2 Replies Latest reply on Feb 10, 2015 10:56 AM by Craig Norborg

    Vlan monitoring

    jgriffin_tmk

      Anyone have a best practice or advice on how to monitor a specific VLAN?   Reporting would obviously be needed as well.   Network team has been unable to resolve a problem with an old phone system on a VLAN.   Need to see what is going on traffic wise and hopefully identify the problem and when its occurring. 

        • Re: Vlan monitoring
          sdawson35

          I have exactly the same request....something that is very poorly supported an needs an answer.

          • Re: Vlan monitoring
            Craig Norborg

            Depends on what info you Network Team is looking for.  I'll give some general guidelines though.

             

            NPM:

            With NPM you can monitor basic traffic patterns, the # of bytes transferred and such.   One BIG thing to remember is that there are Layer-2 and Layer-3 components to a VLAN.   Usually you want to monitor the Layer-3 components, unless your problems exists within the same Layer-2 domain, in which case you probably need to get deeper than Solarwinds will get you.  If you go into "List Resources" on a node, you would want to be monitoring any physical interfaces associated with the traffic (ie: FastE, GigE) as well as any sub-interfaces associated with the traffic.  Sub-interfaces (ie: Gig0/0.3) are usually on Routers, not Layer-3 switches.   If it's a layer-3 switch AND it's where you're routing your subnets, you would once again want to monitor the physical interfaces associated with the traffic (ie: uplinks, ports to voice servers, ether-channels if needed).   Plus, you would also want to monitor the Layer-3 VLAN's associated with it (ie: VLAN X), but probably not the "unrouted VLAN X" interfaces, which are the Layer-2 side of the VLAN.   On the switch itself, this would be the difference between the Layer-3 configuration (ie: "interface Vlan X") vs the Layer-2 configuration ("vlan X").

            Any switches that are involved should also be monitored, in general on Layer-2 switches you only need a single "interface VLAN X" defined for management, any others defined are pretty much a waste in many cases.   In Solarwinds you shouldn't need to monitor any "vlan X" interfaces on a Layer-2 switch, concentrate on the physical interfaces involved (uplinks, etc).

            You should also be using Solarwinds to monitor the CPU/Memory and general health of all nodes involved in case it is a problem involving CPU/memory or the health of one of the units.

             

            Remember that NPM only polls interfaces every X minutes, probably 9 minutes or something like that.   So the information you get here will be >very< general.   If your overloading an interface for half the polling interval and only 25% of max the rest of the time, it will not show that the interface is getting overloaded, except by the error counts.

             

            NTA

            This module can be critical in monitoring some situations.   Unlike SNMP which gets polled every X minutes, Netflow will send traffic data either at pre-defined intervals or when a traffic flow ends.  So you get a much richer view of not only how much data is flowing over an interface, but what kind of data.  This is usually only supported on Layer-3 devices, although some of the newer switches with the right modules can do netflow over that interface.   Take care in configuring high end switches like 6500's to make sure you're seeing the Layer-3 switched data, look for documentation on your specific platform.   I definitely recommend configuring Netflow to send updates on both active and inactive flows quicker than the default, by configuring your "flow-cache timeout" to 1 minute for active flows and 45 seconds for inactive.   But, once you have NTA set up and your flow-exports configured to send to the NTA server, and "ip flow ingress/egress" configured on the interfaces your interested in, you should start seeing much more detailed traffic data in the NTA reports.

             

            For voice and QoS, I definitely recommend going into your NTA settings in your Orion administration panel and enabling "CBQoS polling", by default its off.   This will give you details on how your QoS is working for a given interface.   I believe this only works if your using SNMPv2 right now, not SNMPv3.   On the main NTA page you will see a column that says "Last received CBQOS", if it's working you will see a recent time, if not it will say "never".

             

            So, with Netflow you will not only get much more detailed traffic reports, you will also be able to see whether your QoS markings are working because it will give you traffic reports by ToS.  And, once you turn it on you can see how your QoS is working with CBQOS.

             

             

            Ok, that's enough for now.   Questions?

             

            HTH!!