Skip navigation
1 2 Previous Next

Product Blog

29 Posts authored by: michal.hrncirik Employee

Something we hear quite often is "how can I build custom SLA report in Orion". Everybody who is a bit familiar with Orion knows our web-reporting tools which is the right place to start, however sometimes it requires more than a click & point tweak in reporting.

(we've made this article official: SLA Reports )

 

I'll use this SLA request example: WAN SLA availability by time zone & 7x24 in order to demonstrate one of the ways how to get there.

 

What you'd need to accomplish this?

  1. NPM (or any other SolarWinds product)
  2. Orion SDK - Orion SDK Information
  3. At least one hour data history for the devices which should appear in your SLA report. In my case, Nodes and business hours.
  4. 30 minutes of your time

 

What will be the result:

Our goal is to create daily custom SLA report for Node availability (in %) which shows the device availability only for our business hours - in our case 7AM - 6PM

The result may look like this:

Node             SLA Availability          SLA Hours         

New York      92.33                         7am-6pm   

 

Let's get started:

First problem we need to solve is how to "tell" system what are our report business hours. This seems to be a best fit for Orion custom properties. Let's create two custom properties: 1) time_from 2)time_to and assign the values to all nodes.

 

Go "All Settings" -> "Manage Custom Properties" -> "Add Custom Property" -> Select Nodes and click "next" -> specify property name "time_from" and apply on "reports" -> Select all nodes to assign a property.

 

Now we need to assign the start rush our time in a bulk operation to all nodes. Select "view/edit values" and set "7" to the field:

 

 

Ok, now go and repeat all steps above for "time_to" and value "18" (6PM).

 

Ready? Good. We have data ready and now it's time to data-mining. For that purpose we're going to use SolarWidns proprietary business logic and data layer represented by SolarWinds Information Service - SWIS. Which has simimar syntax to SQL but gives you much more power to get properties via "." operator (no need to know entire database table structures). In order to tune the final query we will use SWQL Studio tool which is part of SDK you already installed into ProgramFolder (x86)\Orion SDK\

 

Run the studio and enter the FDQN name of your Orion server (or IP Address), Administrator credentials and from drop-down select "Orion (v3)" which defines version 3 of SWIS.

If the connect is successful you'll see the SWIS database structure on the left hand side:

And again, this is not equal to your SQL server structure, this is the database structure Orion primarily use for viewing data and it's strongly recommended to use over direct SQL access because it provides data consistency, performance optimization and it will guarantee your reports to be working even if database structure is changed during product updates.

 

Prepare the SWQL query

Not the fun begins and we need to define SWQL query for our data set.

 

Here is the one I use to get the data for my SLA report:

 

select n.Caption, sub_query.sla_day, sub_query.sla_availability, n.CustomProperties.time_from, n.CustomProperties.time_to FROM

(

   SELECT avg(Availability) as sla_availability, datetrunc('day',datetime) as sla_day, r.NodeID

   FROM Orion.ResponseTime r

   where hour(datetime) >= r.Node.customproperties.time_from and hour(datetime)<= r.Node.customproperties.time_to

    group by datetrunc('day',datetime), r.NodeID

) as sub_query

 

inner join Orion.Nodes n ON n.NodeID=sub_query.NodeID

 

For those who are bit familiar with any SQL type of language it should look familiar. Here is what I've done

 

First I need to compute average data from Orion.ResponseTime table and I need to apply rush hour limitation defined by custom properties from above. This represents inner query. "Datetrunc" function is able to take a day, hour or month from entire date. I need a day so I can guarantee avaliability for each node is computed for only a given day and then for rush hours time interval. It's easy compare condition.

 

Second I need to return the results of average node availability for time-segment and apply a table formatting so I will see "Node Caption", day/date, availability and time_from and time_to defining SLA business rush hours.

 

And the result?

Great, so we can tune our query and add/remove columns or apply additional sorting.

 

Publish and view in Orion reporting.

Time to take our work and make it available for all Orion users. To do so, go to Orion web console -> reports -> manger reports -> create new report. And we will create new CustomTable based report.

Follow the steps below to accomplish your task where we enter our SWQL query, select the columns for report and apply sorting by date:

 

1)

2)

3)

4)

5)

6)

7)

8) voila - here comes the final report

 

We're done. Till now our new report "Node SLA report - business hours" will be available in the list of reports in Orion and you can also schedule the report on daily/weekly basis as you need.

Please be aware our maintenance rolls-off the finest detailed data each month (30 days) and if you run the report after that period you won't be able to see full granular details beyond 30 days time border.

 

I hope you find this useful and it inspires you to experiment more with SWQL and SWQL studio in order to build the reports you're looking for. SWQL studio will also help you to browse our data structures so you can learn by walking and master your custom report skills in Orion.

Understanding network bandwidth content is one of the essentials for each IT admin who needs to ensure the business traffic has always the priority over someones private Youtube streaming during a lunch break. SolarWinds Network Traffic Analyzer has been used many years for its ability to finger point at IP address which was behind suspicious high-volume data transfer. NTA historically used widely used port-based application detection known as NetFlow (used in protocols NetFlow v5, v9, IPFIX, sFlow, jFlow, Huawei Netstream).

 

As many of you know, port-based application detection works effectively if each application you care about communicates via its own, specific, port (SNMP, SQL, DNS, etc.). As a natural reaction to block unwanted traffic you may create firewall rules and allow specific ports only. This works unless the owner of the application change its protocol to HTTP or even better HTTPs and port-based categorization is not as useful anymore (as firewall rules based on ports only). Most of the traffic will look like "WEB" or "Encrypted".

At the end of a day, it's still better than knowing nothing but it leads to the further inspection by using firewalls and logs or user browsing history or Wireshark hunt.

 

But we all would like to have better visibility into the corporate network traffic and understand if business traffic or video call is not negatively impacted by somebody's web browsing or media streaming. Many network-gear vendors are aware of that problem with "tunneling" over ports 80 or 443 to various cloud storage apps, SaaS or social networks. Cisco, Citrix or PaloAlto introduced "Application Flows" known as NBAR2, Citrix AppFlow and Palo Alto App-ID in IPFIX. All these names have one common element - advanced application classification technique using application signatures database and deep packet inspection. This is all done directly within your network gear (Routers, some L3 switches, firewalls and Wireless Controllers).

 

The advantage of "AppFlow" technology is obvious. It gives you better application classification even though applications are using the same port (for example port 80). It gives you visibility (even though limited) into encrypted traffic (port 443) and it gives you that without need of additional probes, spanning ports and other complicated things. Palo Alto, Cisco and Citrix keep their application signature databases up to date and usually offer new device updates every month as a classic software update for your gear. As example look at this page NBAR2 (Next Generation NBAR) Protocol Pack FAQ - Cisco which list NBAR2 supported devices and also typical Protocol Pack update time-lines.

 

Many of you already have Cisco ASR 1000 or ISR-G2 devices and if you haven't, you can use SolarWinds NTA (beta) now and get better application visibility of your bandwidth. NTA 4.2 beta brings support for Cisco NBAR2 as a first (but not last) implementation of Application Flow information. NTA still uses flow-based technology to read app-flow and is quite easy to enable NBAR2 on your devices and let NTA to tell you who deals to much with Youtube over SSL, Google cloud application or torrents.

 

I know you're interested to try this out and takes you just few steps:

 

1) Enable NBAR2 as part of Flexible NetFlow (if you haven't yet)

 

flow record SolarwindsNetflow

match ipv4 tos

match ipv4 protocol

match ipv4 source address

match ipv4 destination address

match transport source-port

match transport destination-port

collect transport tcp flags

collect interface input

collect counter bytes long

collect counter packets long

collect timestamp sys-uptime first

collect timestamp sys-uptime last

collect application name

 

flow exporter SolarwindsNetflow

destination 10.140.27.226

source GigabitEthernet0/1

transport udp 2055

template data timeout 60

option application-table timeout 60

option application-attributes timeout 300

 

flow monitor SolarwindsNetflow

exporter SolarwindsNetflow

cache timeout active 60

record SolarwindsNetflow

2) Configure the interface from where you want to monitor Netflow (with NBAR2) - this part is the same as you do when configuring classical port-based NetFlow (in my example GigabitEthernet 0/0/1)

 

interface GigabitEtherent 0/0/1

ip flow monitor SolarwindsNetflow input

ip flow monitor SolarwindsNetflow output

 

3) Check NBAR2 support & configuration by runing  "show ip nbar version" command

 

You should get output similar to this:

NBAR software version:  20

NBAR minimum backward compatible version:  20

 

Loaded Protocol Pack(s):

 

Name:                            Advanced Protocol Pack

Version:                         14.0

Publisher:                       Cisco Systems Inc.

NBAR Engine Version:     20

Creation Time:                 Wed Mar 25 13:17:24 UTC 2015

File:                                flash0:pp-adv-isrg2-154-3.M2-20-14.0.0.pack

State:                             Active

 

 

4) Subscribe to NTA 4.2 Beta program (available for those who have NTA commercial license)

button(1).png

 

5) Install NTA Beta on the non-production server and add NetFlow source Node into NTA (same process as you adding classical NetFlow source).

 

Once you start getting the data in NTA you will see a switch in a top right hand corner on a summary page in the "Top 5 Applications" resource. Use it to select between NetFlow - port based and NBAR2 - AppFlow data view. This switch is available everywhere in NTA for the charts which show some application classification. NBAR2 is automatically detected and if device doesn't support NBAR2 you'll be not able to use that switch.

 

Let's demonstrate the added value of App-Flow NBAR2 comparing classical NetFlow v5 and NBAR2 data classification for the situation where some IP address watch Youtube over SSL:

 

NBAR2NetFlow v5

 

I would very happy if you - SolarWinds users - can try this beta and help me to collect feedback on two main questions:

 

1) What version of your protocol pack you have on your devices (step #3 from the list above)

2) Does NBAR2 in NTA helps you to see better data than the current port-based flow?

 

As always, I appreciate all your effort and enthusiasm you spent with this Beta version of NTA. I'd like to hear to any other comments and feature request you may have around this theme such as reports, alerts, etc.

 

We do not want to end support with NBAR2 on ASR or G2 devices, but also working on WLC support and to the future Citrix and PaloAlto AppFlows. If you have other app-flow capable device, let us know.

 

button(1).png

Network traffic limitation is very useful concept, because it gives you the control of what critical application/traffic must be prioritized over others router ingress/egress. However it's a challenge to define traffic limitation rules and it's even more tricky to understand how they are applied on a real network. Show of hands...how many of you had to solve a problem with server, protocol or application performance even though overall switch/router interface utilization wasn't a problem? In such situation you're looking at QoS class packet drops in order to understand what's limited. That's certainly useful, but then you have to figure out how much you need to increase it, which turns into indirect mathematical formula: new QoS class % limitation = ((dropped packets/s + class speed limitation)/ class speed limitation) *100. Instead of wrestling with math- try out new NTA 4.1.1 Beta which displays QoS policing and shaping class utilization.

 

Before we jump to the beta, let me briefly go over QoS policing and shaping theory.

 

QoS Policing ("police" command)

 

Defines router interface Inbound and Outbound limitation and in case data is over limit it drops excess packets. Doesn't do any packet buffering. Configuration limit is in bytes.

 

Advantages: As it drops packets, it doesn't cause any packet delays in queue.

Disadvantages: Simply drops excess packet = data loss, affect TCP window sizes and reduce overall output rate capacity of impacted data streams with this policy (classes with drops in NTA).

 

Let's assume you've 75 MB/s limit on your bandwidth from ISP. The result of applying "police" command may looks like this:

 

Stream before limitationPolicingStream after the limitation
QoS with policing and shaping-original.pngarrow.pngQoS with policing and shaping-policing.png

QoS Shaping ("shape or traffic-shape" command)

 

Defines router interface (only) Outbound limitation and it buffers and queues excess packets.Configuration limit is in bits/s.

 

Advantages: less prone to data loss because of buffering.

Disadvantages: Likely to introduce packet delay because of buffering and queuing.

 

And the result of shaping policy may looks like this:

 

Stream before limitationShapingStream after the limitation
QoS with policing and shaping-original.pngarrow.pngQoS with policing and shaping-shaping.png

 

If you interested in more details (how to configure policing and shaping, Cisco has a good overview here: Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.2 - Policing and Shaping Overview [Cisco IOS Soft… ).

 

Now, how can you get that right hand part from the charts above? Well, NTA 4.1.1 beta brings support of QoS policy polling on Cisco devices. You may see not only limitation applied on your classes (bits or %) but NTA also tracks historical utilization of the post-policy class utilization in respect to the class limitation.

 

1) Install your NTA 4.1.1 beta - NOT ON YOUR PRODUCTION SERVER (we don't support upgrades from beta)

2) Add your CBQoS devices/nodes

3) Go to the CBQoS detail page.

 

What's new in NTA?

 

Limitations in QoS policy resources

beta_cbqos-limits.png

 

Post-Policy Class % utilization in respect to the policy settings

Go to the Edit of the "post-policy" resource and select "% of class utilization" from "Data Units" options:

beta_cbqos-limits-setting.png

 

Submit changes and the "Post-Policy" resource changes into this:

beta_cbqos-limits-history.png

 

What it tells you is your class "host_10.140.46.119" is in spike reaching to 60% of it's QoS limit. We also prepared the OOTB report "post-policy QoS" which contains the QoS utilization.

 

Many of you are certainly interested in running this on your network prior NTA 4.1.1 GA and that's why we have Beta program. Simply click on the enrollment button below and you'll get your NTA beta today.

 

button.png

As always, your feedback is more than appreciated (contact me directly michal.hrncirik Product Management)

Citrix CloudBridge provides a unified platform that connects and accelerates applications and optimizes bandwidth utilization between branch offices and enterprise data centers and public clouds. One of the coolest features of Citrix CloudBridge (except Video caching, WAN virtualization, etc.) is WAN traffic optimization via data de-duplication, compression and protocol acceleration. This is really helpful if you have multiple remote offices which connect to your data center(s) over WAN where this kind of "WAN accelerator" can provide noticeable improvement of end user experience. The appliance can recognize the type of traffic and does continuous flow detection for WAN optimization. The result is reduced amount for connection and requests between thin client and data center (CloudBridge can send data in bigger chunks comparing to standard TCP communication).

 

cloudbridge2.png

 

                                                                                                    VS.

 

 

cloudbridge1.png

 

As soon you have CloudBridge instance up and running, you will probably want to add to your existing network infrastructure monitoring to gain insight as to performance. SolarWinds collects and visualizes Citrix CloudBridge IPFIX records, thus enabling the customer to view real-time metrics, maintain historical reports, correlate metrics from the network data with thsoe from application data and configure alerts.

 

Network Traffic Analyzer can receive CloudBridge IPFIX protocol and show you the amount of accelerated traffic, type of TCP traffic and what IP address produces what traffic. \\

 

Here is how you can see NTA monitoring amount of data CloudBridge sends between instances over WAN where NTA shows you type of traffic coming/leaving the device and keeps historical data:

4 - top 5 apps line graph.png3b apps pie.png

 

How to configure:

 

1) Get your latest NTA as part of BAP (Bandwidth Analyzer Pack) - Network Bandwidth Analyzer – Bandwidth Monitor | SolarWinds

 

2) Enable IPFIX Collector on your Citrix CloudBridge Appliance:

     - Go to "Appliance Settings", click on "AppFlow".

     - Select "Layer 4 (256) - TCP Ingress" templage data set and select 2 minutes time interval and click "Save"

     - Add Collector, chose name, IP Address, port number 2055, enable your collector and click "Add"

 

3) Add Node Node in NTA - your CloudBridge IP Address and in 5 minutes you will see charts with IPFIX data from your instance.The results should look like this:

nta1.png

 

4) You need to add new application with specific CloudBridge protocol port (1494) in NTA

nta2.pngnta3.pngnta4.png

 

 

5) Go to NTA Summary page, click on your Citrix CloudBridge instance and NTA shows you top talkers, applications and domains for entire device.

 

4 - top 5 domains line graph.png4 - top 5 endpoints - line graph.png3b convesations pie.png

 

Alternatively, you may try SolarWinds FREE NetFlow Analyzer | SolarWinds which is good for one-shot troubleshooting and "appflow" monitoring.

As always, here comes a list of items we are working for the future of VNQM. We are listening and your comments will be more than welcomed.

 

  1. Support for SIP Trunk utilization troubleshooting and SIP protocol connectivity troubleshooting. Support for SIP and H.323 Trunk utilization monitoring Gateway / trunk Combined utilization view and alerting.
  2. End-To-End visualization of network map between two phones and connected ports & switches on a call route.
  3. Updating visuals - more attractive charts (zoom-in) + Web Based Report for VNQM , Export report from VoIP search page
  4. More out of the box reports with capacity trending. advanced VNQM reports
  5. Support for MS SQL 2014
  6. Performance improvements and more CDR data retention period (more than 1 month of the data in DB)
  7. Support for Cisco IO 15.x, ISR for IPSLA Support for IOS 15.3 on ASR
  8. Monitor PRI Utilization by Call Count Instead of % Utilization

 

PLEASE NOTE:  We are working on these items based on this priority order, but this is NOT a commitment that all of these enhancements will make the next release.  We are working on a number of other smaller features in parallel.   If you have comments or questions on any of these items (e.g. how would it work?) or would like to be included in a preview demo, please let us know!

I would like to share a list of items we are working for the future of Network Traffic Analyzer. We are listening and your comments will be more than welcomed.

 

  1. Improvements in unknown application detection in netFlow(s) - using Cisco NBAR2 (1000 apps) for understanding what's behind port 80, etc. (Support for Cisco NBAR)
  2. Network security protection using Network Behavior Analysis (using flows, not agents). Detect DDoS attack, mallware communication or any other suspicious network communication without end-point agent deployment.
    1. IP Address reputation - get warning if application/end-point communicate with potentially dangerous site, we will take care of updates and real-time IP address evaluation.
    2. SYN flood attack detection, DoS detection, unexpected TCP/UDP high volume detection, find the host-name and switch port/SSID information of the source of the traffic.
    3. Port scanning detection
  3. Improved Network Bandwidth Utilization troubleshooting - instead of showing applications from entire network, we want to point you to the most utilized interfaces (and even better, network links) and show you what are top application and top talkers responsible for that conversation.
  4. UDT Integration Integration: NetFlow and User Device Tracker
  5. Topology information within NTA - understand "what and where". See your WAN links or VPN connections and underlying border interfaces with all the traffic (applications) and top talkers on the single page.

 

PLEASE NOTE:  We are working on these items based on this priority order, but this is NOT a commitment that all of these enhancements will make the next release.  We are working on a number of other smaller features in parallel.   If you have comments or questions on any of these items (e.g. how would it work?) or would like to be included in a preview demo, please let us know!

IPAM and UDT have combined like Voltron to form the new IP Control Bundle and as an IT "pro-", you may finally say goodbye to the painful and long IP Address Conflicts troubleshooting. Say goodbye to the long down-time of your servers, key network infrastructure or disconnected end users, caused by duplicated IP address on your network. For new users IPAM 4.3 and UDT 3.2 are now also available as a combo of two products with "in-line" integration focused on IP Address Conflict troubleshooting. For our existing customers both new versions act as regular product upgrade. There is no difference in functionality between bundle and standalone versions.

 

What IP Address conflicts it detect?

 

1) Static IP Address assignment on two end-points within the same network

 

Typical situation when this may happen is cloning virtual machines. People simply download or copy virtual image and run it within the network not knowing if there is static IP address pre-set.

 

Conflict statiac.png

 

2) Static IP in DHCP environment


There is many situations when static IP address may cause conflict within dynamic (DHCP driven) network. It can be somebody's laptop with static IP from the hotel, it can be cloned virtual machine with static IP, it can be attacker who is trying to connect to local network using static IP Address. It also can be newly connected network printer which has usually default static IP from private pool of IP address range - 192.168.x.x

Static DHCP conflict.png

3) DHCP scope overlap (split-scope)


DHCP scope overlap problem can occur these days much more frequently because local networks are usually controlled through DHCP servers and if DHCP server goes down, nobody can get new IP Address and connect to the network. from that reason, IT build backup or fail-over solution which consist from two or more DHCP servers. It's usually DHCP config misconfiguration or DHCP failure which cause both DHCP servers can provide the same IP address to two totally different devices.

scope overlap.png


4) IPAM end-point reservation vs. actually connected device


In a case IT admin reserved IP address to the specific end-point (MAC address) and other device is currently connected with that IP it doesn't really mean, there is a real IP address conflict. This may be because of obsolete IPAM information, or an upgrade of originally assigned device. However, it could be just a time bomb waiting for the reserved device to be connected back to the network. In all cases, IPAM administrator should be notified about such situation and either update IPAM reservation or change IP address of unexpected device.

 

How can IP control bundle help you to solve IP Address Conflicts?

 

By two clicks you will get the most important information about conflict:

 

1) Who is in the conflict? MAC addresses, Vendor, Active Directory Information and connected port or Wireless SSID (UDT functionality)

 

2) History of end-points connection - who is assigned to the IP Address? Show recent user of given IP Address so IPAM admin can understand who should be disconnected first.

 

3) "How-To" steps helping you do an action

 

Here is an example of DHCP scope overlap and how IPAM and UDT can help you to troubleshoot the problem:

conflict story.png

 

Both IPAM 4.3 and UDT 3.2  are now ready on customer portal and waiting for your download and upgrade. If you don't have one of these product, or if you would like to evaluate entire IP Control Bundle, you may download it for evaluation.

 

IPAM and UDT also brings other improvements and bug fixes, for more details, see our release notes for IPAM and UDT.

 

I can recommend you to watch following web-cast we made recently, which not only summarizes IP Address Conflict issues but also compares multiple IP Address Management solution and demonstrates latest IPAM & UDT (IP Control Bundle).

SolarWinds is pleased to announce that latest and greatest version of IP Address Manager (IPAM) 4.1 has been recently released.

 

This new version primarily focuses on monitoring and management of high-performance DHCP service from ISC via IPAM web-console. 4.1 namely brings following new features:

 

  • A new re-designed DHCP management UI that helps to manage multiple methods of organizing IPs across Windows, CISCO and ISC DHCP vendors
  • Management of ISC DHCP subnet options, ranges and pools (New to ISC)
  • Monitoring of ISC shared network containers and their subnet utilization
  • Monitoring of ISC DHCP IP address static assignments within groups


But that's not all. We were listening to you, our users who requested support for more complicated configuration scenarios on DHCP servers. This advanced scenarios typically requiring setup for specific DHCP Options. IPAM v4.1 can namely do following:

 

  • Monitor and manage over 180 (RFC 2132) DHCP options on Cisco, Microsoft and ISC DHCP servers
  • New UI for DHCP options management with data type validator and text translation of numeric value of each option (you don't have look into RFC)
  • Automatic detection of supported/unsupported options per DHCP vendor
  • Both-way sync between IPAM and DHCP server.

 

For example, you may use options 66 & 67 in order to setup TFTP and VoIP config file name for your VoIP infrastructure running on DHCP server.

 

You may find additional information about fixed bugs and related details in IPAM V4.1 Release Notes

 

If you are interested in how the UI looks look like, here is a small summary:

 

1) ISC DHCP monitoring with shared subnets container

GA ISC.png

 

2) Create/Edit ISC DHCP Subnet - add pools, ranges or setup DHCP options

GA ISC Edit.png

3) DHCP options settings is the same for all vendors supported in IPAM

GA DHCP Options.png

 

 

IPAM 4.1 is available on your customer portal for a download and upgrade on production servers.

Many of you are patiently waiting for new version of VNQM and hope to see support for Avaya call quality monitoring. Well, now is a good chance how to help us recognize technical differences and challenges our engineering needs to solve before GA. We are here with first beta that supports Avaya call managers (have S7x series in our lab). We would highly appreciate if you can try to install this version on your test environment (could be VM) and let us know how it works on your end.

 

This is currently supported functionality:

  • Avaya support
    • Storing CDRs in Orion internal DB
    • VoIP search for Avaya calls (search with time and CM only)
    • VoIP Call details view (without CQR and Call Signaling)

 

If you want to participate in beta, you should own VNQM and be under active maintenance. Then you need to simply agree with this beta agreement: SolarWinds VoIP & Network Quality Manager 4.2 Beta Participation Survey and I'll send you download link.

 

How to add Avaya call manager? Click on "Add new call manager" button on IPSLA Summary page and our wizard will take you through the process.

 

I'd also welcome any feedback on wizard UI and improvement points.

 

Here are few screenshots:

 

beta 1.png

 

 

beta 1 - detail.png

beta1 - ccm details.png

When I talked to you - IPAM users, I've heard many times that one of the typical tasks of IP address management is obtaining available IP address(es) for selected subnet. This is tricky if you use spreadsheets and share it with more people (you never know if the doc is in sync and if you won't create IP address conflict).

 

You also voted for similar feature - IP Request Form on Twhack. Where one of the scenarios is ask & approve assignment of first available address in subnet.

 

In this post, I'd like to unveil an IPAM API method that can give you one or more Available IP Address in a subnet.

 

What we need in order to accomplish this trick:

 

  1. IPAM 4.0 (could be an Eval)
  2. Latest version of Orion SDK installed on the IPAM server.
  3. Access to Windows PowerShell (could be applied on Python, Perl or VBScript as well)
  4. User and Password into IPAM
  5. Ten minutes of your time :-)

 

Install and configure your IPAM

Simple start, install and configure your IPAM. It must contain at least one subnet with IP addresses and their statuses inside:

 

Install your Orion SDK

Orion SDK will provide API access to IPAM database via secure methods. I don't expect any single problem during install process (link for download). My recommendation is to install as local Administrator.

If you run into any problem, please speak up in this forum on Thwack.

 

Open your PowerShell window

And now the real fun begins. Run your PowerShell Window and make sure that Orion SDK was successfully registered:

Type this command: Get-PSSnapin | where {$_.Name -eq "SwisSnapin"}) and hit enter key.

The result should looks like this:

 

If you didn't get this, simple type following command (will add PowerShell snappin from SDK)

Add-PSSnapin "SwisSnapin"


Now you have to setup connection to your database/IPAM.

Type in following commands and change your $hostname to domain name or IP address of your IPAM, $username to the username you want to use for connection and $password to your password (like $password = "solarwinds"). If you are using Eval of IPAM and running the script from the same machine, keep it as it is below.


$hostname = "localhost"

$username = "admin"

$password = New-Object System.Security.SecureString  

$cred = New-Object -typename System.Management.Automation.PSCredential -argumentlist $username, $password

$swis = Connect-Swis -host $hostname -cred $cred

 

OK, so we set up the connection, and now we can call an API method and get information about available IP Address. You also need to know the name of the subnet from where you want to get free IP Address. In our example I'll use "DEV" name (see screenshot above). Type in the command below and hit enter key:

 

Get-SwisData $swis 'SELECT TOP 1 I.Status, I.DisplayName FROM IPAM.IPNode I WHERE Status=2 AND I.Subnet.DisplayName = ''DEV'''

 

Et voila:

 

As you may see we got first free available IP Address as 10.140.126.4 with status "2" (Available") which corresponds to my sample IPAM data:

OK so that's good, but I don't assume that you'll want to run such background script every time you want to get your first available IP Address. You can certainly save the whole script into a file and then run it just by simple click (feel free to download my example).

 

The result of the "Get-SwisData" is stored in DataSet - .NET object which you may use for further processing. For example, you can store the results to the file or you can call it from the web service or helpdesk system.

 

If you want to iterate via IP addresses in the result, you may use this powershell query (useful when getting more than 1 free IP address or you want to run the query for more subnets):


$addresses = Get-SwisData $swis 'SELECT TOP 1 I.Status, I.DisplayName FROM IPAM.IPNode I WHERE Status=2 AND I.Subnet.DisplayName = ''DEV'''


foreach($address in $addresses)

{

     write-host "Free IP Address is" $address.DisplayName

}

blogpost foreach.png

We can slightly modify SWQL query and populate subnet address and CIDR next to the available IP Address (by the way, this is the beauty of SWQL language, you don't have to use JOINs in many cases, simply use dot notation in order to list properties of related entity - in this case "Subnet"):

 

$addressesWithSubnets = SELECT R.Address as SubnetAddress, R.CIDR, R.FriendlyName, R.PercentUsed,

(SELECT TOP 1 I2.IpAddress FROM IPAM.IPNode as I2 WHERE I2.Status=2 AND I2.SubnetId = R.GroupID ) AS FreeIpAddress

FROM IPAM.GroupReport as R WHERE R.GroupType='8'

 

Where GroupTyp=8 means type "subnets" (not supernets or DHCP scopes,etc.)


Then the result may look like this:

subnets-script.png

 

I can iterate through the $addressesWithSubnet variable and do whatever I need witch each record, for example send email, send data into help desk, update database (custom property) or store it into a file.

 

The interesting option is create a webservice that can call this IPAM powershell script with attribute "subnet name". Then you can ask for first available IP address from anywhere.

 

Example where simply writing each row to the console output:

list of subnets.png

Download the full script.

 

Example of .NET webservice that can call our PowerShell script:


[WebMethod]

//When calling the method put the path to our script file as parameter to the method GetFreeAvailableAddress.

//For example: c:\script\getFreeIP.ps

//Feel free to add exception handling you prefer.


public void GetFreeAvailableAddress(string script)
{
  
RunspaceConfiguration rC = RunspaceConfiguration.Create();

  
Runspace runspace = RunspaceFactory.CreateRunspace(rC);
   runspace
.Open();

  
RunspaceInvoke scriptInvoker = new RunspaceInvoke(runspace);

  
Pipeline pipelineCommand = runspace.CreatePipeline();
   pipelineCommand
.Commands.AddScript(script);

  
// execute the script
   pipelineCommand
.Invoke();
}

 

Integration with SAM (Server and Application Monitor)

One of the easiest way to get Powershell script monitored by Orion web interface is via SAM (try eval if you don't have it). SAM can monitor powershell scripts and show the results on the web very simply.

 

I had to just re-format the output of my PowerShell script and then define new PowerShell template in SAM so it can transfer the data from script on web.

There is a very nice article about how to add Script Monitor into SAM. So I'll skip this phase and just summarize that what you need to do on your Script side, is populate data you want to show via two specific messages:

Detail Type

Required

Meaning

Statistic

Yes

A numeric value used to determine how the monitor compares to its set thresholds. This must be an integer value, (negative numbers are supported).

Statistic.Name1: 123

Statistic.Name2: 456

Message

No

An error or information message to be displayed in the monitor status details. Note: Multi-line messages are supported. To use this functionality print each line using a separate command. For example:
Message.Name1: abc

Message.Name2: def

and it must end by "Exit(0)" statement.

 

I modified our script in order to produce messages that are parsed properly by SAM (how to add add new SAM template). The template show you percentage used of IP address per subnet and also first free IP Address for each subnet.


Section added


Write-Host "Message.$($freeIP.FriendlyName): Subnet: $($freeIP.SubnetAddress)/$($freeIP.CIDR) named: $($freeIP.FriendlyName) has this available IP  ADDRESS$($freeIP.FreeIPAddress)";   

Write-Host "Statistic.$($freeIP.FriendlyName): $($freeIP.PercentUsed)";

 

Feel free to download SAM template from here. Wondering how the result looks like on the web? Here it goes:

utilization.png

statistics comments.png

 

Let me know if you have any questions and don't be intimidated by our API, it's very easy to use.

I'm happy to announce that IP Address Manager 4.1 RC1 is available for download and installation on your production servers.

Except bug fixes, there are two new big features we added into this release of IPAM:

 

  1. ISC DHCP management and monitoring
    • Create, edit or remove ISC DHCP subnets directly in IPAM using the same UI as for Microsoft or Cisco DHCP
    • Manage ISC DHCP subnet options, ranges and pools (RFC standard options, including options 66 & 67 for VoIP settings)
    • Default alerts for high DHCP subnet utilization
    • Monitoring of ISC DHCP shared subnets and their utilization
    • Monitoring of availability of ISC DHCP servers and their subnets (up, down, unreachable)
    • Monitoring of ISC DHCP IP address static assignments within groupsall DHCP vendors.png
  2. Support for management of standard DHCP scope options on Microsoft or Cisco DHCP servers
    • Setup VoIP options (66 & 67) on your DHCP scopes
    • Manage all RFC standard DHCP options using web UI that describe usage of each option.
    • Automatic both-way DHCP scope option sync between IPAM and DHCP servers

 

The installation is available on your customer portal or via this RC agreement (IPAM 4.1 RC Participation Survey).

 

You should contact SolarWinds support in case of any problems or bugs you found.

 

We are looking to your feedback on this latest version.

In the last release of VNQM we brought the VoIP troubleshooting for your Call Managers. Those of you who maintain VoIP company infrastructure are probably familiar with the VNQM call signaling topology resource:

callDetail_gateway.png

This resource contains devices "1005 & 1041" which are typically gateways. These devices connect your internal VoIP sub-system to the line of your data/voice provider(s). You may typically hear "PRI or PRI Gateway" when talking about inside out or outside in VoIP connectivity. What is PRI? The definition says that PRI (Primary Rate Interface) is a telecommunication standard used in the Integrated Service Digital Networks (ISDN), for carrying multiple DS0 voice and data transmission between two physical locations. More technically, a PRI is a type of VoIP line that provides up to 23 separate 64 Kbps B lines and one data channel like with 64 Kbps in a T1 configuration (typically USA) or 30 B lines and one data line in a E1 configuration (typically Europe).

