Skip navigation

Product Blog

3 Posts authored by: mebway

As the excitement builds for NPM 11 release, you should begin to consider the best options for sending data to your Network Packet Analysis Sensor (NPAS).  Highlighted in NPM 11 - Packet Analysis Sensor Deployment Considerations, we briefly discussed how to capture and export data over to the NPAS. Figure 1 shows the network packet analysis sensorhttp://www.solarwinds.com/packet-analyzer.aspxinstalled on a dedicated server with dual NICs.  A primary NIC for management access and a secondary NIC to passively listen for all traffic.  When it comes to data collection, the secondary NIC is capable of accepting:

 

  • TCP packets from a SPAN(Mirror Port)
  • TCP packets from a network tap
  • TCP packets from Network Packet Broker

       

Figure 1

 

Things to consider for deployment options:

  • Where are my critical applications hosted?
  • What are the major aggregation points of my network?
  • What are the line rates at critical capture points?
  • Avoiding packet duplication

    

Connecting a NPAS directly to TAP and SPAN ports in a network is the simplest way to get data for analysis, but this approach has several pitfalls. The most immediate problem is that there are just not enough TAP and SPAN ports for all of the tools used by the typical IT or engineering team.  Modern network architectures provide multiple paths through the network, which helps increase network availability, but it also puts challenges on complete network visibility.  This redundant network design provides continuous access to data in the event that one or several links should fail.  However, the redundancy also means that data between two devices in the network may not travel in the exact same path through which may be missed if the network packet analysis sensor is not deployed properly.

 

In addition to determining the best location to place the NPAS, you will need to take measures not to oversubscribe  the output capacity of the mirror port.  In high-traffic situations, you can limit the amount of traffic on the SPAN or mirror port. For example, set an Access Control List (ACL) on the mirror port to forward only traffic from key servers. By leveraging an ACL, you can eliminate unnecessary traffic before it is sent out of the mirror port.  If you use an ACL, verify that all TCP traffic is forwarded to the monitor. Then add other protocols used by the critical applications you want to monitor. Specify the appropriate ports in the port mirroring statement.  You should avoid scenarios where a large capacity switch transmits data from all ports to one mirror port or SPAN.

 

Aside from your traditional techniques to mitigate the previous risks, the introduction of network packet brokers have made taken this capabilities to whole new level. Gigamon is one of a handful of vendors that offer products that provide enhancements in how data is sent to monitoring tools. Gigamon products  deliver Intelligent Traffic Visibility Networking Solutions to enhance network monitoring of data centers, service providers, and enterprises.  Figure 2 shows two network packet analysis sensors taking feeds directly from the GigaVUE - 420 appliance. 

 

Some of the feature and benefits include: 

  • Any-to-Any connectivity
  • Aggregate 10G links to 1G tools
  • Intelligently filter via Citrus™ web GUI or CLI
  • Replicate traffic to multiple monitoring tools
  • Solutions for monitoring asynchronously routed traffic

   

Figure2


The GigaVUE-420 Traffic Visibility Node supports 10/100/1000 & 10Gig Ethernet. GigaVUE-420 aggregates, filters, and replicates traffic flows across multiple security and monitoring tools. Hardware filters based on any pattern in the 128-byte header may be enabled to eliminate unwanted packets. The GigVUE-420 modular design allows network professionals to deploy the exact number of ports necessary to fit their requirements.

 

The GigaVUE-420 enables the Traffic Visibility Network to unobtrusively monitor the production network. The GigaVUE-420 provides out-of-band ports for passive monitoring tools. Tools may be added without affecting the network, at any hour without configuration management review. Multiple GigaVUE-420 systems can be stacked to create a 222 port visibility fabric. All ports can be configured as network or tool ports.

 

So whether you are using legacy techniques for capturing data or have access to more advances NPBs, Solarwinds’ NPAS is a great way to determine whether it is the application or the network.  Now go sniff some packets!!

mebway

NTA 4.0 Storage Bug

Posted by mebway Mar 28, 2014

 

We have identified a bug in NTA 4.0 related to storage issues for the new Flow Storage Database.  In cases where NTA FSBD reaches 1TB of data stored, NTA will not process any new data and flow collection is stopped.  While we have seen a small percentage of customers with the affected versions installed, we would encourage customers to install the applicable hotfix.  Install this hotfix on your NTA Flow Storage Database, primary Orion poller, any additional Orion poller(s), and any additional Orion website(s) in this order.


Hotfix Link:

http://downloads.solarwinds.com/solarwinds/Release/HotFix/NTA-v4.0.1-Hotfix2.zip

 

 

To receive updates on the NTA roadmap, JOIN thwack and BOOKMARK this page.


After releasing NTA 4.0, we have been working on the next release.  Here is our "hot list" of things we are currently working on.  Your comments, feedback and especially participation in Beta releases are more than welcome. 

 

  • The ability to configure devices directly from the NTA web console - NTA 4.1 Beta
  • Improved application and web URL classification leveraging DPI type technologies
  • Additional Flexible NetFlow Field support (IPFIX)
  • Improved workflows by expanding on the integration between existing Orion Modules and NTA
  • Increased sampled support for - J-Flow, S-Flow, IPFIX, & Netstream - NTA 4.1 Beta
  • Improved Alerting capabilities
  • Improved Web-based Reporting
  • Improved handling of backup jobs
  • Additional Flow Navigator capability: filter by source to destination IP Group pairing
  • Support for MS SQL 2014.

 

 

End of Support for 32-Bit Operating Systems

SolarWinds is considering to end supporting NTA on 32-bit operating systems soon. Starting from one of the future versions, NTA will run only on 64-bit operating systems.

 

PLEASE NOTE: Comments given in this forum should not be interpreted as a commitment that SolarWinds will deliver any specific feature in any particular time frame. All discussions of future plans or product roadmaps are based on the product teams intentions, but those plans can change at any time.

Filter Blog

By date: By tag: