1 2 Previous Next

Product Blog

27 Posts authored by: michal.hrncirik

Network traffic limitation is very useful concept, because it gives you the control of what critical application/traffic must be prioritized over others router ingress/egress. However it's a challenge to define traffic limitation rules and it's even more tricky to understand how they are applied on a real network. Show of hands...how many of you had to solve a problem with server, protocol or application performance even though overall switch/router interface utilization wasn't a problem? In such situation you're looking at QoS class packet drops in order to understand what's limited. That's certainly useful, but then you have to figure out how much you need to increase it, which turns into indirect mathematical formula: new QoS class % limitation = ((dropped packets/s + class speed limitation)/ class speed limitation) *100. Instead of wrestling with math- try out new NTA 4.1.1 Beta which displays QoS policing and shaping class utilization.


Before we jump to the beta, let me briefly go over QoS policing and shaping theory.


QoS Policing ("police" command)


Defines router interface Inbound and Outbound limitation and in case data is over limit it drops excess packets. Doesn't do any packet buffering. Configuration limit is in bytes.


Advantages: As it drops packets, it doesn't cause any packet delays in queue.

Disadvantages: Simply drops excess packet = data loss, affect TCP window sizes and reduce overall output rate capacity of impacted data streams with this policy (classes with drops in NTA).


Let's assume you've 75 MB/s limit on your bandwidth from ISP. The result of applying "police" command may looks like this:


Stream before limitationPolicingStream after the limitation
QoS with policing and shaping-original.pngarrow.pngQoS with policing and shaping-policing.png

QoS Shaping ("shape or traffic-shape" command)


Defines router interface (only) Outbound limitation and it buffers and queues excess packets.Configuration limit is in bits/s.


Advantages: less prone to data loss because of buffering.

Disadvantages: Likely to introduce packet delay because of buffering and queuing.


And the result of shaping policy may looks like this:


Stream before limitationShapingStream after the limitation
QoS with policing and shaping-original.pngarrow.pngQoS with policing and shaping-shaping.png


If you interested in more details (how to configure policing and shaping, Cisco has a good overview here: Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2 - Policing and Shaping Overview [Cisco IOS Soft… ).


Now, how can you get that right hand part from the charts above? Well, NTA 4.1.1 beta brings support of QoS policy polling on Cisco devices. You may see not only limitation applied on your classes (bits or %) but NTA also tracks historical utilization of the post-policy class utilization in respect to the class limitation.


1) Install your NTA 4.1.1 beta - NOT ON YOUR PRODUCTION SERVER (we don't support upgrades from beta)

2) Add your CBQoS devices/nodes

3) Go to the CBQoS detail page.


What's new in NTA?


Limitations in QoS policy resources



Post-Policy Class % utilization in respect to the policy settings

Go to the Edit of the "post-policy" resource and select "% of class utilization" from "Data Units" options:



Submit changes and the "Post-Policy" resource changes into this:



What it tells you is your class "host_10.140.46.119" is in spike reaching to 60% of it's QoS limit. We also prepared the OOTB report "post-policy QoS" which contains the QoS utilization.


Many of you are certainly interested in running this on your network prior NTA 4.1.1 GA and that's why we have Beta program. Simply click on the enrollment button below and you'll get your NTA beta today.



As always, your feedback is more than appreciated (contact me directly michal.hrncirik Product Management)

Citrix CloudBridge provides a unified platform that connects and accelerates applications and optimizes bandwidth utilization between branch offices and enterprise data centers and public clouds. One of the coolest features of Citrix CloudBridge (except Video caching, WAN virtualization, etc.) is WAN traffic optimization via data de-duplication, compression and protocol acceleration. This is really helpful if you have multiple remote offices which connect to your data center(s) over WAN where this kind of "WAN accelerator" can provide noticeable improvement of end user experience. The appliance can recognize the type of traffic and does continuous flow detection for WAN optimization. The result is reduced amount for connection and requests between thin client and data center (CloudBridge can send data in bigger chunks comparing to standard TCP communication).









As soon you have CloudBridge instance up and running, you will probably want to add to your existing network infrastructure monitoring to gain insight as to performance. SolarWinds collects and visualizes Citrix CloudBridge IPFIX records, thus enabling the customer to view real-time metrics, maintain historical reports, correlate metrics from the network data with thsoe from application data and configure alerts.


Network Traffic Analyzer can receive CloudBridge IPFIX protocol and show you the amount of accelerated traffic, type of TCP traffic and what IP address produces what traffic. \\


Here is how you can see NTA monitoring amount of data CloudBridge sends between instances over WAN where NTA shows you type of traffic coming/leaving the device and keeps historical data:

4 - top 5 apps line graph.png3b apps pie.png


How to configure:


1) Get your latest NTA as part of BAP (Bandwidth Analyzer Pack) - Network Bandwidth Analyzer – Bandwidth Monitor | SolarWinds


2) Enable IPFIX Collector on your Citrix CloudBridge Appliance:

     - Go to "Appliance Settings", click on "AppFlow".

     - Select "Layer 4 (256) - TCP Ingress" templage data set and select 2 minutes time interval and click "Save"

     - Add Collector, chose name, IP Address, port number 2055, enable your collector and click "Add"


3) Add Node Node in NTA - your CloudBridge IP Address and in 5 minutes you will see charts with IPFIX data from your instance.The results should look like this:



4) You need to add new application with specific CloudBridge protocol port (1494) in NTA




5) Go to NTA Summary page, click on your Citrix CloudBridge instance and NTA shows you top talkers, applications and domains for entire device.


4 - top 5 domains line graph.png4 - top 5 endpoints - line graph.png3b convesations pie.png


Alternatively, you may try SolarWinds FREE NetFlow Analyzer | SolarWinds which is good for one-shot troubleshooting and "appflow" monitoring.

As always, here comes a list of items we are working for the future of VNQM. We are listening and your comments will be more than welcomed.


  1. Support for SIP Trunk utilization troubleshooting and SIP protocol connectivity troubleshooting. Support for SIP and H.323 Trunk utilization monitoring Gateway / trunk Combined utilization view and alerting.
  2. End-To-End visualization of network map between two phones and connected ports & switches on a call route.
  3. Updating visuals - more attractive charts (zoom-in) + Web Based Report for VNQM , Export report from VoIP search page
  4. More out of the box reports with capacity trending. advanced VNQM reports
  5. Support for MS SQL 2014
  6. Performance improvements and more CDR data retention period (more than 1 month of the data in DB)
  7. Support for Cisco IO 15.x, ISR for IPSLA Support for IOS 15.3 on ASR
  8. Monitor PRI Utilization by Call Count Instead of % Utilization


PLEASE NOTE:  We are working on these items based on this priority order, but this is NOT a commitment that all of these enhancements will make the next release.  We are working on a number of other smaller features in parallel.   If you have comments or questions on any of these items (e.g. how would it work?) or would like to be included in a preview demo, please let us know!

I would like to share a list of items we are working for the future of Network Traffic Analyzer. We are listening and your comments will be more than welcomed.


  1. Improvements in unknown application detection in netFlow(s) - using Cisco NBAR2 (1000 apps) for understanding what's behind port 80, etc. (Support for Cisco NBAR)
  2. Network security protection using Network Behavior Analysis (using flows, not agents). Detect DDoS attack, mallware communication or any other suspicious network communication without end-point agent deployment.
    1. IP Address reputation - get warning if application/end-point communicate with potentially dangerous site, we will take care of updates and real-time IP address evaluation.
    2. SYN flood attack detection, DoS detection, unexpected TCP/UDP high volume detection, find the host-name and switch port/SSID information of the source of the traffic.
    3. Port scanning detection
  3. Improved Network Bandwidth Utilization troubleshooting - instead of showing applications from entire network, we want to point you to the most utilized interfaces (and even better, network links) and show you what are top application and top talkers responsible for that conversation.
  4. UDT Integration Integration: NetFlow and User Device Tracker
  5. Topology information within NTA - understand "what and where". See your WAN links or VPN connections and underlying border interfaces with all the traffic (applications) and top talkers on the single page.


PLEASE NOTE:  We are working on these items based on this priority order, but this is NOT a commitment that all of these enhancements will make the next release.  We are working on a number of other smaller features in parallel.   If you have comments or questions on any of these items (e.g. how would it work?) or would like to be included in a preview demo, please let us know!

IPAM and UDT have combined like Voltron to form the new IP Control Bundle and as an IT "pro-", you may finally say goodbye to the painful and long IP Address Conflicts troubleshooting. Say goodbye to the long down-time of your servers, key network infrastructure or disconnected end users, caused by duplicated IP address on your network. For new users IPAM 4.3 and UDT 3.2 are now also available as a combo of two products with "in-line" integration focused on IP Address Conflict troubleshooting. For our existing customers both new versions act as regular product upgrade. There is no difference in functionality between bundle and standalone versions.


What IP Address conflicts it detect?


1) Static IP Address assignment on two end-points within the same network


Typical situation when this may happen is cloning virtual machines. People simply download or copy virtual image and run it within the network not knowing if there is static IP address pre-set.


Conflict statiac.png


2) Static IP in DHCP environment

There is many situations when static IP address may cause conflict within dynamic (DHCP driven) network. It can be somebody's laptop with static IP from the hotel, it can be cloned virtual machine with static IP, it can be attacker who is trying to connect to local network using static IP Address. It also can be newly connected network printer which has usually default static IP from private pool of IP address range - 192.168.x.x

Static DHCP conflict.png

3) DHCP scope overlap (split-scope)

DHCP scope overlap problem can occur these days much more frequently because local networks are usually controlled through DHCP servers and if DHCP server goes down, nobody can get new IP Address and connect to the network. from that reason, IT build backup or fail-over solution which consist from two or more DHCP servers. It's usually DHCP config misconfiguration or DHCP failure which cause both DHCP servers can provide the same IP address to two totally different devices.

scope overlap.png

4) IPAM end-point reservation vs. actually connected device

In a case IT admin reserved IP address to the specific end-point (MAC address) and other device is currently connected with that IP it doesn't really mean, there is a real IP address conflict. This may be because of obsolete IPAM information, or an upgrade of originally assigned device. However, it could be just a time bomb waiting for the reserved device to be connected back to the network. In all cases, IPAM administrator should be notified about such situation and either update IPAM reservation or change IP address of unexpected device.


How can IP control bundle help you to solve IP Address Conflicts?


By two clicks you will get the most important information about conflict:


1) Who is in the conflict? MAC addresses, Vendor, Active Directory Information and connected port or Wireless SSID (UDT functionality)


2) History of end-points connection - who is assigned to the IP Address? Show recent user of given IP Address so IPAM admin can understand who should be disconnected first.


3) "How-To" steps helping you do an action


Here is an example of DHCP scope overlap and how IPAM and UDT can help you to troubleshoot the problem:

conflict story.png


Both IPAM 4.3 and UDT 3.2  are now ready on customer portal and waiting for your download and upgrade. If you don't have one of these product, or if you would like to evaluate entire IP Control Bundle, you may download it for evaluation.


IPAM and UDT also brings other improvements and bug fixes, for more details, see our release notes for IPAM and UDT.


I can recommend you to watch following web-cast we made recently, which not only summarizes IP Address Conflict issues but also compares multiple IP Address Management solution and demonstrates latest IPAM & UDT (IP Control Bundle).

SolarWinds is pleased to announce that latest and greatest version of IP Address Manager (IPAM) 4.1 has been recently released.


This new version primarily focuses on monitoring and management of high-performance DHCP service from ISC via IPAM web-console. 4.1 namely brings following new features:


  • A new re-designed DHCP management UI that helps to manage multiple methods of organizing IPs across Windows, CISCO and ISC DHCP vendors
  • Management of ISC DHCP subnet options, ranges and pools (New to ISC)
  • Monitoring of ISC shared network containers and their subnet utilization
  • Monitoring of ISC DHCP IP address static assignments within groups

But that's not all. We were listening to you, our users who requested support for more complicated configuration scenarios on DHCP servers. This advanced scenarios typically requiring setup for specific DHCP Options. IPAM v4.1 can namely do following:


  • Monitor and manage over 180 (RFC 2132) DHCP options on Cisco, Microsoft and ISC DHCP servers
  • New UI for DHCP options management with data type validator and text translation of numeric value of each option (you don't have look into RFC)
  • Automatic detection of supported/unsupported options per DHCP vendor
  • Both-way sync between IPAM and DHCP server.


For example, you may use options 66 & 67 in order to setup TFTP and VoIP config file name for your VoIP infrastructure running on DHCP server.


You may find additional information about fixed bugs and related details in IPAM V4.1 Release Notes


If you are interested in how the UI looks look like, here is a small summary:


1) ISC DHCP monitoring with shared subnets container

GA ISC.png


2) Create/Edit ISC DHCP Subnet - add pools, ranges or setup DHCP options

GA ISC Edit.png

3) DHCP options settings is the same for all vendors supported in IPAM

GA DHCP Options.png



IPAM 4.1 is available on your customer portal for a download and upgrade on production servers.

Many of you are patiently waiting for new version of VNQM and hope to see support for Avaya call quality monitoring. Well, now is a good chance how to help us recognize technical differences and challenges our engineering needs to solve before GA. We are here with first beta that supports Avaya call managers (have S7x series in our lab). We would highly appreciate if you can try to install this version on your test environment (could be VM) and let us know how it works on your end.


This is currently supported functionality:

  • Avaya support
    • Storing CDRs in Orion internal DB
    • VoIP search for Avaya calls (search with time and CM only)
    • VoIP Call details view (without CQR and Call Signaling)


If you want to participate in beta, you should own VNQM and be under active maintenance. Then you need to simply agree with this beta agreement: SolarWinds VoIP & Network Quality Manager 4.2 Beta Participation Survey and I'll send you download link.


How to add Avaya call manager? Click on "Add new call manager" button on IPSLA Summary page and our wizard will take you through the process.


I'd also welcome any feedback on wizard UI and improvement points.


Here are few screenshots:


beta 1.png



beta 1 - detail.png

beta1 - ccm details.png

When I talked to you - IPAM users, I've heard many times that one of the typical tasks of IP address management is obtaining available IP address(es) for selected subnet. This is tricky if you use spreadsheets and share it with more people (you never know if the doc is in sync and if you won't create IP address conflict).


You also voted for similar feature - IP Request Form on Twhack. Where one of the scenarios is ask & approve assignment of first available address in subnet.


In this post, I'd like to unveil an IPAM API method that can give you one or more Available IP Address in a subnet.


What we need in order to accomplish this trick:


  1. IPAM 4.0 (could be an Eval)
  2. Latest version of Orion SDK installed on the IPAM server.
  3. Access to Windows PowerShell (could be applied on Python, Perl or VBScript as well)
  4. User and Password into IPAM
  5. Ten minutes of your time :-)


Install and configure your IPAM

Simple start, install and configure your IPAM. It must contain at least one subnet with IP addresses and their statuses inside:


Install your Orion SDK

Orion SDK will provide API access to IPAM database via secure methods. I don't expect any single problem during install process (link for download). My recommendation is to install as local Administrator.

If you run into any problem, please speak up in this forum on Thwack.


Open your PowerShell window

And now the real fun begins. Run your PowerShell Window and make sure that Orion SDK was successfully registered:

Type this command: Get-PSSnapin | where {$_.Name -eq "SwisSnapin"}) and hit enter key.

The result should looks like this:


If you didn't get this, simple type following command (will add PowerShell snappin from SDK)

Add-PSSnapin "SwisSnapin"

Now you have to setup connection to your database/IPAM.

Type in following commands and change your $hostname to domain name or IP address of your IPAM, $username to the username you want to use for connection and $password to your password (like $password = "solarwinds"). If you are using Eval of IPAM and running the script from the same machine, keep it as it is below.

