• State Not Answered
  • Locked Locked
  • Replies 26 replies
  • Subscribers 24 subscribers
  • Views 1354 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

OLD - what we're working on

chris.lapoint

NTA 3.6 is currently in RC.  Here's what's cooking in this release...

  1. Rate based stack charts - allow users to choose between percent interface speed, Kbps, percent of observed flows or total transfered per time unit (same as today)
  2. Port/IP application definition - allow users to use IP address(es) or ranges in combination with port(s) to define an application
  3. IP address group enhancements - ability to have multiple IPs and IP ranges in a single IP address group
  4. Top Talker optimization option - we've found based on several packet captures that 95% of the traffic volume may be represented in a little as 4% of flows.   This means if your primary use-case for traffic analysis is to get visibility into the Top talkers, you're storing a lot of unnecessary data in your database (impacting DB size and resource/report loading time).  Users will be able to enable traffic filtering and set this to X% (e.g. 95%), which means that only those flows that represent 95% of total traffic volume on your network will be stored. Make sense?
  • 0

    In addition to top-talkers monitoring, I use (or want to use) Netflow for security monitoring and forensic traffic analysis. Firewall and IDS logs generally only give you information about trigger packets, or the initial packet in a session. Netflow makes it easy to take an IDS alert or a firewall log entry and get more useful information about the bigger picture--or at least it should. One of my frustrations with NTA is that it lacks an easy to use interface to quickly get information about arbitrary small-volume flows.

  • FormerMember
    0 FormerMember in reply to jswan

    do something with WaaS to really annoy Fluke....

  • 0 in reply to jswan

    One of my frustrations with NTA is that it lacks an easy to use interface to quickly get information about arbitrary small-volume flows.

    I'd like to understand this better.   Would the ability to search for a specific conversation (source/endpoint) solve this use-case?

  • FormerMember
    0 FormerMember in reply to chris.lapoint

    basuically, be able to do the clever stuff NTA already does, but inside optimised traffic streams...  don;'t know a lot about it, but i knwo one of my customers is signing up to a massive expenditure to implement the Fluke offering...

    if u understand it, you have a network link, you place 2 cisco network optimisers at either end, but you still want to look at the traffic in terms oif top talkers etc, inside that optimised stream, where NAT woudl probably currently see it as a specific application and not be able to look inside it...

  • 0 in reply to FormerMember

    Item #4 would be very useful for us.

    Our first database performance priority is Network alarms - Netflow data collection which impacts upon the database performance has always hindered our deployment. We would be more than happy to drop some of the low level detail to increase our Netflow collection (and improve application Network visibility).

    Typically for us the Netflow data is of most use when trying to identify high bandwidth usage (withon QOS classes) - so this possible enhancement would suit us.

    Dave.

  • 0 in reply to savell

    Thanks for the feedback Dave.  This feature is actually already available in NTA 3.5 SP1, but just not publicly exposed.   We're doing some customer testing right now to ensure it has the expected results.  If you're amenable to trying this out, please send me a private message. 

  • 0 in reply to chris.lapoint

    Yes, I'd like to be able to search by source and destination IP address and source/destination port number at minimum, and be able to pair them. Right now I can only search for one end of the conversation; I need to be able to put all four items together in combination with AND/OR logic. The ability to track TCP flags and search on flag combinations would be great too--all that info is in NetFlow version 5.

  • 0

    item #2 is very important for us, any ETA on the release

  • 0 in reply to the_ed

    We can't give exact timelines for release.   However, if you're an existing customer, I can give you a preview of this functionality.   If you're interested, send me a PM with your SWID and your availability for next week.

  • 0 in reply to chris.lapoint

    How about number 5??????????

     

    5) Find a way to cache database updates so netflow does not beat a SQL DB like a rented mule.....

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.