 

PRI is quite popular today among businesses because of many benefits it has:

  • Scalable technologies that can grow or shrink with your business
  • Low cost
  • Use of existing PBX system technologies
  • Multiple sites can be connected into the same system eliminating maintenance and installation charges across locations
  • Doesn't impact end-users (can dial the number as they were used before)
  • Increased high-tech communications options
  • Can be managed remotely via web-based consoles

And this "PRI Gateway" is something that VNQM 4.1 can now monitor and brings you an another piece of information to solve your VoIP problems. To be very specific, in the case of VNQM 4.1 it's about Cisco devices (MGCP gateways) that have support for PRI.

You, Thwack users, had many dicussions or feature requests (here or here), about how to see utilization of your PRI trunks. You could also read about PRI in a Geek Speek blog post .

VNQM 4.1 RC is ready to be installed on your production and it is fully supported by SolarWinds support. If you are a IPSLA/VNQM active maintenance customer you are more than welcomed to sign-up here for a RC download

 

What Do We Need to Monitor?

A typical monitoring task for the T1/E1 is to monitor a number of active channels/trunks and their utilization. Some of you were also asking for monitoring of "VoIP vs. Data" ratio on the line. VNQM 4.1 can do both now. We don't use SNMP in this case, because Cisco has a bug in their SNMP implementation which results in incorrect trunk call utilization data being reported.

 

Now, how do you see this data in VNQM?

  1. Use a new gateway wizard to add your device to be monitored as the MGCP gateway at VNQM settings page

 

add gateway_cr.pnggateway wizard.png

 

  2.  When you have successfully added, you should see the list of your gateways on the VoIP summary page:

gateway summary.png

3.  Click on the Gateway from the resource above or in the signaling resource that's part of the call details page. This will take you to the brand new Gateway detail page:

Gateway detail page_cr.png

 

How to see data distribution and PRI trunk utilization - are you paying too much to your provider?

Gateway detail page_cr 1.png

Data distribution chart can show you a total usage on your PRI gateway, data & VoIP traffic

distribution and you can also drill down to see each trunk utilization specifically. "Trunk Utilization" resource will give you a good historical overview where you may see spikes or gaps over a time.

In our case, we can see that more than 37% of the capacity

is not used over last three months. So why to pay so much to your voip/data provider?

You can reduce amount of lines you need for the connectivity with the outside world.

The same chart could be also used for a troubleshooting of call connectivity.

In a case you reach maximum PRI utilization, your calls can't be connected

and it's time to figure out who is causing such load (CDRs), ask your provider for more bandwidth, or, at least, set up VoIP precedence policies. Gateway detail page_cr - 2.png

 

 

 

 

Want to see more "per trunk" utilization details? Not a problem:

Gateway detail page_cr_cr - 3.png

 

 

 

 

How to see problems on a gateway?

It's possible to do it via VNQM search page itself. But, you can save some time and see the most important metric - failed calls, and call quality issues directly on each Gateway detail page:

Gateway detail page_cr_cr - 5.pngGateway detail page_cr_cr - 4.png

In order to see call details, phone numbers, etc. simply hit "Search for all failed calls" link at the bottom of the page and VNQM will filter out Gateway relevant calls only."Easy peasy" don't you think?

PRI & trunk utilization monitoring is a major feature of this release. However, VNQM 4.1 also brings a new web-based reports with charts you may read about in this post.


VNQM 4.1 RC is ready to be installed on your production and it is fully supported by SolarWinds support. If you are a IPSLA/VNQM active maintenance customer you are more than welcomed to sign-up here for a RC download

SolarWinds has prepared a new on-line sessions for all of you who are interested what's coming in our product series. This sessions will be presented by Product Managers and we believe that it will give you an interesting look into product's future.

If you would like to attend, simply make your registration at GoTo meeting web site: New Series: PM-Hosted Monthly Product Roadmap Updates

 

The upcoming Wednesday 17th July's session will be focused at Network Performance Monitor 10.5 and beyond. In this episode, we will review the new features in SolarWinds Network Performance Monitor v10.5 and additionally, we will discuss what we are working on for the future. Feel free to bring your comments and questions.

 

See you there.

New IP Address Manager 4.0 just has arrived. The upgrade is available for free for all IPAM customers under active maintenance and can be downloaded from the SolarWinds customer portal.

 

The 4.0 comes with following list of new features and improvements:

  • Support for BIND DNS management and monitoring
    • Create, edit, delete DNS zones and DNS records for BIND DNS v8.x and v9.x (A, AAAA, MX, PTR, CNAME)
    • Monitor BIND DNS service status
    • Monitor BIND DNS zone status
  • Active IP Address conflict detection in both static and DHCP environments.
  • Integration of IPAM with our UDT product via subviews
    • See Port and User information on the same page as IP address Host or DNS assignment history
    • Shutdown port remotely in case of IP address conflict (UDT functionality)
  • New Icon pack for IP addresses, DNS zones and DHCP scopes.

 

Some of you may read IPAM 4.0 RC blog post that presents BIND DNS management and monitoring and IP Address conflict detection. For thos who didn't, here is a short summary:

 

BIND DNS Monitoring and Management

BIND DNS is de-facto DNS standard and it's frequently used among IT guys. Those who need to configure BIND DNS via CLI know that there is a lot of space of human mistake during adding new DNS zones or updating DNS records. I can also imagine that admins are not comfortable with giving CLI credentials for read/write/create/modify BIND config files to people that just need to maintain DNS records. And that's why we added support for BIND management into IPAM - no more errors during config and no more sharing of CLI credentials.

 

Adding and configuring BIND DNS servers is a matter of few minutes. As a user, you need to do three steps:

  1. Add device that hosts BIND DNS as a node into IPAM (that will also allow you to monitor device performance)
  2. Let IPAM to scan BIND configuration (enable scanning)
  3. Allow/Deny other users to change BIND configuration (Power User role and above can do that).

 

BIND How To (arrows) resize.png

 

Active IP address conflict & User Device Tracker integration

IPAM 4.0 can detect IP Address conflicts (both IP static and DHCP environments) and help you to troubleshoot the problem. It would allow you to switch down the port remotely if you have UDT installed along with IPAM. Let's take an example of IP conflict and how IPAM may help you:

 

Client_conflict wireless.png

IPAM 4.0 offers following IP Address Conflict detection and historical data in order to help you identify devices in conflict.

  1. IP Address conflict is triggered
  2. IPAM contains information about the IP Address history assignment from where may user see MAC addresses that are using IP in conflict
  3. If UDT is installed, UDT view provides information about Device, Port and Active Directory information.
  4. UDT can remotely shut down switch port and unblock IP in conflict.

IP Address conflict_cr 1.png

IP Address conflict_cr 2.png

For more details about IPAM 4.0 release visit SolarWinds IP Address Manager Release Notes

Latest and greatest version of NPM 10.5 is ready for download from your customer portal.

 

Here are major improvements and new features:

  • Routing information including alerting for major routing protocols (RIP, OSPF, BGP)
    • View and search in routing tables.
    • See changes in default routes and flapping routes
    • View router topology and neighbor statuses
  • New Interface filtering UI to import discovery results:
    • Exclude virtual interfaces and access ports, or specific interface type
    • Select interfaces based on pattern matching including Regex formulas
    • The new preview UI for final selection of imported interfaces
  • Multicast traffic information monitoring and alerting, including topology information.
    • Automatic detection of multicast protocol and multicast group import into NPM
    • Display multicast information, route information, and device information in a single unified view
    • View multicast topology using upstream and downstream device list information
    • Generate intelligent alerts based on multicast errors
  • Interface Auditing
    • View user actions related to interface monitoring in NPM

 

As you may notice from above, this version of NPM adds another important element for successful and effective troubleshooting of connectivity and performance issues - monitoring of OSI L3 routing protocol information.

 

How does routing information impact network performance and availability?
     IP networks are critical for business missions, it’s not only router or switch hardware which can impact your network availability and performance. It’s also Incorrect routing or routing issues causing undesirable performance degradation, flapping and/or downtime. Getting such information requires “analytic tools”. In bigger network, routing can change very dynamically (adding/removing switches, Aps, VPNs, routers and IP subnets) and it’s almost impossible to monitor routing changes from the inside of the routers (too much simultaneous data).

 

Also, information like “Flapping Route” are not available for most of protocols directly on the server. The flapping route problem will cause frequent re-calculation of network topology by all participating routers or flood network with many Update packets. In both cases it prevents the network from routing and correct packet addressing. Another common issue is human error caused by incorrect creation of static routes. ICMP Ping won’t help you and since you can see that the device is up and running but you really need to see routers settings and check packet routing.

How is routing presented in NPM?

     If NPM recognizes that Node is actually a router that runs one of the OSPF, BPG or RIP protocol it will automatically gets routing information from such device. Routing information is then mapped to existing Nodes and Interfaces in NPM so you may see device availability statuses and network performance data. All new resources are under "Networking" tab on Node detail page.

RoutingGA1.png


NPM 10.5 also automatically detects multicast protocol traffic and imports multicast groups as a monitored object.

What is multicast?

      IP multicast is widely deployed in enterprises, and multimedia content delivery networks. A common enterprise use of IP multicast is for IPTV application. It’s also used for video and teleconferencing and it is about to transmit a single message to a selected group of recipients. A simple example of multicasting is sending an e-mail message to a mailing list. Mutlicast protocol is well known as a bandwidth-conserving technology that reduces traffic because it simultaneously delivers a single stream of information to thousands of recipients.


How to understand multicast availability and performance information?

     Because the topology is sometimes complicated it’s difficult to understand who can and who can’t receive multicast traffic. The network availability is a key and the status of the whole multicast group is a representative of (not)successful transfer of multicast stream.

Even though Multicast is designed to save bandwidth utilization, with many groups and many multicast sources & receivers, network may become saturated very quickly. There are tools like NTA which can sniff the network data and tell you what apps are causing the network traffic but people usually need to quickly read multicast node traffic utilization – bits per second. Looking at overall traffic consumed by multicast node, users may see the ratio of multicast vs. another type of traffic on the network and then optimizes QoS configuration to increase/decrease traffic priority, upgrade the link or change multicast routing so the traffic may go via another line. In a case that the multicast group status reports a problem, people need to have an information about Multicast Topology. Only topology information allows you to quickly jump between Upstream or Downstream device and let you find the root cause of the problem fast.


How NPM 10.5 solves Multicast problem?

     During first network scan, NPM detects multicast groups and list of nodes that are subscribed to each one.

multicastGA1.png





















multicastGA2.png
 
NPM then creates a topology of upstream and downstream devices within a group and detects interfaces that forward or receive multicast traffic.

multicastGA3.png

Re-worked Interface filtering page

     This is something you've asked us to improve (for example here or here on Thwack). We understand that filter & import only desirable interfaces took some time with previous version of the Interface discovery filter. If you run Discovery Importing wizard in NPM 10.5 you'll find re-worked UI for interface importing. You can filter by Interface status, VLAN port type, protocol type, hardware type. It now has support for advanced filtering and Regex conditions so create filter that will import just physical interfaces that are part of the specific VLAN ID is a matter of few seconds.

interfaceFilteringGA1.png


I believe that you will like the new functionality of NPM 10.5 and stay tuned, because we are already working on the next version.



Filter Blog

By date:
By tag: