand the reasons why.
I have seen a few companies that plan for events like the U.S. Open and stream the video locally and then let everyone watch the same feed. While expensive initially, in the long run these systems can really work wonders towards network performance and employee perception of network availability.
I'd love to hear your thoughts on the subject and Congratulations Tiger on a game well played.
On Thursday we're hosting a webcast on "How Network Management Systems Work. We'll cover technologies including SNMP, WMI, SSH, MIBs, Syslog, Traps, and more. To sign up visit:
We'll also be doing some giveaways and of course it'll be recorded and posted to the website for anyone that misses the live event.
Recently we added support for NetFlow Version 9 to the Orion NetFlow Traffic Analyzer. Since then, I've helped several customers configure their devices to correctly send NetfFlow v9 data and based upon some of the questions I'm seeing in our forums and elsewhere I figure'd it would be a good topic to write about tonight.
The single most distinguising factor of Netflow v9 (which later became the basis for the IETF standard and for IPFix) is that it is template-based. In NetFlow v5, you have a fixed set of fields and the format and order of these fields are known by both the sender (the router) and receiver (Orion NPM for instance) and are fixed. With NetFlow v9 (and IPFix), the sender sends periodically sends a template that tells the receiver how to interpret the data that's being included in the NetFlow packets. There are several advantages to this technology - one of which is it allows both the hardware vendors supporting NetFlow and the software vendors (like us) receiving and displaying NetFlow data to support new technologies very quickly.
For now, the number one thing to remember is that when you're configuring the network device (router, switch, firewall, WAN optimizer, etc) to export NetFlow v9 packets you MUST specify the template that will be used for the packets. This is an additional command from what you may be used to when configuring for NetFlow v5 or SFlow.
For many of us, especially those of us managing firewalls, the volume of syslog messages that we receive on a daily basis can be overwhelming - especially for the systems that we have receiving, analyzing, and storing them.
Orion NPM includes a great Syslog Server - we've it tested under loads of several thousands of messages per second without issue - but if you're receiving 10,000 syslog messages every minute and you're keeping 30 days worth of history do you really need 432,000,000 syslog messages eating up resources on your database server?
One of the features that many of our diehard Syslog users swear by is the rules/alert engine built within the Syslog server. Many people use this to detect and be alerted on security threats, malicious use of resources, and etc - but not too many people know that you can also use it to automatically filter the syslog messages before they get written to your database to keep your database size in check.
To do this, simply open the Syslog Viewer and choose "File", "Settings" and then go to the "Alerts/Filter Rules" tab. Once there, build a new rule to discard the unwanted messages before they're written to the database. You can filter it so that some of the messages that you really don't care about anyway are automatically dropped - saving lots of space on your SQL server and making the important messages much easier to store, review, and search.
Anyways, hope this helps and ping me if you have any questions on this.
Up until now I've been sworn to secrecy, but it looks like they're finally going to let me talk about this...
SolarWinds is just about to release a new free tool for monitoring Microsoft Exchange Servers. For those of us that have had the, well, ummm, "privilege" of managing and monitoring Exchange servers we know what a pain it can be and how crazy our users get (especially the executives) whenever there's a problem with the e-mail server.
This new free network monitoring software can track things like:
The new free Exchange Monitor will be available soon from SolarWinds.com.
As always, ping me if you have questions or suggestions around this new free software.