SolarWinds Flow Tools Bundle Quick Reference Guide

Gain the ability to quickly distribute, test, and configure flow traffic with the free network traffic analysis tools included in the SolarWindsRegistered Flow Tool Bundle. Showcasing some of the signature flow traffic analysis capabilities from SolarWinds, the Flow Tool Bundle offers three handy, easy-to-install, and free network traffic analysis tools: SolarWinds NetFlow Replicator, SolarWinds NetFlow Generator, and SolarWinds NetFlow Configurator.

NetFlow Replicator helps you easily distribute flow data to multiple destinations for traffic or security analysis. Configure random sampling of flow data packets to help reduce the load on the monitored system and collector. NetFlow Generator simulates network flow data so you can test and validate your configurations. This functionality is especially helpful when testing the behavior of more complex network entities, such as load balancers, firewall rules, and alert trigger conditions.

NetFlow Configurator remotely configures and activates NetFlow v5 on supported CiscoRegistered devices. With this tool, you can easily set up the router to send NetFlow records to your collector.

The free network traffic analysis tools in this bundle can be installed on WindowsRegistered 7, 8, and 10, and Windows Server 2012 R2, 2016, 2019. We support 64-bit OS only.

Downloading and Unpacking

You can download the Flow Tool Bundle here:

First, unzip the bundle. Inside, you'll find three installers—one for the Flow Replicator, one for the Flow Generator, and one for the Flow Configurator. To install one or more of these, just execute the installer file and follow the prompts. You can install only what you need; you don't have to install all three on the same system.

Using the NetFlow Replicator

To use NetFlow Replicator, launch the utility.

Screen Shot 2018-12-28 at 12.32.54 PM.png

You'll see the screen is divided into sections that can be collapsed and expanded. Initially, the "Service" configuration section is expanded. We'll use the "Service" configuration to create an instance of the NetFlow Replicator that will continue to run even after you exit the utility. Configuring the "Service" and then running it will install the Replicator as a Windows service, and you can exit the utility. The next time you start the utility, it will connect to the running service and display current statistics. You can only have one service running in the background on any machine. The intent of the service configuration is to create a NetFlow Replicator process that is persistent over time.

The "Console" configuration is designed to run the NetFlow Replicator interactively. When you start the utility the first time, you'll see a collapsed Console configuration at the bottom of the screen. Click the double-chevron icon on the right to expand this section. You can configure and start multiple interactive console sessions. You'll find a button to "Create console configuration" at the top right of the screen.

The Service configuration and the Console configurations accept the same set of parameters.

The "Listener" is the IP address and port where NetFlow records will be received. It's the address and a port on your machine where the utility is listening for flow records. Typically, this is where NetFlow sources like routers would be configured to send records. Each "Destination" is a remote machine where the NetFlow Replicator will send the NetFlow records it receives. You'll need an IP Address and port for the destination, and you can optionally sample the records sent to each destination to help reduce the volume of traffic we're replicating. A sample rate of "1 in every 1 packet" is the same as not sampling at all. The sampling algorithm is a random "1 in N" method. Only flow data is sampled; NetFlow v9 and IPFIX templates are always forwarded.

You can add additional destinations to specify multiple destinations and replicate the same traffic. Delete destinations with the icon to the right of the destination. To start the NetFlow Replicator, select "Start Console." You'll see an indication that it's running, and you'll see some basic statistics on packet rates, drops, and the sampling rate. You can collapse this console session and create additional console sessions if you wish. You can create additional interactive sessions by selecting "Create console configuration."

Screen Shot 2018-12-28 at 12.57.35 PM.png

The menu (indicated by a vertical ellipse) allows you to export or import configurations to share your work. You can also delete console configurations, or view logging information.

Using the NetFlow Generator

To use NetFlow Generator, launch the utility.

Screen Shot 2018-12-28 at 1.08.44 PM.png

The NetFlow Generator is a completely interactive tool for simulating flow traffic records. Typically, we would use this to test a flow collection system, or an architecture that forwards or load balances flow from network devices. We can start and run multiple instances of this tool on the same machine if you need to. To use the NetFlow Generator, we'll need to know where we are sending the simulated NetFlow records, where they should appear to originate, and what groups of endpoints should be present in the data. We'll walk through the configuration top to bottom.

We'll start with the "Orion Server," which is the IP address and the port where the utility will send generated traffic records. This is typically your NetFlow collector, where network devices are usually configured to send records. Next, well configure the originating source of the NetFlow traffic, as it appears to the collector. You can send records from the local IP address of the server where the generator utility is running or select "Node Simulation" to simulate traffic from one or more NetFlow sources. When "Node Simulation" is selected, you can simulate originating the NetFlow traffic from another source or group of sources by entering a single address or a range of addresses.

Screen Shot 2018-12-28 at 1.19.30 PM.png

The "Number of interfaces" configuration allows you to simulate traffic from devices with multiple interfaces. This value applies uniformly to all of the devices configured as NetFlow sources.

Next, set the traffic level for the rate of the traffic you'll generate. This value is approximate, in average flow records per second.

In the next section, you’ll select the type of flow traffic that will be generated. The NetFlow Generator supports NetFlow v5, NetFlow v9, sFlow, and IPFIX flow formats. You can optionally generate sampled traffic or simulate NBAR2 where it's appropriate.

Screen Shot 2018-12-28 at 1.51.30 PM.png

The last step is configuring the conversation endpoints that are represented in the flow records we're generating. Both IPv4 and IPv6 conversations between endpoints can be configured. You configure endpoints by specifying the source of the flow—the address or addresses, and the source port—and then the destination of the flow. The IP addresses can be specified as a single address, a subnet using CIDR notation, or a range with starting and ending values. The ports are specified as individual port numbers, or ranges. Source ports can be randomly selected. The protocol can be specified as TCP, UDP, or both TCP and UDP.

Screen Shot 2018-12-28 at 2.07.26 PM.png

The menu (indicated by a vertical ellipse) at the right side of each endpoint row allows you to edit or delete the endpoint definition.

Running the generator sends flow records of the type you specified with conversations between the configured endpoints to the OrionRegistered server, either sourced from the server where the utility is running or simulating another source of flow generator nodes that you've configured.

Starting the generator opens a statistics screen with an indication that it's running, continuously updated statistics, and a summary of the configuration you entered.

Screen Shot 2018-12-28 at 2.27.33 PM.png

Either exiting the utility or selecting the "Stop Generator" button will stop generating traffic.

Using the NetFlow Configurator

To use NetFlow Configurator, launch the utility.

Screen Shot 2018-12-28 at 2.47.15 PM.png

Enter the IP address of the router where you would like to configure NetFlow v5. The utility will report if the device doesn't support this method of configuration. To read and modify the configuration, you can use SNMP v1, v2, or v3. Enter the appropriate credentials and select "Next" to read the current device configuration.

Screen Shot 2018-12-28 at 2.54.21 PM.png

The current device configuration will show you the destinations for flow currently enabled or allow you to specify up to two destinations for the device to forward NetFlow records. Below, you'll see a list of the interfaces and the direction for which NetFlow is enabled.

Select the checkboxes for the desired configuration, and then select "Apply."

On the following page, you'll see a summary of the new configuration, and a reminder that changes are applied to the running configuration on the router only.

Screen Shot 2018-12-28 at 3.19.33 PM.png

Select "Configure another device" to continue and select another router to configure.

Fun with Flow

The Flow Tool bundle from SolarWinds is a versatile collection for your troubleshooting toolbox. You can use the NetFlow Generator to test firewall rules, load balancer configurations, or to test the next NetFlow Traffic Analyzer beta release. You can use it to generate demo traffic to show off NetFlow Traffic Analyzer to the rest of your organization while they evaluate the product. The NetFlow Replicator can be used to send a single stream of flow traffic from your network infrastructure to a single destination, and then consume it in multiple NTA instances. With the sampling feature in the NetFlow Replicator enabled, you can place the utility at a remote site, or within a public cloud instance and substantially reduce the traffic forwarded to the central NTA instance. Depending on the configuration of the machine that's hosting the NetFlow Replicator, you can configure it in a "single- armed" topology—both receiving and sending packets through the same interface—or an "in-line" configuration with packets arriving on one interface and forwarding through another.

For fun, try experimenting with the NetFlow Generator to simulate traffic to an unused port on your local machine. Then, set up the replicator to listen on this port, and forward to another unused port on your machine. This will give you a feel for the statistics output in each of these tools, and it's a simple way for the NetFlow Generator to exercise the NetFlow Replicator.

While the NetFlow Configurator offers a simple method to set up basic NetFlow v5 on a single device at a time, you can also consider trying Network Configuration Manager to automate mass changes in your network to enable NetFlow export.

Download the free SolarWinds Flow Tool Bundle today and post your observations and questions below!