Skip navigation

Well, the first day of InterOp 2008 is behind us and what a day it was. A few thousand of you came by the booth today for free software, t-shirts, and to learn more about our software. Heck, we even had free beer from 3:00 to 5:00 when the show closed!!!

If you're in Vegas this week stop by and see us and I'll hook you up with some goodies. Hope to see you here...

Flame on...
Josh

p.s. A new version of our NetFlow Traffic Analyzer released yesterday and includes several key features including support for sFlow, J-Flow, and NetFlow v9. Additionally, we made several enhancements to the web UI and added a custom, ad-hoc reporting engine that makes it really easy to drill down to the specific data that you're looking for. You can check it out at SolarWinds.com and we'll be doing a webcast to go over all of the new features soon.

Josh Stephens

Who monitors what?

Posted by Josh Stephens Apr 25, 2008

I've been involved in a lot of conversations recently both here internally at SolarWinds and within the community regarding whose responsible for monitoring what. Are the networking folks responsible for monitoring server hardware? Are the systems folks responsible for monitoring virtual switches? Does the NOC do application level monitoring?

In most cases, the answer to all of the above questions is 'YES'. As a matter of fact, in most organizations there is a lot of monitoring overlap - even if there is a dedicated group for monitoring. Most networking shops want to at least monitor the server infrastructure, server ports on the switches, and layer 4 connectivity to applications. Most systems shops want to monitor available bandwidth, relevant network paths, and virtual switching infrastructure. Then of course you have the monitoring and/or NOC teams that need to monitor everything and we haven't even talked about the security folks...

Another way to look at it would be to focus on the monitoring technology/data. Let's say for instance that you're using Orion and the APM, NetFlow, and VoIP modules. While the perspectives and therefore reporting needs are different, in most cases all of the groups above want access to information collected via NetFlow, information on system and network performance, application availability, VoIP calls stats, and etc.

I'd like to hear from you on what you're responsible for (network, systems, monitoring, security) and where you draw the demarc in terms of what you want to have visibility in to from a monitoring perspective.

Thanks and hope ya'll have a great weekend.

Josh

I'll be in Vegas for InterOP next week. Stop by our booth and chat if you have some time...


Josh

A couple of weeks ago we hosted a webcast on cost saving techniques for managing networks. It went great and we had several hundred people attend the live event and lots and lots more have viewed the recorded version at

http://www.solarwinds.com/register/index.aspx?Program=811&c=70150000000DZAL

All that said, it didn't quite reach the level of geekiness that I like to put into webcasts. So, I've decided to raise the geek factor for this next event and do a deep dive on flow based technologies including NetFlow, JFlow, SFlow, and IPFix and I've invited our Chief Architect Joel Dolisy to cohost.

Sign-up information will be place on SolarWinds.Com and here on the blog within the next day or so. If you've got specific questions about this technology that you'd like to see answered drop me comment. Current agenda is to cover:

•    The basics of traffic flow technologies
•    The Top 5 Reasons to use them
•    Possible downfalls – Rumors and Facts
•    Comparisons of NetFlow, JFlow, SFlow, and IPFix
•    Deeper analysis of each traffic flow type
•    Technologies that  receive and analyze flow data

Flame on...
Josh

For those of you that haven't seen it, the new Incredible Hulk movie looks freaking awesome. I guess maybe it comes with the territory when you're as geeky as I am but I absolutely love superhero movies. I've probably watched the trailers for this and the new Batman movie a hundred times each...

Of course, in doing so I'm chewing up precious bandwidth and probably causing some of our executives to wonder why their VoIP calls to our other offices are so jittery, but hey, how often does a new Incredible Hulk movie trailer get released? And seriously, our QoS deployment should protect against this - or at least, protect against normal users doing this :)

Anyways, I digress. As you know, one of the cool things that you can do with NetFlow is to measure how much of your network traffic is actually people like me geeking out on superhero movie trailers. I had a situation last week where a company was using Orion and our NetFlow module and they weren't seeing the data that they thought they'd be seeing. Long story short, they were trying to watch the traffic in and out of the ports on one of their core switches. It was a Cisco Catalyst 4503 running IOS and all of the ports were a part of the same VLAN. Most of the traffic never left the subnet - meaning it was all switched traffic. Now, my understanding of NetFlow was that you're only able to see traffic that crosses layer 3 boundaries - i.e. interVLAN or routed traffic. This was also the opinion of the engineer at the Cisco TAC that the comany had been working with so my first reaction had me ready to say that it wasn't possible and move on to the next case.

The company wasn't pleased with this information and really needed the layer 2 traffic detail and I got the impression that I "wouldn't like them when they're angry" so I started digging deeper. I am fortunate enough to know a few of the product managers at Cisco including the PM over NetFlow so I called in a favor to find out if there was any way to do this. I learned several things...

First, on the 4503 running IOS version 12.2(40)SG or later this IS POSSIBLE!!! There are some new commands that I'd never even heard of. Specifically:

ip flow ingress (which we've all probably used before and enables the routed flows)

ip flow ingresslayer2-switched (whoa there hoss - this was totally new to me)

ip flow ingress infer-fields

Once turning on these commands sure enough we started seeing the layer 2 switched traffic via NetFlow. This is totally cool. I was hoping to see it allocated to the port that it went in/out of, but you can get around this by viewing it by either the connected device or using an address group for the connected devices in the case of a downstream switch. Secondly, I also saw that some of the traffic was associcated with the EOBC interface. I'll send a SolarWinds shirt to the first person that adds a comment explaining what this is - and yes I know what it is so I will be verifying the answers :)

Anyhow, I thought this was definitely worth sharing. If you've got any experience with using NetFlow to monitor layer 2 traffic shout it out to the group...

 

Flame on...
Josh

I was answering a set of e-mails today on when's a good time to change network management products, what trends I'm seeing in the industry, and how to evaluate a network management solution and I got to thinking that these are some of the questions that we answered on our recent video segment with Gartner Group. So, if you're interested you can watch the segment at:

www.solarwinds.com/garner_video/
 

No promises on how many times I stutterred or said "uhhh" or "ummm" but in my defense it was hot as heck in that room... Not the geekiest comments I've utterred but definitely some value there.


Flame on...
Josh

Filter Blog

By date: By tag: