5 Replies Latest reply on Sep 22, 2009 3:36 PM by chris.lapoint

    Netflow configuration

    sjweinstein

      I have approx 40 K Cisco devices spread across 4 servers with  a  5th system dedicated to the DB..  Want to enable Netflow on 2500 routers.   Can I dedicate a separate database instance to Netflow?  Would I have better performance if I  dedicated a separate DB instance to each server?  

        • Re: Netflow configuration
          chris.lapoint

          Just to clarify, you have 4 separate Orion servers (each with their own database instance) and then a 5th system dedicated to running the DB server??

          If that's correct, then yes, you would most certainly see better performance by having a separate DB server dedicated per Orion + NTA server.  

          You might also look at enabling export only on key router interfaces to start with and then expand out from there to help you benchmark the load on your DB server.   This will also help you understand the write performance requirements for NetFlow storage

          Here's an example implementation from one of customers that allows them to achieve 60k flows/sec in peak (with smart traffic optimization* turned on):

          SQL Server 2008
          Intel Xeon Dual Quad Core @ 2.50GHZ
          8.00 GB of RAM
          Dell PERC 6/i Array
          2 - Cheetah 15K SAS 3Gb/s 300-GB Hard Drive – RAID 1 (Operating System & DB Log)
          4 - Cheetah 15K SAS 3Gb/s 300-GB Hard Drive  – RAID 10 (DB files)

          * smart traffic optimization - we've found based on several packet captures that 95% of the traffic volume may be represented in a little as 4% of flows.   This means if your primary use-case for traffic analysis is to get visibility into the Top talkers, you're storing a lot of unnecessary data in your database (impacting DB size and resource/report loading time).  You can enable smart traffic optimization and set it to 95%, which means that only those flows that represent 95% of total traffic volume on your network will be stored.  

          If you're interested in hearing more about this setting, please send me a private message and I'll walk you through it in more detail.

            • Re: Netflow configuration
              sjweinstein

                     

              Not quite  4 server running  NPM,  of them also running NCM, 1 of them running NTA and then 1 doing logging , a dedicated DB server with one instance.  Also the net mapping tool is also installed and one has engineers tool set installed.

               

              I think the advice provide to the person that set this up was not the best.  If I understand this, at all,   I think what should have been done is 4 dedicated NPM server each with a dedicated SQL instance o the DB server   A NCM server with it's own DB (on the same server?) a dedicated NTA server ( with own DB?) and a dedicated logging server ( own DB?).   If I break it out to separate servers it all be accessible from the common GUI?

                • Re: Netflow configuration
                  chris.lapoint

                  Ok, that's what I was trying to understand.   When you say you have 4 servers running NPM, it's more likely then that you have 1 server running your primary NPM server and 3 servers running NPM additional pollers.  This is all considered a single Orion NPM instance and can all be accessible through a single Orion website.   This is actually a very common configuration for our larger customers.

                  Other customers choose to deploy separately managed Orion instances due to geographical/departmental boundaries and roll them up using Orion Enterprise Operations Console.  See this link for what this configuration would look like: http://eocdemo.solarwinds.com/

                  I just wasn't sure what camp you fell into to based on your description.

                    • Re: Netflow configuration
                      sjweinstein

                      I believe that you are correct we have 1 primary and 3 additional pollers.  One of our requirements was a single web interface for the NOC to see everything.  What we did was split out the assigned poller based on our business grouping to try and balance the load to 10 K devices per poller.  So then should I be more granular for performance ? Can NTA run against a seprate DB instance, the same for NCM?