Welcome to our latest iteration of the NetFlow Traffic Analyzer, available now in your customer portal
Version 2020.2 is the next release following NTA 2019.4 and is compatible with Orion Platform 2020.2
This is one of three articles describing features we're introducing in the NTA 2020.2 GA Release. We’ll post the details of these features in three separate discussion threads in the NTA product forum, to help you focus on the problems you need to solve in your environment.
In this thread, we’ll talk about a useful integration with the SolarWInds IPAM (IP Address Manager) module that enable us to reuse the IP groups we’ve already created, and we’ll discuss an enhancement to flow alerts that allow us to write precise notifications that reference application traffic with IP groups, or specific endpoints.
Both the IPAM module and NTA have facilities to create and work with IP groups – that is, collections of endpoints, or subnets that reference groups of endpoints. One common requirement is to characterize the traffic that’s generated or received by an IP group.
Since these are separate modules, each includes the ability to create and work with IP groups within it’s own function. But – having created and actively managed IP groups in IPAM, it’s certainly convenient to share those with NTA. Importing IPAM IP group definitions avoids expecting our NTA administrator to rebuild identical groups in a second module.
To import an IPAM IP Group definition into NTA, navigate to “Netflow Settings” from the NTA Summary page. You’ll find “Manage IP Address Groups” in the “IP Address Groups” settings.
The IP Address Groups Management page for NTA is all new, with a cleaner and easier to navigate look and feel. Groups can be created in either NTA or IPAM, and shown or hidden in NTA easily by selecting the group and clicking on “Show” or “Hide.” Simple filtering supports working with longer lists to narrow down where a group was created, and if it’s shown in NTA or not. There’s also a search facility to find groups easily.
Other improvements include a table edit function, and the ability to specify subnets when creating a new IP group in NTA using a standard CIDR notation. If you’ve ever had to enter long lists of IP start/stop ranges, you’ll appreciate how much simpler this is.
The file import/export functions are still available, through the menu item “More v” pull-down list.
To import an IP Group definition from IPAM, select the “Import IPAM Group” link. You’ll be presented a list of IPAM groups available for import. Note that the group definitions in IPAM are hierarchical – several named subnets may be collected together under the same hierarchy.
IP groups in NTA are not hierarchical – they exist in one collection. This gives us some flexibility – we can import an entire hierarchy (as one NTA IP Group), and also each subnet under that hierarchy as it’s own IP Group.
In the example above, selecting only “Austin” will surface a single IP group in NTA that includes all of the Austin subnets. Selecting individual subnets within the Austin hierarchy will create additional IP groups for each subnet. Selecting all of these – the “Austin” IPAM group, and also each of it’s individual subnets will surface five IP groups in total within NTA.
Any of these can be used to filter traffic in the Flow Navigator, or used to qualify an application flow alert.
While we have a summary page for TopN IP Address Groups, the more common use of IP groups is to filter group traffic using the Flow Explorer. Open the Flow Navigator, and expand the IP Address Groups section to add a filter for traffic involving a specific IP group.
Once you add the filter and submit it, the view of traffic on this page includes only conversations involving endpoints in this IP group.
To create an application flow alert:
Flow alerts will now pick up specific endpoints or IP groups from the Flow Navigator, and include those in the definition of the alert. You can now write very specific, tightly bounded application traffic alerts that help minimize alert fatigue.
The final common use for IP groups is in the creation of custom applications. Custom applications allow you to define applications that run over very common protocols – like HTTPS, for example – and further qualify these with specific groups of endpoints. These may be legacy applications that only run on specific servers in your data center, for example. Or, they may be public SaaS services with well-know and published IP ranges.
We’ve published a series of detailed examples to help you compose custom applications. See these postings in the NTA product forum:
This is one of three articles on the 2020.2 NTA GA Release. Here's the complete set, for your handy reference:
With this NTA RC comes some fantastic new updates & enhancements to the Orion Platform which include:
Your Feedback Counts!
The team is incredibly interested in your feedback, and we'd like to hear more about your implementation experiences! Your consistent feedback really shapes our products; we are constantly reviewing your questions, comments, and experiences to come up with brand new feature ideas that we would want to consider for a future release. Visit our NTA Feature Requests area to tell us what you'd like to see.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.