This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

NTA deployment guidelines for two WAN sites?

Dear community,

existing situation:

company with two separated sites - one office and one datacenter site connected via WAN infrastructure

NPM application installation together with separate database server on office site.

current NPM deployment monitors office and datacenter equipment (so polling from NPM main poller located on the office site)

requirement:

new NTA installation, to be able to collect netflow data from datacenter core/internet routers.

the point is, we want to avoid netflow data from being routed over the WAN connection from datacenter to office.

so the netflow collector and the flow database must be located on the datacenter site.

the NPM poller should stay on the office site because most equipment is monitored there....

question:

is it possible to install an additional NTA polling engine (without NPM polling engine) on a second site and also run the flow database locally on the DC site?

if yes: how exactly are the traffic patterns between additional polling engine <--> flow database <--> NPM SQL DB <--> Web UI ?

and what type of traffic patterns can we expect on the WAN leased line in this type of setup?

there are some loose hints about additional poller and external polling database with NTA,

but unfortunately I am not able to find an explicit deployment guide confirming that type of design...

Thanks for all infos!

Cheers

  • What exactly is the concern with collecting flow data over the WAN link?

    To answer your questions,

    It is possible to deploy a polling engine in the datacenter and use it pretty much to collect netflow data. With top talker optimization, you can expect a significant savings in bandwidth compared to sending all the flows over the WAN link

    In terms of traffic patterns,

    Additional Polling Engine's (APE) perspective:

    APE:17777 <-> Main Poller:17777

    APE:source ports --> SQL Server:1433

    APE:source ports --->  FSDB:17777

    NPM/NTA (Main Orion server)'s perspective:

    APE:17777 <-> Main Poller:17777

    Main Poller:source ports --> SQL Server:1433

    Main Poller:source ports --->  FSDB:17777

    additional polling engines should be transparent to the web console user.

    FSDB can be in the data center but the APE will still talk to the SQL server as well.

  • thanks for your quick reply.

    The concerns are basically that we want to avoid any possible management/monitoring traffic over the WAN connections.

    I actually have no idea how much netflow export traffic can be, but it will be more than SNMP for sure....

    and so I think it is good design to keep the flow export data local to the datacenter site and only do the visual presentation over the Web UI in the office...?

    In detail it would be interesting to know the difference of the load on the network between:

    APE <--> SQL DB (means traditional network monitoring e.g. all interface metrics, cpu, mem, a.s.o)

    APE <--> netflow database

    versus:

    monitored node <--> PE, SNMP poller

    monitored node <--> netflow collector

    .... for one monitored node.

    Not easy to tell, but would be good to know to be able to decide, if it makes sense to place an APE for two netflow monitored routers in the datacenter.

    Are there any stats of how much load a router can generate exporting netflow data?