$hostname = "localhost"

$username = "admin"

$password = New-Object System.Security.SecureString  

$cred = New-Object -typename System.Management.Automation.PSCredential -argumentlist $username, $password

$swis = Connect-Swis -host $hostname -cred $cred


OK, so we set up the connection, and now we can call an API method and get information about available IP Address. You also need to know the name of the subnet from where you want to get free IP Address. In our example I'll use "DEV" name (see screenshot above). Type in the command below and hit enter key:


Get-SwisData $swis 'SELECT TOP 1 I.Status, I.DisplayName FROM IPAM.IPNode I WHERE Status=2 AND I.Subnet.DisplayName = ''DEV'''


Et voila:


As you may see we got first free available IP Address as with status "2" (Available") which corresponds to my sample IPAM data:

OK so that's good, but I don't assume that you'll want to run such background script every time you want to get your first available IP Address. You can certainly save the whole script into a file and then run it just by simple click (feel free to download my example).


The result of the "Get-SwisData" is stored in DataSet - .NET object which you may use for further processing. For example, you can store the results to the file or you can call it from the web service or helpdesk system.


If you want to iterate via IP addresses in the result, you may use this powershell query (useful when getting more than 1 free IP address or you want to run the query for more subnets):

$addresses = Get-SwisData $swis 'SELECT TOP 1 I.Status, I.DisplayName FROM IPAM.IPNode I WHERE Status=2 AND I.Subnet.DisplayName = ''DEV'''

foreach($address in $addresses)


     write-host "Free IP Address is" $address.DisplayName


blogpost foreach.png

We can slightly modify SWQL query and populate subnet address and CIDR next to the available IP Address (by the way, this is the beauty of SWQL language, you don't have to use JOINs in many cases, simply use dot notation in order to list properties of related entity - in this case "Subnet"):


$addressesWithSubnets = SELECT R.Address as SubnetAddress, R.CIDR, R.FriendlyName, R.PercentUsed,

(SELECT TOP 1 I2.IpAddress FROM IPAM.IPNode as I2 WHERE I2.Status=2 AND I2.SubnetId = R.GroupID ) AS FreeIpAddress

FROM IPAM.GroupReport as R WHERE R.GroupType='8'


Where GroupTyp=8 means type "subnets" (not supernets or DHCP scopes,etc.)

Then the result may look like this:



I can iterate through the $addressesWithSubnet variable and do whatever I need witch each record, for example send email, send data into help desk, update database (custom property) or store it into a file.


The interesting option is create a webservice that can call this IPAM powershell script with attribute "subnet name". Then you can ask for first available IP address from anywhere.


Example where simply writing each row to the console output:

list of subnets.png

Download the full script.


Example of .NET webservice that can call our PowerShell script:


//When calling the method put the path to our script file as parameter to the method GetFreeAvailableAddress.

//For example: c:\script\getFreeIP.ps

//Feel free to add exception handling you prefer.

public void GetFreeAvailableAddress(string script)
RunspaceConfiguration rC = RunspaceConfiguration.Create();

Runspace runspace = RunspaceFactory.CreateRunspace(rC);

RunspaceInvoke scriptInvoker = new RunspaceInvoke(runspace);

Pipeline pipelineCommand = runspace.CreatePipeline();

// execute the script


Integration with SAM (Server and Application Monitor)

One of the easiest way to get Powershell script monitored by Orion web interface is via SAM (try eval if you don't have it). SAM can monitor powershell scripts and show the results on the web very simply.


I had to just re-format the output of my PowerShell script and then define new PowerShell template in SAM so it can transfer the data from script on web.

There is a very nice article about how to add Script Monitor into SAM. So I'll skip this phase and just summarize that what you need to do on your Script side, is populate data you want to show via two specific messages:

Detail Type





A numeric value used to determine how the monitor compares to its set thresholds. This must be an integer value, (negative numbers are supported).

Statistic.Name1: 123

Statistic.Name2: 456



An error or information message to be displayed in the monitor status details. Note: Multi-line messages are supported. To use this functionality print each line using a separate command. For example:
Message.Name1: abc

Message.Name2: def

and it must end by "Exit(0)" statement.


I modified our script in order to produce messages that are parsed properly by SAM (how to add add new SAM template). The template show you percentage used of IP address per subnet and also first free IP Address for each subnet.

Section added

Write-Host "Message.$($freeIP.FriendlyName): Subnet: $($freeIP.SubnetAddress)/$($freeIP.CIDR) named: $($freeIP.FriendlyName) has this available IP  ADDRESS$($freeIP.FreeIPAddress)";   

Write-Host "Statistic.$($freeIP.FriendlyName): $($freeIP.PercentUsed)";


Feel free to download SAM template from here. Wondering how the result looks like on the web? Here it goes:


statistics comments.png


Let me know if you have any questions and don't be intimidated by our API, it's very easy to use.

I'm happy to announce that IP Address Manager 4.1 RC1 is available for download and installation on your production servers.

Except bug fixes, there are two new big features we added into this release of IPAM:


  1. ISC DHCP management and monitoring
    • Create, edit or remove ISC DHCP subnets directly in IPAM using the same UI as for Microsoft or Cisco DHCP
    • Manage ISC DHCP subnet options, ranges and pools (RFC standard options, including options 66 & 67 for VoIP settings)
    • Default alerts for high DHCP subnet utilization
    • Monitoring of ISC DHCP shared subnets and their utilization
    • Monitoring of availability of ISC DHCP servers and their subnets (up, down, unreachable)
    • Monitoring of ISC DHCP IP address static assignments within groupsall DHCP vendors.png
  2. Support for management of standard DHCP scope options on Microsoft or Cisco DHCP servers
    • Setup VoIP options (66 & 67) on your DHCP scopes
    • Manage all RFC standard DHCP options using web UI that describe usage of each option.
    • Automatic both-way DHCP scope option sync between IPAM and DHCP servers


The installation is available on your customer portal or via this RC agreement (IPAM 4.1 RC Participation Survey).


You should contact SolarWinds support in case of any problems or bugs you found.


We are looking to your feedback on this latest version.

In the last release of VNQM we brought the VoIP troubleshooting for your Call Managers. Those of you who maintain VoIP company infrastructure are probably familiar with the VNQM call signaling topology resource:


This resource contains devices "1005 & 1041" which are typically gateways. These devices connect your internal VoIP sub-system to the line of your data/voice provider(s). You may typically hear "PRI or PRI Gateway" when talking about inside out or outside in VoIP connectivity. What is PRI? The definition says that PRI (Primary Rate Interface) is a telecommunication standard used in the Integrated Service Digital Networks (ISDN), for carrying multiple DS0 voice and data transmission between two physical locations. More technically, a PRI is a type of VoIP line that provides up to 23 separate 64 Kbps B lines and one data channel like with 64 Kbps in a T1 configuration (typically USA) or 30 B lines and one data line in a E1 configuration (typically Europe).


PRI is quite popular today among businesses because of many benefits it has:

  • Scalable technologies that can grow or shrink with your business
  • Low cost
  • Use of existing PBX system technologies
  • Multiple sites can be connected into the same system eliminating maintenance and installation charges across locations
  • Doesn't impact end-users (can dial the number as they were used before)
  • Increased high-tech communications options
  • Can be managed remotely via web-based consoles

And this "PRI Gateway" is something that VNQM 4.1 can now monitor and brings you an another piece of information to solve your VoIP problems. To be very specific, in the case of VNQM 4.1 it's about Cisco devices (MGCP gateways) that have support for PRI.

You, Thwack users, had many dicussions or feature requests (here or here), about how to see utilization of your PRI trunks. You could also read about PRI in a Geek Speek blog post .

VNQM 4.1 RC is ready to be installed on your production and it is fully supported by SolarWinds support. If you are a IPSLA/VNQM active maintenance customer you are more than welcomed to sign-up here for a RC download


What Do We Need to Monitor?

A typical monitoring task for the T1/E1 is to monitor a number of active channels/trunks and their utilization. Some of you were also asking for monitoring of "VoIP vs. Data" ratio on the line. VNQM 4.1 can do both now. We don't use SNMP in this case, because Cisco has a bug in their SNMP implementation which results in incorrect trunk call utilization data being reported.


Now, how do you see this data in VNQM?

  1. Use a new gateway wizard to add your device to be monitored as the MGCP gateway at VNQM settings page


add gateway_cr.pnggateway wizard.png


  2.  When you have successfully added, you should see the list of your gateways on the VoIP summary page:

gateway summary.png

3.  Click on the Gateway from the resource above or in the signaling resource that's part of the call details page. This will take you to the brand new Gateway detail page:

Gateway detail page_cr.png


How to see data distribution and PRI trunk utilization - are you paying too much to your provider?

Gateway detail page_cr 1.png

Data distribution chart can show you a total usage on your PRI gateway, data & VoIP traffic

distribution and you can also drill down to see each trunk utilization specifically. "Trunk Utilization" resource will give you a good historical overview where you may see spikes or gaps over a time.

In our case, we can see that more than 37% of the capacity

is not used over last three months. So why to pay so much to your voip/data provider?

You can reduce amount of lines you need for the connectivity with the outside world.

The same chart could be also used for a troubleshooting of call connectivity.

In a case you reach maximum PRI utilization, your calls can't be connected

and it's time to figure out who is causing such load (CDRs), ask your provider for more bandwidth, or, at least, set up VoIP precedence policies. Gateway detail page_cr - 2.png





Want to see more "per trunk" utilization details? Not a problem:

Gateway detail page_cr_cr - 3.png





How to see problems on a gateway?

It's possible to do it via VNQM search page itself. But, you can save some time and see the most important metric - failed calls, and call quality issues directly on each Gateway detail page:

Gateway detail page_cr_cr - 5.pngGateway detail page_cr_cr - 4.png

In order to see call details, phone numbers, etc. simply hit "Search for all failed calls" link at the bottom of the page and VNQM will filter out Gateway relevant calls only."Easy peasy" don't you think?

PRI & trunk utilization monitoring is a major feature of this release. However, VNQM 4.1 also brings a new web-based reports with charts you may read about in this post.

VNQM 4.1 RC is ready to be installed on your production and it is fully supported by SolarWinds support. If you are a IPSLA/VNQM active maintenance customer you are more than welcomed to sign-up here for a RC download

SolarWinds has prepared a new on-line sessions for all of you who are interested what's coming in our product series. This sessions will be presented by Product Managers and we believe that it will give you an interesting look into product's future.

If you would like to attend, simply make your registration at GoTo meeting web site: New Series: PM-Hosted Monthly Product Roadmap Updates


The upcoming Wednesday 17th July's session will be focused at Network Performance Monitor 10.5 and beyond. In this episode, we will review the new features in SolarWinds Network Performance Monitor v10.5 and additionally, we will discuss what we are working on for the future. Feel free to bring your comments and questions.


See you there.

New IP Address Manager 4.0 just has arrived. The upgrade is available for free for all IPAM customers under active maintenance and can be downloaded from the SolarWinds customer portal.


The 4.0 comes with following list of new features and improvements:

  • Support for BIND DNS management and monitoring
    • Create, edit, delete DNS zones and DNS records for BIND DNS v8.x and v9.x (A, AAAA, MX, PTR, CNAME)
    • Monitor BIND DNS service status
    • Monitor BIND DNS zone status
  • Active IP Address conflict detection in both static and DHCP environments.
  • Integration of IPAM with our UDT product via subviews
    • See Port and User information on the same page as IP address Host or DNS assignment history
    • Shutdown port remotely in case of IP address conflict (UDT functionality)
  • New Icon pack for IP addresses, DNS zones and DHCP scopes.


Some of you may read IPAM 4.0 RC blog post that presents BIND DNS management and monitoring and IP Address conflict detection. For thos who didn't, here is a short summary:


BIND DNS Monitoring and Management

BIND DNS is de-facto DNS standard and it's frequently used among IT guys. Those who need to configure BIND DNS via CLI know that there is a lot of space of human mistake during adding new DNS zones or updating DNS records. I can also imagine that admins are not comfortable with giving CLI credentials for read/write/create/modify BIND config files to people that just need to maintain DNS records. And that's why we added support for BIND management into IPAM - no more errors during config and no more sharing of CLI credentials.


Adding and configuring BIND DNS servers is a matter of few minutes. As a user, you need to do three steps:

  1. Add device that hosts BIND DNS as a node into IPAM (that will also allow you to monitor device performance)
  2. Let IPAM to scan BIND configuration (enable scanning)
  3. Allow/Deny other users to change BIND configuration (Power User role and above can do that).


BIND How To (arrows) resize.png


Active IP address conflict & User Device Tracker integration

IPAM 4.0 can detect IP Address conflicts (both IP static and DHCP environments) and help you to troubleshoot the problem. It would allow you to switch down the port remotely if you have UDT installed along with IPAM. Let's take an example of IP conflict and how IPAM may help you:


Client_conflict wireless.png

IPAM 4.0 offers following IP Address Conflict detection and historical data in order to help you identify devices in conflict.

  1. IP Address conflict is triggered
  2. IPAM contains information about the IP Address history assignment from where may user see MAC addresses that are using IP in conflict
  3. If UDT is installed, UDT view provides information about Device, Port and Active Directory information.
  4. UDT can remotely shut down switch port and unblock IP in conflict.

IP Address conflict_cr 1.png

IP Address conflict_cr 2.png

For more details about IPAM 4.0 release visit SolarWinds IP Address Manager Release Notes

Latest and greatest version of NPM 10.5 is ready for download from your customer portal.


Here are major improvements and new features:

  • Routing information including alerting for major routing protocols (RIP, OSPF, BGP)
    • View and search in routing tables.
    • See changes in default routes and flapping routes
    • View router topology and neighbor statuses
  • New Interface filtering UI to import discovery results:
    • Exclude virtual interfaces and access ports, or specific interface type
    • Select interfaces based on pattern matching including Regex formulas
    • The new preview UI for final selection of imported interfaces
  • Multicast traffic information monitoring and alerting, including topology information.
    • Automatic detection of multicast protocol and multicast group import into NPM
    • Display multicast information, route information, and device information in a single unified view
    • View multicast topology using upstream and downstream device list information
    • Generate intelligent alerts based on multicast errors
  • Interface Auditing
    • View user actions related to interface monitoring in NPM


As you may notice from above, this version of NPM adds another important element for successful and effective troubleshooting of connectivity and performance issues - monitoring of OSI L3 routing protocol information.


How does routing information impact network performance and availability?
     IP networks are critical for business missions, it’s not only router or switch hardware which can impact your network availability and performance. It’s also Incorrect routing or routing issues causing undesirable performance degradation, flapping and/or downtime. Getting such information requires “analytic tools”. In bigger network, routing can change very dynamically (adding/removing switches, Aps, VPNs, routers and IP subnets) and it’s almost impossible to monitor routing changes from the inside of the routers (too much simultaneous data).


Also, information like “Flapping Route” are not available for most of protocols directly on the server. The flapping route problem will cause frequent re-calculation of network topology by all participating routers or flood network with many Update packets. In both cases it prevents the network from routing and correct packet addressing. Another common issue is human error caused by incorrect creation of static routes. ICMP Ping won’t help you and since you can see that the device is up and running but you really need to see routers settings and check packet routing.

How is routing presented in NPM?

     If NPM recognizes that Node is actually a router that runs one of the OSPF, BPG or RIP protocol it will automatically gets routing information from such device. Routing information is then mapped to existing Nodes and Interfaces in NPM so you may see device availability statuses and network performance data. All new resources are under "Networking" tab on Node detail page.


NPM 10.5 also automatically detects multicast protocol traffic and imports multicast groups as a monitored object.

What is multicast?

      IP multicast is widely deployed in enterprises, and multimedia content delivery networks. A common enterprise use of IP multicast is for IPTV application. It’s also used for video and teleconferencing and it is about to transmit a single message to a selected group of recipients. A simple example of multicasting is sending an e-mail message to a mailing list. Mutlicast protocol is well known as a bandwidth-conserving technology that reduces traffic because it simultaneously delivers a single stream of information to thousands of recipients.

How to understand multicast availability and performance information?

     Because the topology is sometimes complicated it’s difficult to understand who can and who can’t receive multicast traffic. The network availability is a key and the status of the whole multicast group is a representative of (not)successful transfer of multicast stream.

Even though Multicast is designed to save bandwidth utilization, with many groups and many multicast sources & receivers, network may become saturated very quickly. There are tools like NTA which can sniff the network data and tell you what apps are causing the network traffic but people usually need to quickly read multicast node traffic utilization – bits per second. Looking at overall traffic consumed by multicast node, users may see the ratio of multicast vs. another type of traffic on the network and then optimizes QoS configuration to increase/decrease traffic priority, upgrade the link or change multicast routing so the traffic may go via another line. In a case that the multicast group status reports a problem, people need to have an information about Multicast Topology. Only topology information allows you to quickly jump between Upstream or Downstream device and let you find the root cause of the problem fast.

How NPM 10.5 solves Multicast problem?

     During first network scan, NPM detects multicast groups and list of nodes that are subscribed to each one.


NPM then creates a topology of upstream and downstream devices within a group and detects interfaces that forward or receive multicast traffic.


Re-worked Interface filtering page

     This is something you've asked us to improve (for example here or here on Thwack). We understand that filter & import only desirable interfaces took some time with previous version of the Interface discovery filter. If you run Discovery Importing wizard in NPM 10.5 you'll find re-worked UI for interface importing. You can filter by Interface status, VLAN port type, protocol type, hardware type. It now has support for advanced filtering and Regex conditions so create filter that will import just physical interfaces that are part of the specific VLAN ID is a matter of few seconds.


I believe that you will like the new functionality of NPM 10.5 and stay tuned, because we are already working on the next version.

We know that IP Address Management is more and more important because networks became much more flexible, dynamic and people are used to bringing their own devices into corporate networks. If you've seen your What we are working on after 3.1, you won't be surprised that the new IPAM 4.0 beta contains support for BIND DNS, active detection of IP Address conflicts and better integration with User Device Tracker.


Active IP Address conflict detection

IP Address conflict is a typical nightmare of admins. IP Address conflict occurs if there are two or more devices in your network and have the same IP Address configured.



This is an issue that could arise on devices across any operating system that connects to a local area network (LAN) across any operating system, wired or wireless.


What problems may IP Address conflict cause?

Primarily network connectivity issues. Impacted machines are loosing internet access or general network connectivity until the conflict is resolved. It can impact laptop, VoIP phone or application server.


What causes IP Address conflicts?

There are three typical scenarios:


  • Bring Your Own Device phenomenon

    Typically happens when you bring your laptop or tablet from home to the work and you still have the "home" IP address assigned which can cause collisions within corporate network. It's also typical for business trips when you got assigned static IP in the hotel and then you come back to work. It may also occur in Virtualized environments like spin up VM clone in the same subnet when virtual machine has a statically assigned IP.

  • DHCP servers & their configuration

    Two DHCP servers are managing the same IP subnet/segment with overlapping IP addresses and DHCP server doesn't check the network IP status (IP used or not). IP address conflict happens when one machine already has a DHCP address assigned from the first DHCP server and another device is given the same IP address from secondary DHCP server. This could be a typical problem in "load balancing" DHCP configurations.


  • Human mistakes during IP address assignments

    When admins do not use any IP address management tools it is so easy to assign already used IP address to the new device on the network.


How to manually solve IP address problem?

First, you need to know who caused the conflict and find the MAC addresses that are in conflict. If you have such possibility, unplug device which should have correct IP address. Then use 3rd machine within the subnet to PING the IP address in conflict. Use "ping -a x.x.x.x in order to get two important values. First DNS name of machine which causing the conflict, second TTL value, which may help you to identify operating system. For example Windows has typical TTL 128, Linux may have TTL 64. You may find the whole list here.


It may happen that there is no device name provided or ICMP protocol is blocked by firewall. In this case, you may use "arp -a" command and list MAC address assignment for your IP address:


MAC address is useful information, because you may identify the vendor of that device. MAC address are unique and each vendor has the first three octets of MAC are reserved for identification. You may find the MAC vendor pre-fixes list here.


With MAC address information, you may do go to the switch and block related port, or block that MAC on your wireless router/AP and let origin device to use its IP address.

How to solve IP address conflict with IPAM 4.0 Beta?


As I stated above, IPAM 4.0 can now actively detect IP address conflict. We primarily focused on alerting and information about MAC addresses which is a key-point information for conflict troubleshooting. IPAM actively scans the network and if it detects duplicate static IP assignment or duplicate IP provisioning form DHCP server, it will trigger an alert with conflict information:


Once you see IP Address in conflict, simply click on the IP or MAC address info in the alert message and it will take you to the IP address detail page, where you may see MAC address assignment history. Another IPAM 4.0 improvement is better integration with UDT product. So you may directly see device & port where are machines connected.


You may use IPAM Message Center too and get all history of IP Address conflicts:



As you see, you no longer need to use multiple commands via CLI or use 3rd machine to ping who is IP address in collision. More than that, you can see connectivity details including port and user information on one screen. Now you can use for example NPM which can remotely shut-down interface and disconnect the device from the network, or simply connect to the switch and block that port via CLI. Also, because IPAM uses alerting engine you should get IP address information before impacted person creates IT ticket (which will take some time while disconnected from network)


BIND DNS Monitoring & Management


BIND DNS is one of the most used DNS solutions. IPAM 4.0 now adds support for monitoring and management of BIND DNS services on Linux. You can now manage your Microsoft DNS and BIND DNS via one web-console. IPAM supports all important DNS tasks like automatic monitoring and management of DNS zones, two-way synchronization of DNS records and DNS server availability.

If you want to add your BIND DNS server into IPAM use short wizard that will lead you through the process of addition. When added in IPAM, it will sync and import actual BIND DNS configuration and then you can monitor or manage zones & DNS records:

addBind.png Bind DNS.png

BIND Zones.png


IPAM 4.0 Beta is ready to be tested. All users under active IPAM maintenance may get Beta build and try it for free on non-production environment. If you would like to try it, simply fill this IPAM Beta Agreement.

As always, we also have Thwack IPAM Beta forum and it would be great to get your feedback there.



I'm happy to announce that NPM 10.4 release is officially here. This version is literally packed with new features! All current NPM customers under active maintenance can download the upgrade from their customer portal.

In the past few months you could vote what features you would like to see in your favorite network monitoring software, NPM, vNext and we were listening. 10.4 comes with the most wanted ones:


Custom Property Enhancements

We migrated the custom property editor on web. Now it's part of the main Orion webconsole and accessible from NPM and other SolarWinds Orion family products. New intuitive wizard will take you through the process of creating new custom properties.You can also specify a list of pre-defined values to minimize entry errors.


Header  CPE.PNG 1Header 2CPE+4.png

Audit Tracking

Version 10.4 comes with user auditing feature. You can now monitor who made what action/change in NPM. New auditing functionality is fully automated, you don't need to set up rules or policies it works immediately after installing 10.4. All information is available through Message Center where you can filter, sort and see all the details. You can also see a new Top 10 resource on summary page:auditing1.png


Hardware Health Monitoring for your network devices

SAM users know how useful is the hardware health of their servers. NPM users didn't have out of the box support for that (they had to use custom pollers) to monitor critical hardware parts of routers or switches like Fan speeds, temperature sensors or health of power supplies.


NPM 10.4 now allows you to prevent hardware malfunctions by monitoring your hardware with more details. We added support for Cisco, Juniper, HP, BigIP F5 and Dell networking devices. You can also set an alert to be notified if some sensor exceeds a threshold and you can track historical data




Looking at the hardware health historical chart reminds me that NPM network monitor has been completely migrated to the new "drag & drop" chart engine so you may use interactive features like zoom-in or switching on/off chart data on every single chart now.


Out of the box support for BigIP F5 devices


BigIP devices are widely used and they are bit special compared to other networking hardware. CPU and memory polling is not enough for F5 effective troubleshooting. The important highlevel metrics are Throughput  Connections (SSL, opened) and Failover status. If you are interested to see more details NPM can provide you with the list of Virtual Servers, Pools and Nodes. All these lists carry information about IP address and element status.






A lot of cool network management stuff don't you think? But that's not all there is decent set of another features waiting for you.


UI improvements - Subviews


We know that it's hard to make everyone happy with how we categorize and group items in our NPM webconsole menus. Sometimes you need better granularity and possibility to group particular data into some kind of tab or bookmark. NPM 10.4 now supports concept of "Subviews". This UI enhancement is there mainly for better organization of your views and gives you freedom for creating your own categories on website. It also speeds up the web by allowing you to focus on the resources you really need to load instead of loading every resource every time. Subviews are displayed as a left navigation menu that allows you to quickly go to different views for a node. You can enable Subviews by clicking Customize Page then the "Enable left navigation" button.




As you can see you may create your own tabs anywhere, NPM 10.4 also comes with pre-defined subvies in order to help you with intuitive navigation.

Let's continue with another important enhancement.


Universal Device Poller (UnDP) improvements


UnDP - something that NPM users know very well. NPM didn't support multiple device pollers in a single chart. This is useful when you need to correlate trends between various metric from your device (temperature vs. CPU frequency vs. fan speed). 10.4 gives you the possibility to define new type of chart where you can put various UnDP pollers on your "Y" axis like this:


You can simply click "Add More" and select your existing custom poller. Then you need to define units for your data. NPM can automatically convert some kind of units into higher or lower metric (for example bytes to Kb) so you can read it on your chart without counting zeros. This chart also runs on the new engine so you can use zooming and other features.




























Another useful improvement for UnDPs is UnDP Parse Transform function. This is little bit advanced feature to use. It is especially useful when you have custom pollers that return a text string and you have to parse the text string to remove the number and use it in a transform function. If you want to use it, go to the UnDP application (Windows start menu -> SolarWinds Orion -> Network Performance Monitor -> Universal Device Poller) on the NPM server. For the formula use the following syntax: parse((REGEX,{POLLER}) as you can see on the picture bellow.


The regular expression you need will depend on the string you are trying to parse.

We also tweaked UnDP polling retention settings capabilities. If you go to the UnDP settings you may now change the polling interval for each pollers type and also define retention period for the UnDP statistic data and summaries.



Those are just most visible new features in the new Network Performance Monitor. I would like to briefly mention other important and useful features:

  • Support for Microsoft Windows 8 (for evaluation purposes) and Windows Server 2012
  • Native support for HP MSM 760/765 wireless controllers.
  • De-duplication of nodes with the same IP address


You may also see release notes for the list of bugs we fixed.


As you can see, this release is really big one and I would like to thank you - our great Thwack community for your contribution and willingness to help us understand what problem do you need to solve. Thanks!

Filter Blog

By date:
By tag: