Online Help En

7/23/2019 Online Help En

1/163

NetFlow Tracker 9.0

User Guide

PN 3365122

February 2014, Rev 2, 02/2014

2009-2014 Fluke Corporation. All rights reserved.

All product names are trademarks of their respective companies.


2/163

NetFlow TrackerUser Guide

2

Third Party Software ComponentsNetFlow Tracker includes software developed by the Apache Software Foundation (http://www.apache.org/)).

NetFlow Tracker includes the following third party software components:

Apache Commons Collections

3.2, available at http://commons.apache.org/collections/ .This is distributed under the Apache Software License, acopy of which is available at http://www.apache.org/LICENSE .

Apache Commons Logging

1.0.4, available at http://commons.apache.org/logging/ .This is distributed under the Apache Software License, acopy of which is available at http://www.apache.org/LICENSE .

Apache Log4j

1.2.15, available at http://logging.apache.org/log4j/ .This is distributed under the Apache Software License, a copyof which is available at http://www.apache.org/LICENSE.

Apache Xerces Java 2.9.0, available at http://xerces.apache.org/xerces2-j/ .This is distributed under the ApacheSoftware License, a copy of which is available at http://www.apache.org/LICENSE.

IE5.5+ PNG Alpha Fix 1.0RC4, available at https://reader009.{domain}/reader009/html5/0316/5aab7ea86c361/5aab7eac15c0b.fix/.This is distributed underthe CC-GNU Lesser GNU Public License, a copy of which is available athttp://creativecommons.org/licenses/LGPL/2.1/deed.en .

iText

2.0.6, available at http://www.lowagie.com/iText/ .This is distributed under the Mozilla Public License, a copy ofwhich is available at http://www.mozilla.org/MPL/MPL-1.1.html .

Jakarta Tomcat 3.3.2, available at http://tomcat.apache.org/ .This is distributed under the Apache Software License,a copy of which is available at http://www.apache.org/LICENSE .

SNMP4j

1.10.2, available at http://www.snmp4j.org/. This is distributed under the Apache Software License, a copy of whichis available at http://www.apache.org/LICENSE .

Quartz

1.6.0, available at http://www.opensymphony.com/quartz/. This is distributed under the Apache Software License,a copy of which is available at http://www.apache.org/LICENSE

PostgreSQL

9.0, available at http://www.postgresql.org/. Distribuited under Open Source Licence detailed herehttp://www.opensource.org/licenses/postgresql

End User LicenseThis is a legal agreement between you ("You"/ "the End User""), and Fluke Electronics Corporation, a Delaware corporation,

including its division, Fluke Networks ("FNET"), with offices at 6920 Seaway Boulevard, Everett, Washington, 98203, USA. BY

DOWNLOADING OR OTHERWISE ELECTRONICALLY RECEIVING THIS SOFTWARE PRODUCT ("PRODUCT") IN

ACCORDANCE WITH OUR SOFTWARE DELIVERY PROCEDURES OR BY BREAKING THE SEAL ON A PRE-INSTALLED

APPLIANCE OR OPENING THE SEALED DISK PACKAGE WHICH CONTAINS THE PRODUCT, YOU ARE AGREEING TO BE

BOUND BY THE TERMS OF THIS AGREEMENT.

1. GRANT OF LICENSE AND PAYMENT OF FEES Provided that You have paid the applicable License fee, if you are a direct user

(as opposed to a service provider), FNET grants You a non-exclusive and non-transferable, revocable License to use one copy of

the Product on the maximum number of servers supporting the maximum number of devices (router, switch (including each module

with layer 3 capabilities such as WAN interface, layer 3 routed interface, or blade) specified in your purchase order, or if not so

specified, on a single server supporting a single device by a single user, and only for the purpose of carrying out your business in the

country specified in your order. If you are a Service Provider (as opposed to a direct user), FNET grants You a non-exclusive and

non-transferable, revocable License to use one copy of the Product on the maximum number of PE devices regardless of where they

are actually taking the flows from. If you are a Managed Service Provider, FNET grants You a non-exclusive and non-transferable,

revocable License to use one copy of the Product on the maximum number of CE devices Irrespective of where they are actuallytaking the flows from. This Product is licensed for internal use by You, the end user only. Once a license key has been issued to You,
http://www.apache.org/http://www.apache.org/http://commons.apache.org/collections/http://commons.apache.org/collections/http://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://commons.apache.org/logging/http://commons.apache.org/logging/http://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://logging.apache.org/log4j/http://logging.apache.org/log4j/http://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://xerces.apache.org/xerces2-j/http://xerces.apache.org/xerces2-j/http://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://www.twinhelix.com/css/iepngfix/demo/http://www.twinhelix.com/css/iepngfix/demo/http://creativecommons.org/licenses/LGPL/2.1/deed.enhttp://creativecommons.org/licenses/LGPL/2.1/deed.enhttp://www.lowagie.com/iText/http://www.lowagie.com/iText/http://www.mozilla.org/MPL/MPL-1.1.htmlhttp://www.mozilla.org/MPL/MPL-1.1.htmlhttp://tomcat.apache.org/http://tomcat.apache.org/http://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://www.opensymphony.com/quartz/http://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://www.opensymphony.com/quartz/http://www.apache.org/LICENSEhttp://www.apache.org/LICENSEhttp://tomcat.apache.org/http://www.mozilla.org/MPL/MPL-1.1.htmlhttp://www.lowagie.com/iText/http://creativecommons.org/licenses/LGPL/2.1/deed.enhttp://www.twinhelix.com/css/iepngfix/demo/http://www.apache.org/LICENSEhttp://xerces.apache.org/xerces2-j/http://www.apache.org/LICENSEhttp://logging.apache.org/log4j/http://www.apache.org/LICENSEhttp://commons.apache.org/logging/http://www.apache.org/LICENSEhttp://commons.apache.org/collections/http://www.apache.org/


3/163


3

the product is non-refundable. Under certain, limited circumstances, Fluke may at its sole discretion, provide written permission for

You to transfer your license. iii In the event that at any time You wish to extend the permitted number of servers or devices above the

permitted amount, You must contact FNET or the reseller from whom you purchased the Product ("the Reseller") and an additional

License fee may be agreed upon and a new License issued for the requested additional number of servers/devices. FNET or your

Reseller may require that You provide written certification showing the geographical locations, type and serial number of all

computer hardware on which the Software is being used, together with confirmation that the Product is being used in accordance

with the conditions of this Agreement. You shall permit FNET or your Reseller, and/or their respective agents to inspect and have

reasonable access, during normal business hours, to any premises, and to the computer equipment located there, at or on which the

Software is being kept or used, and any records kept pursuant to this Agreement, for the purposes of ensuring compliance with theterms of this License. 2. EVALUATION AND GOLD SUPPORT EVALUATION.If a provided license key is labeled "Evaluation",

FNET grants You the right to use the Product enabled by that key solely for the purpose of evaluation, and the Product will cease to

function seven (7) days from enabling (or after such longer period as may be agreed by FNET and confirmed by FNET or your

Reseller in writing), at which time the License grant for that Product also ends. After the evaluation period, You may either purchasea full License to use the Product from your Reseller or directly from FNET, or You must promptly stop using the Evaluation Product

and all associated documentation. The warranty described in Section 5 shall not apply to Product that is downloaded for evaluationpurposes.3. INTELLECTUAL PROPERTY RIGHTSAll intellectual property rights in the Product belong to FNET and its Supplier(s)

and Licensors(s) and You acknowledge that the Product contains valuable Trade Secrets of FNET, its Supplier(s) and Licensor(s)

and You have no ownership claims or rights whatsoever in the Product. You may (a) make one copy of the Product solely for backup

or archival purposes and keep this securely, or (b) transfer the software to a secure single hard disk provided that You keep the

original solely and securely for backup or archival purpose. You may not copy the written materials accompanying the Product. You

shall not remove or alter FNET's copyright or other intellectual property rights notices included in the Product or in and any

associated documentation. You must notify FNET forthwith if You become aware of any unauthorized use of the Product by any third

party. FNET's Supplier(s) and Licensor(s) are third party beneficiaries of this Agreement as it pertains to relevant intellectual

property rights associated with the Product, and provisions of this Agreement related to intellectual property rights are enforceableby FNET, its Supplier(s) and Licensor(s). 4. OTHER RESTRICTIONS You shall not sublicense, distribute, market, lease, sell,

commercially exploit, loan or give away the Product or any associated documentation. For the avoidance of doubt, this License does

not grant any rights in the Product to, and may not be assigned, sublicensed or otherwise transferred to, any connected person,

where the term connected person includes but is not limited to the End User's subsidiaries, affiliates or any other persons in any way

connected with the End User, whether present or future. The Product and accompanying written materials may not be used on more

than the permitted number of servers at any one time or for in excess of the permitted number of devices. Subject always to any

rights which You may enjoy under applicable law (provided that such rights are exercised strictly in accordance with applicable law)

and except as expressly provided in this Agreement, You may not reproduce, modify, adapt, translate, decompile, disassemble or

reverse engineer the Product in any manner. You shall not merge or integrate the Product into any other computer program or work,

and You shall not create derivative works of the Product. FNET reserves all rights not expressly granted under this Agreement. 5.LIMITED WARRANTY FNET warrants that during the warranty period (a) the Product will perform substantially in accordance with

its accompanying written materials, and (b) the media on which the Product is furnished shall be free from defects in materials and

workmanship. The warranty period applicable to the Product shall be ninety (90) days from the date of delivery of the Product or, if

longer, the shortest warranty period permitted in respect of the Product under applicable law ("Warranty NetFlow Tracker User

Guide iv Period"). The warranty for any hardware accompanying the Product shall be as stated on the warranty card shipped with the

hardware. If, within the Warranty Period, You notify FNET of any defect or fault in the Product in consequence of which the Product

fails to perform substantially in accordance with its accompanying written materials, and such defect or fault does not result from

You, or anyone acting with your authority, having amended, modified or used the Product for a purpose or in a context other than the

purpose or context for which it was designed or licensed according to this Agreement, or as a result of accident, power failure or

surge or other hazards, FNET shall, at FNET's sole option and absolute discretion, do one of the following: (i) repair the Product; or(ii) replace the Product; or (iii) repay to You all license fees which You have paid to FNET under thisAgreement. FNET does not

warrant that the operation of the Product will be uninterrupted or error or interruption free. 6. CUSTOMER REMEDIESYou must call

your FNET representative to discuss remedies during the 90 day warranty period referred to in Section 5 above. You acknowledgethat your sole remedy for any defect in the Product will be Your rights under Section 5. 7. NO OTHER WARRANTIES.FNET

AND/OR ITS SUPPLIERS, DISCLAIM ALL OTHER WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT

LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT

TO THE PRODUCT, THE ACCOMPANYING WRITTEN MATERIALS AND ANY ACCOMPANYING HARDWARE AND YOU

AGREE THAT THIS IS FAIR AND REASONABLE. THE EXPRESS TERMS OF THIS AGREEMENT ARE IN LIEU OF ALL

WARRANTIES, CONDITIONS, UNDERTAKINGS, TERMS OF OBLIGATIONS IMPLIED BY STATUTE, COMMON LAW, TRADE

USAGE, COURSE OF DEALING OR OTHERWISE, ALL OF WHICH ARE HEREBY EXCLUDED TO THE FULLEST EXTENT

PERMITTED BY LAW.8. NO LIABILITY FOR CONSEQUENTIAL DAMAGES IN NO EVENT SHALL FNET AND/OR ITSSUPPLIERS BE LIABLE FOR ANY INDIRECT, CONSEQUENTIAL OR ECONOMIC LOSS OR DAMAGES WHATSOEVER OR


4/163


4

FOR ANY LOSS OF PROFITS, REVENUE, BUSINESS, SAVINGS, GOODWILL, CAPITAL, ADDITIONAL ADMINISTRATIVE TIME

OR DATA ARISING OUT A DEFECT IN THE PRODUCT OR THE USE OF OR INABILITY TO USE THE PRODUCT, EVEN IF

FNET HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 9. TERMINATIONEither party shall be entitled forthwith

to terminate this Agreement by written notice if the other Party commits any material breach of any of the provisions of this

Agreement and, fails to remedy the same within sixty (60) days after receipt of a written notice from the non-breaching Party giving

full particulars of the breach and requiring it to be remedied. You shall be obliged to notify FNET in writing of any change in the

control or ownership of the End User and FNET shall be entitled forthwith to terminate this Agreement by written notice. This

Agreement shall automatically terminate if replaced at any time with a new License agreement. The right to terminate this

Agreement given by this Section 9 will be without prejudice to any other accrued right or remedy of either Party including accrued

rights or remedies in respect of the breach concerned (if any) or any other breach, or which the Parties have accrued prior totermination. 10. INDEMNIFICATIONYou shall indemnify FNET and hold it harmless from any loss, damages, proceedings, suits,

third party claims, judgments, awards, expenses and costs (including legal costs) incurred by or taken against FNET as a result of

the negligence, fault, error, omission, act or breach of You or of your employees, staff, contractors, agents or representatives or forany breach of this Agreement whatsoever by You. Notwithstanding any other provision of this Agreement, the aggregate liability of

FNET for or in respect of all breaches of its contractual obligations under this Agreement and for all representations, statements and

tortuous acts or omissions v (including negligence but excluding negligence causing loss of life or personal injury) arising under or in

connection with this Agreement shall in no event exceed the License fee paid by You pursuant to this Agreement prior to the date ofthe breach. 11. CONFIDENTIAL INFORMATION AND SECURITYDuring and after this Agreement, the Parties will keep in

confidence and use only for the purposes of this Agreement all Confidential Information. Confidential Information means information

belonging or relating to the Parties, their business or affairs, including without limitation, information relating to research,

development, Product, processes, analyses, data, algorithms, diagrams, graphs, methods of manufacture, trade secrets, business

plans, customers, finances, personnel data, and other material or information considered confidential and proprietary by the Parties

or which either Party is otherwise informed is confidential or might or ought reasonably expect that the other Party would regard as

confidential or which is marked "Confidential". For the avoidance of doubt, You shall treat the Product and any accompanying

documentation as Confidential Information. Confidential Information does not include any information (i) which one Party lawfully

knew before the other Party disclosed it to that Party; (ii) which has become publicly known through no wrongful act of either Party,

or either Parties' employees or agents; or (iii) which either Party developed independently, as evidenced by appropriate

documentation; or (iv) which is required to be disclosed by law. The Parties will procure and ensure that each of its employees,

agents, servants, sub-contractors and advisers will comply with the provisions contained in this Section. If either Party becomes

aware of any breach of confidence by any of its employees, officers, representatives, servants, agents or sub-contractors it shall

promptly notify the other Party and give the other Party all reasonable assistance in connection with any proceedings which the other

Party may institute against any such person. This Section 11 shall survive the termination of this Agreement. Notwithstanding the

above confidentiality provisions, in accepting this License agreement, You agree that, subject to any applicable data protection laws,

FNET may use your business name and logo for the purposes of marketing and promotion of the product and its business and Youhereby grant FNET a limited License to use your business name and logo for these purposes. 12. EXPORT CONTROL You shall be

responsible for and agree to comply with all laws and regulations of the United States and other countries ("Export Laws") to ensure

that the Product is not exported directly, or indirectly in violation of Export Laws or used for any purpose prohibited by Export laws.13. GOVERNING LAW AND JURISDICTIONThis Agreement and all relationships created hereby will in all respects be governed

by and construed in accordance with the laws of the state of Washington, United States of America, in respect of all matters arising

out of or in connection with this agreement. The Parties hereby submit to the exclusive jurisdiction of the Washington Courts.

NOTHING IN THIS CLAUSE SHALL PREVENT FNET FROM TAKING AN ACTION FOR PROTECTIVE OR PROVISIONALRELIEF IN THE COURTS OF ANY OTHER STATE. 14. MISCELLANEOUS 14.1 The provisions of Sections 3, 7, 8, 10, 11, 12, 13

and 14 and the obligation on you to pay the License fee shall survive the termination or expiry of this Agreement. 14.2 This

Agreement is personal to You and You shall not assign, sublicense or otherwise transfer this Agreement or any part of your rights or

obligations hereunder whether in whole or in part save in accordance with this Agreement and with the prior written consent of FNET

and You shall not allow the Product to become the subject of any charge, lien or encumbrance of whatever nature. Nothing in this

Agreement shall preclude the Licensor from assigning the Product or any related documentation or its rights and obligations under

this Agreement to a third party and You hereby consent to any such future assignment. 14.3 This Agreement supersede all prior

representations, arrangements, understandings and agreements between the Parties herein relating to the subject matter hereof,

and sets out the entire and complete agreement and understanding between the Parties relating to the subject matter hereof. 14.4 If

any provisions of the Agreement are held to be unenforceable, illegal or void in whole or in part the remaining portions of the

Agreement shall remain in full force and effect. NetFlow Tracker User Guide vi 14.5 No party shall be liable to the other for any delay

or non-performance of its obligations under this Agreement (save for your obligation to pay the fees in accordance with Section 1)

arising from any cause or causes beyond its reasonable control including, without limitation, any of the following: act of God,

governmental act, tempest, war, fire, flood, explosion, civil commotion, industrial unrest of whatever nature or lack of or inability toobtain power, supplies or resources. 14.6 A waiver by either party to this Agreement of any breach by the other party of any of the


5/163


5

terms of this Agreement or the acquiescence of such party in any act which but for such acquiescence would be a breach as

aforesaid, will not operate as a waiver of any rights or the exercise thereof. 14.7 No alterations to these terms and conditions shall be

effective unless contained in a written document made subsequent to the date of the terms and conditions signed by the parties

which are expressly stated to amend the terms and conditions of this Agreement.


6/163


6

NETFLOW TRACKER 9.0 .............................................................................................................................1

USER GUIDE ..............................................................................................................................................1

THIRD PARTY SOFTWARE COMPONENTS ..................................................................................................2

END USER LICENSE ....................................................................................................................................2

1: NETFLOW TRACKER OVERVIEW ...................................................................................................... 11

KEY FEATURES.............................................................................................................................................. 11

DEPLOYING NETFLOW TRACKERS..................................................................................................................... 12

DATA MANAGEMENT..................................................................................................................................... 13

PRODUCT SERVICES....................................................................................................................................... 13

Obtaining Technical Support ................................................................................................................ 13

2: INSTALLING NETFLOW TRACKER ......................................................................................................... 15

SYSTEM REQUIREMENTS................................................................................................................................. 15

Hardware Requirements ...................................................................................................................... 15

Software Requirements ........................................................................................................................ 16

PREPARING FOR INSTALLATION......................................................................................................................... 17

INSTALLING NETFLOW TRACKER ON MICROSOFT WINDOWS.................................................................................. 18

Installing Java Runtime Environment on Windows .............................................................................. 18

Installing NetFlow Tracker ................................................................................................................... 19

INSTALLING NETFLOW TRACKER ON LINUX......................................................................................................... 21

3: SETTING UP NETFLOW TRACKER ......................................................................................................... 23

OPENING NETFLOW TRACKER.......................................................................................................................... 23

SELECTING A LANGUAGE................................................................................................................................. 24

SETTING UP NETFLOW TRACKER....................................................................................................................... 25

Setting up Licensing for NetFlow Tracker ............................................................................................. 25

Provisioning & Activation for a Network Performance Appliance ....................................................... 26Setting up Listener Ports ...................................................................................................................... 26

Applying SNMP Settings ....................................................................................................................... 27

Enabling Devices to Export Flow Data .................................................................................................. 28

Applying Device Settings in NetFlow Tracker ....................................................................................... 29

Device List ............................................................................................................................................ 31

Applying Traffic Class IDs ..................................................................................................................... 31

Applying Identified Applications........................................................................................................... 32


7/163


7

Applying Interface Settings .................................................................................................................. 33

Deleting a Device.................................................................................................................................. 34Making Sure That Data is Received ...................................................................................................... 35

Applying Security Settings .................................................................................................................... 38

VIEWING VERSION INFORMATION..................................................................................................................... 39

4: VIEWING REAL-TIME DATA ................................................................................................................. 40

VIEWING NETWORK OVERVIEW DATA............................................................................................................... 40

Top Applications and Interfaces for a Device ....................................................................................... 42Application Conversations .................................................................................................................... 42

Top Applications and Usage for an Interface ....................................................................................... 42

Interface Conversations ....................................................................................................................... 43

VIEWING DEVICES......................................................................................................................................... 43

VIEWING INTERFACES..................................................................................................................................... 44

VIEWING PER-ASDATA.................................................................................................................................. 46

FILTERING REAL-TIME DATA............................................................................................................................ 46

VIEWING CHART DATA................................................................................................................................... 52

Working with Pie Charts ....................................................................................................................... 53

Working with Tables ............................................................................................................................ 54

5: VIEWING LONG-TERM DATA ............................................................................................................... 56

VIEWING LONG-TERM NETWORK OVERVIEW DATA.............................................................................................. 56

VIEWING LONG-TERM DEVICE AND INTERFACE DATA............................................................................................ 58

FILTERING LONG-TERM DATA.......................................................................................................................... 59

SAVING A LONG-TERM FILTER.......................................................................................................................... 60

6: SETTING UP REPORTS ......................................................................................................................... 61

REPORTS OVERVIEW...................................................................................................................................... 61

SAVING REPORT FILTERS................................................................................................................................. 63SCHEDULING REPORTS.................................................................................................................................... 64

CREATING LONG-TERM REPORTS...................................................................................................................... 68

CREATING EXECUTIVE REPORTS........................................................................................................................ 73

Adding a Sub-report Cell ...................................................................................................................... 76

Adding an HTML Cell ............................................................................................................................ 78

VIEWING EXECUTIVE AND REAL-TIME REPORTS................................................................................................... 79

7: WORKING WITH ALARMS ................................................................................................................... 80


8/163


8

ALARMS OVERVIEW....................................................................................................................................... 80

Alarm Severity and Lifecycle................................................................................................................. 81Thresholds and Baseline Sensitivity ...................................................................................................... 81

Alarming for Persistent Changes .......................................................................................................... 82

Baseline Learning and Reset ................................................................................................................ 82

Tips and Techniques ............................................................................................................................. 83

CONFIGURING ALARMS.................................................................................................................................. 84

Creating an Alarm ................................................................................................................................ 84

Creating an Interface Alarm ................................................................................................................. 85

Configuring the Host Behavior Alarm .................................................................................................. 87

CONFIGURING NOTIFICATION SETTINGS............................................................................................................. 89

VIEWING EVENTS.......................................................................................................................................... 89

Viewing the Events Timeline ................................................................................................................ 89

Viewing the Event List .......................................................................................................................... 90

Viewing the Event Lifecycle .................................................................................................................. 91

8: OPTIMIZING NETFLOW TRACKER ........................................................................................................ 93

DATA DISPLAY AND FILTERING SETTINGS............................................................................................................ 93

Management Portal Settings ............................................................................................................... 94

IP Application Names ........................................................................................................................... 96

DiffServ Names ..................................................................................................................................... 98

Hostname Resolution Settings ............................................................................................................. 99Subnet Names ...................................................................................................................................... 99

AS Names ........................................................................................................................................... 100

DATA MANAGEMENT AND SYSTEM PERFORMANCE MONITORING........................................................................ 101

Database Settings .............................................................................................................................. 101

Backup ................................................................................................................................................ 102

Archiving ............................................................................................................................................ 104

Memory Settings ................................................................................................................................ 105

A: SETTING UP NETFLOW ON NETWORK DEVICES ................................................................................. 106

ENABLING NETFLOW EXPORT/NDEON A CISCO ROUTER OR LAYER 3SWITCH........................................................ 106

Enabling NetFlow Export on an IOS Device ........................................................................................ 107

Enabling Sampled NetFlow Export ..................................................................................................... 108

IP FLOW-EXPORT TEMPLATE TIMEOUT-RATE 10.................................................................... 110


9/163


9

Enabling NDE on a Native IOS Device................................................................................................. 110

Enabling NetFlow Export on a 4000 Series Switch ............................................................................. 112Configuring NDE on a CatOS Device ................................................................................................... 112

ENABLING FLEXIBLE NETFLOW EXPORT............................................................................................................ 113

Enabling Flexible NetFlow Export ....................................................................................................... 113

Enabling Sampled Flexible NetFlow Export ........................................................................................ 115

Enabling NetFlow Export on Nexus 1000v & 7000 ............................................................................. 116

CONFIGURING NETFLOW INPUT FILTERS FOR TRAFFIC CLASS REPORTING............................................................... 118

ENABLING FLOW DETAIL RECORDS ON A PACKETEER DEVICE................................................................................ 118

ENABLING NETFLOW ON AN ENTERASYS DEVICE................................................................................................ 119

ENABLING SFLOW ON A FOUNDRY DEVICE........................................................................................................ 120

B: REPORT TEMPLATES ......................................................................................................................... 122

ADDRESS REPORTS...................................................................................................................................... 122

SESSION REPORTS........................................................................................................................................ 123

QOSREPORTS............................................................................................................................................ 125

NETWORK REPORTS..................................................................................................................................... 125

INTERFACE REPORTS.................................................................................................................................... 126

TRAFFIC IDENTIFICATION REPORTS.................................................................................................................. 127

FULL FLOW FORENSICS REPORTS.................................................................................................................... 127

OTHER REPORTS......................................................................................................................................... 127

C: REPORT URL PARAMETERS ............................................................................................................... 129

GENERAL FORMAT....................................................................................................................................... 133

REPORT PARAMETERS.................................................................................................................................. 134

TIME RANGE PARAMETERS............................................................................................................................ 140

Setting Start and End Times ............................................................................................................... 140

Creating a Fixed Length URL with Current Time Range ..................................................................... 141

Setting a Simple Calendar-Based Time Range ................................................................................... 141Setting an Advanced Calendar-Based Time Range ............................................................................ 143

Applying a Time-of-Day Mask to the Time Range .............................................................................. 145

Setting a Time Zone ............................................................................................................................ 145

Setting the Chart Sample Size ............................................................................................................ 149

Setting the Source Long-term Data .................................................................................................... 150

Filter Parameters ................................................................................................................................ 151

SECURITY PARAMETERS................................................................................................................................ 157


10/163


10

MANAGEMENT PORTAL ACCESS CONTROL PARAMETERS..................................................................................... 157

D: FILE FORMATS .................................................................................................................................. 161

CSVFILE FORMAT....................................................................................................................................... 161

Chart CSV format................................................................................................................................ 161

Pie chart CSV format .......................................................................................................................... 161

Tabular report CSV format ................................................................................................................. 162

XMLFORMAT............................................................................................................................................ 162

Chart XML format............................................................................................................................... 162Pie chart XML format ......................................................................................................................... 163

Tabular report XML format ................................................................................................................ 163


11/163


11

1: NetFlow Tracker Overview

Topics include:

Key Features

Deploying NetFlow Trackers

Data Management

Product Services

Key Features

NetFlow Tracker lets you, as a Network Administrator, view flow traffic from routers andmanaged switches on the network. From a web-based interface, it provides a set of

dynamic charts and reports to help you understand the nature of network traffic flow in your

network.

You can analyze application and protocol information in depth, including user, server, and

applications activity.

NetFlow Tracker supports data from a range of devices in various formats includingNetFlow versions 1, 5, and 9, IPFIX, Nortel IPFIX, sFlow, J-Flow, Cflow, and NetStream.

Key features include:

Install and configure NetFlow Tracker on Windows or Linux servers. See Chapter 2,

Installing NetFlow Tracker.


12/163


12

Customize setup to determine how data is gathered and managed, and optimize

NetFlow Tracker performance based on the data you need. See Chapter 3, Setting UpNetFlow Trackerand Chapter 8, Optimizing NetFlow Tracker.

View real-time network traffic in detail at per-minute resolution for one week by default.

Traffic views by user, user group, conversation, system and application are available.

Drill down and zoom in on data. Filter all real-time reports and charts on any field. See

Chapter 4, Viewing Real-Time Data.

Create custom long-term reports and charts.

Define and quickly access custom executive reports.

Format reports and charts as CSV or XML for further processing or as simplified HTML

or PDF for printing or emailing.

Full flow forensic reports are available. See Chapter 6, Setting up Reports.

Create threshold and baseline alarms. Receive notifications via SNMP traps. See

Chapter 7, Working with Alarms.

Deploying NetFlow TrackersYou can deploy NetFlow Tracker as stand-alone software on a dedicated server on your

network or as a Network Performance Appliance. As NetFlow Tracker is a web-based

application, you can access the system from anywhere in the network.

NetFlow Tracker servers are typically deployed near large switches or tightly clustered

switches or routers where there is a high degree of NetFlow traffic.

Alternatively, you can deploy a Network Performance Appliance as part of the Visual

Performance Manager network performance management system. This lets you viewperformance data and create reports from multiple Network Performance Appliances on

the network through a single web portal interface. For more information, see the Visual

Performance Manager System Administration Guide.


13/163


13

Data ManagementNetFlow Tracker has two databases:

The real-time database stores data at millisecond granularity. Report data is displayed

in one-minute granularity. By default, data is stored for up to seven days. You can

adjust this setting in Database Settings.

The long-term database stores aggregated data for multiple years at a granularity that

you set in Database Settings. By default, data is stored for 999 weeks at one-hourgranularity. When you configure long-term reports using custom granularity, the

database stores that data at that granularity for as long as the report is scheduled.

Database maintenance occurs every six hours (you cannot run database maintenance on

demand). During this time data is reorganized and transferred and aggregated in the

long-term database. To monitor the length of time this takes, see Making Sure That Data

is Receivedin Chapter 3: Setting up NetFlow Tracker

You can also archive and back up real-time data.

See:

Database Settings in Chapter 8

Backup in Chapter 8

Archiving in Chapter 8

Product ServicesFor NetFlow Tracker product information, see:

www.visualnetworksystems.com/netflow-tracker

Obtaining Technical Support

If you require technical support for NetFlow Tracker, contact the Fluke Networks Technical

Assistance Center (TAC) at the points listed below:


14/163


14

By phone: 1-800-708-4784By email:[email protected]

Supervision Gold support packages are available from the Visual Network Systems website.
mailto:[email protected]:[email protected]:[email protected]:[email protected]


15/163


15

2: Installing NetFlow Tracker

Topics include:

System Requirements

Preparing for Installation

Installing NetFlow Tracker on Microsoft Windows

Installing NetFlow Tracker on Linux

Note

For upgrade information, see the Release Notes included with the NetFlow

Tracker release.

System RequirementsThe type of system required to run NetFlow Tracker depends on the number of devices

sending NetFlow information to it and the amount and nature of traffic handled by those

devices.

Hardware Requirements

The following requirements are a guideline. To determine your requirements, test the

softwares performance in your network environment.


16/163


16

Table 1 Minimum Hardware Requirements

Component Minimum Requirement

Processor Intel Pentium D, Core 2 or Xeon or a compatible processor ofsimilar performance. Multiple processors improve performance,

but consider these only after increasing RAM and the

performance of the disk subsystem.

RAM 2 GB. Performance increases with the amount of RAM available

for the disk cache and database buffers.

Disk subsystem High performance disk subsystem with substantial free space.

SAS 6/i RAID controller, with 15k RPM disks in RAID 1+0

configuration

Software RequirementsNote

NetFlow Tracker requires high speed disk I/O to run effectively. If you run

antivirus software on the NetFlow Tracker server you are likely to have periodic

issues with storing and accessing flow data.

Table 2 Software Requirements

Software Requirement

Operating system English, Chinese, and Japanese language versions aresupported.

Windows XP Professional SP2

Windows Server 2003 R2 SP 2

Windows Server 2003 SP 2

Windows Server 2000 LinuxNetFlow Tracker has been tested and is supported

on Red Hat Enterprise Linux 5 and Fedora Core 10 runningJava 1.6.0_05 or later and MySQL 5.0 (Intel-compatibleprocessor).

For more information on installing NetFlow Tracker on otherLinux distributions, contact Fluke Networks TAC.


17/163


17

Browser MS Internet Explorer (IE) 7.0

IE 6.0 with SP1, critical updatesFirefox 3.0

Other web browsers may run but have not been tested.

Java version Java 2 Runtime Environment SE v1.6.0_05 or later

Other components MySQL 5.0 or PostgreSQL 9.0, installed with NetFlowTracker

Adobe Acrobat Reader 6.0 or later

Preparing for InstallationBefore installing, complete the following tasks:

NetFlow Tracker puts a heavy load on the system. It is strongly recommended that you

install it on a dedicated server.

Do not install any other MySQL-dependent software on the NetFlow Tracker server.

Because of the large database size and optimized structure required by NetFlow

Tracker, MySQL is set up in a way that can seriously degrade the performance of other

software that use MySQL.

NetFlow Tracker uses a version of MySQL that differs significantly from that used by

Fluke Networks NetFlow Monitor, NetWatch and ResponseWatch products. If you

install NetFlow Tracker on a server running one of these products it will not function

correctly. Likewise, if you install one of these products on a server running NetFlow

Tracker, both products will not function correctly.

NetFlow Tracker contains an embedded web server. Web servers normally run on port

80, but another web server on your system may be using this. You can choose a

different port during installation or disable other web servers prior to installation.

If you have previously configured a router for NetFlow Monitor, please note that

NetFlow Tracker requires a different active flow timeout or long aging timer.


18/163


18

Installing NetFlow Tracker on MicrosoftWindowsYou must log in as an administrator to install NetFlow Tracker. Installation takes several

minutes.

If you received NetFlow Tracker on CD, the setup program starts automatically when

you insert the CD. If it does not, open the CD drive in My Computerand double-click

setup.exe.

If you downloaded NetFlow Tracker software, double-click the file you downloaded.

Installation detects unsupported MySQL versions. If MySQL is installed on the server

already, a message asks if you want to continue. Uninstall any unsupported MySQL

version. NetFlow Tracker requires MySQL 5.0, which installed with the application. The

installation program will fail if the installed version of MySQL uses a root password.

Installing Java Runtime Environment on Windows

To install Java Runtime Environment:

1 Insert the NetFlow Tracker CD in your server.

2 If the server does not have the required version of the Java Runtime Environment

installed, click OKto install it. The Java installer launches.

3 Accept Suns license agreement and click Next.

4 On the Setup Type screen, choose Typicalor Custom. Select Customif you do not

want the web browser to use Suns Java Plug-in. Click Next.


19/163


19

5 When Java Runtime Environment installation is completed, click Finish.

Installing NetFlow Tracker

Once Java Runtime Environment installation completes, the NetFlow Tracker software

begins installing.

To install NetFlow Tracker:

1 On the Welcome screen, click Next.

2 On the License Agreement screen, accept the agreement and click Next.

3 On the Customer Information screen, enter your name and organization name.

Choose whether to install the software for yourself only or for every user that logs in to

the system. If you install the software for yourself, only you will see the shortcut to the

web front-end and only you can uninstall the software.

4 Click Next.

5 On the Setup Type screen, choose:


20/163


20

Completeto install NetFlow Tracker to the nfNetFlow Trackerfolder on your

system drive and MySQL to the MySQL folder on the same drive. The internalweb server will run on port 80 if available. If port 80 is unavailable, you are

prompted to choose another. Click Next. Proceed to step 7.

Customif you want to change the install folders or choose a different port even if

80 is available.

Click Next.

6 If you chose Custom, the Custom Setup screen is shown. You can change the install

folder for NetFlow Tracker and MySQL. Select the feature and click Change.

7 Click Next.

8 If you chose Custom setup or if port 80 is in use, the Select HTTP Port screen isshown. Select a port and click Testto check if it is available. Click Next.

9 On the Ready to Install screen, click Install. Installation take several minutes. If

installation stops for longer than that, contact Fluke Networks TAC. When installation

completes, click Finish.

After installation, a shortcut is placed in the NetFlow Trackerfolder under the Programsin

the Windows Startmenu.


21/163


21

Installing NetFlow Tracker on LinuxThe RPM installer works only for the supported distributions of Linux: Red HatEnterprise Linux 5 and Fedora Core 8. If you are trying to upgrade on a different

platform contact Fluke Networks TAC [email protected].

The NetFlow Tracker web server runs on port 8000.

To install or upgrade using the RPM run the following as root (replace the RPM file below

with the file you downloaded).

rpm -Uvh nftracker-6.0-0.i386.rpm

The following is an example of the install sequence:

The following graphic shows the successfully completed installation.
http://mailt:[email protected]/http://mailt:[email protected]/http://mailt:[email protected]/http://mailt:[email protected]/


22/163


22


23/163


23

3: Setting Up NetFlow Tracker

After installation, you can set up NetFlow Tracker to monitor data. Topics include:

Opening NetFlow Tracker

Selecting a Language

Setting up NetFlow Tracker

Viewing Version Information

Opening NetFlow Tracker

To open and set up NetFlow Tracker:

1 Open NetFlow Tracker:

To open NetFlow Tracker from the computer on which it is installed, from the

Windows task bar select Start > All Programs > NetFlow Tracker > NetFlow

Tracker.

To open NetFlow Tracker from a URL, open a web browser and type the IP ad-

dress or DNS name of the NetFlow Tracker on the port set up during installation.2 The Network Overview page is shown.

If you have not yet configured NetFlow Tracker, the Network Overview page has

no data. In the upper left part of the interface, select Main Menu> Settings.

Configure the settings required so that NetFlow Tracker can start monitoring data,

as detailed in this chapter.

If you have already configured NetFlow Tracker, data is shown on the Network

Overview page. See Viewing Network Overview Datain Chapter 4.


24/163


24

Note:

If you have password protection enabled you may need to log in as an administrativeuser to see the Main Menu > Settingslink. See Applying Security Settings later in

this chapter.

Selecting a LanguageYou can view the NetFlow Tracker interface in English, Chinese, or Japanese, depending

on the language settings of your browser.

To change language settings:

1 Access the language selection dialog:

In Firefox, select Tools > Options. From the Generaltab (in Firefox 2.0) or

Content tab (in Firefox 3.0), under Languages, click Choose.

In Internet Explorer, select Tools > Internet Options. From the General tab, click

Languages.

2 Click Addand select a supported language from the list:

Chinese/China [zh-cn]

Japanese [ja]

English/United States [en-us]

3 Select the language you want to use and click Move Upto place it at the top of the list.

10 Click OK. Then click OKagain in the Options or Internet Options dialog.

If you have password protection enabled you may need to log in as an administrative

user to see the Main Menu > Settingslink. See Applying Security Settings later in

this chapter.


25/163


25

Setting up NetFlow TrackerFrom the Settings page (Main Menu > Settings) you can set up NetFlow Tracker to gather

data from network devices, determine how that data is gathered and managed, and

monitor and optimize NetFlow Tracker performance.

If you are using NetFlow Tracker for the first time after installation, set up NetFlow Tracker

to start gathering data. Topics include:

Setting up Licensing for NetFlow Tracker or Provisioning & Activation for a Network

Performance Appliance

Setting up Listener Ports

Applying SNMP Settings

Enabling Devices to Export Flow Data

Applying Device Settings in NetFlow Tracker

Making Sure That Data is Received

Applying Security Settings

Once NetFlow Tracker begins collecting data you can apply additional data filtering and

management settings. For more information, see Chapter 8, Optimizing NetFlow Tracker.

When applying settings, note:

Each settings page controls a single aspect of the software. To apply changes, click

OKon that page. To return to the main Settings page without applying changes, click

Cancel.

Use the session path link on settings pages to return to the main Settings page. Usingthe web browsers Back button can cause you to lose changes.

Setting up Licensing for NetFlow Tracker

Use the Licensing page to apply a new full or trial license or check the status of an existing

license.

N tFl T k


26/163


26

To install a license:

1 Select Main Menu > Settings > Licensing.

2 Add license information:

If from a file, click Browse, locate the file, and select it. Then click Load.

If text, enter or paste the text and click Decode.

3 Click OK.

Provisioning & Activation for a Network PerformanceAppliance

Use the Activation page to review the current activation status.

An NPA must have a valid Activation Key for full operation. Appliances supplied by VisualNetwork Systems will automatically include such a key. However, virtual NPAs (and

physical NPAs re-installed from the Recovery Disk) will need an Activation Key to be

supplied via VPM.

In cases where a valid Activation Key is not present, the NPA will start a 30 day trial period

when first provisioned into a VPM. Once this period has expired a user must apply a full

Activation Key; upon successful application of the new key data acquired during the trial

period will then still be visible.

To initiate activation an NPA must be provisioned into a VPM. Please refer to the Visual

Performance Manager User Guidefor further details on provisioning an NPA and sending

an Activation Key down to the NPA.

Note that if the NPA has Security Settings defined, the NPA must also define a portal

secret under Management Portal Settings and the same portal secret must be entered inthe provisioning settings on VPM.

Setting up Listener Ports

Use the Listener Ports page to set the UDP ports on which NetFlow Tracker will monitor

NetFlow traffic from devices.

NetFlow Tracker


27/163


27

When you set up NetFlow exporting on a device, you provide a port number to which to

send exports. By default, NetFlow Tracker listens on ports 2055 and 6343.

For more information about configuring devices for NetFlow, see Appendix A, Setting up

NetFlow on Network Devices.

To add listener ports:

1 Select Main Menu >Settings > Listener Ports.

2 Add ports. Select All local addressesand enter a port number:

Note

When adding local addresses, you must specify a port number on the NetFlow

Tracker server to receive NetFlow traffic.

3 Set the Receive buffer size. The default size is 32768. This setting applies to all ports.

Note

If traffic exceeds the buffer size, increase the buffer size to avoid dropping

packets. If you increase the buffer size, monitor the systems memory usage.

11 Click OK. If you receive an error message, one or more ports are already in use. An

asterisk (*) marks these ports. Remove these ports and add others until no errors

remain.

Applying SNMP Settings

Use the SNMP Settings page to define default SNMP parameters. This information is used

to query devices.

When NetFlow Tracker receives exports from a previously unknown device, it scans the

device using SNMP to find its name and interface properties. Devices enabled for SNMPv1

or SNMPv2c can be accessed using a password, called a community string. By default,

NetFlow Tracker defines the community string public. You can define additional

community strings and define the order in which they will be attempted.

NetFlow Tracker


28/163


28

For devices enabled for SNMPv3, access depends on the level of security and access

rights defined. A single set of default SNMPv3 parameters can be specified. SNMPv3security is controlled by the User Name plus an optional Authorization Protocol &

Passphrase and Privacy Protocol & Passphrase. SNMPv3 access is controlled by an

optional Context Name.

Note

A device is scanned when it reboots and when NetFlow Tracker software

restarts. Because NetFlow Tracker checks each SNMPv2 community first when

it detects a new device, place the most frequently used communities higher in the

list for faster scanning.

You can change the SNMP parameters used to rescan an existing device on the device

configuration page. See Applying Device Settings in NetFlow Trackerlater in this chapter.

Devices that have not been successfully queried using SNMP have an next to them in

the Device List. See Device List later in this chapter.

To apply SNMP settings:

1 Select Main Menu > Settings > SNMP Settings.

2 Select SNMP 1/2c or SNMP 3.

3 If SNMP 1/2cis selected, enter at least one SNMP community string. If multiple strings

are added, each one will be attempted successively until an SNMP query is successful.

Enter the most common string first in order to speed up the search.

If SNMP 3is selected, enter SNMP v3 configuration information.

12 Leave the default settings for timeout (5000 ms) and number of attempts (3) used for

SNMP requests.

13 Click OK.

Enabling Devices to Export Flow Data

To view data in NetFlow Tracker, you must enable network devices (routers and switches)

to export flow data to the server running NetFlow Tracker. For more information, see

Appendix A, Setting up NetFlow on Network Devices.

NetFlow Tracker


29/163


29

Once devices are enabled, to see whether NetFlow Tracker has started collecting data,

see Making Sure That Data is Received later in this chapter.

Applying Device Settings in NetFlow Tracker

Use the Device Settings page to:

Collect information from devices using SNMP queries, so that interfaces are named

correctly.

Apply BGP settings if BGP is used to establish routing between autonomous systems

(ASes).

If necessary, specify a global scaling factor for sampled data from a device, so that

utilization information is scaled accurately in reports..

Apply traffic class, identified applications, and interface settings.

To configure devices:

1 Select Main Menu > Settings > Device Settings.

2 Select a device from the Device List. See Device List, below.

3 Apply General settings:

Override the name detected using SNMP.

Choose whether to archive real-time data from the device. Note: When you archive

data all NetFlow data monitored by the device is archived.

Show interface descriptions entered on the network device or leave the default

setting. Default does not show the interface descriptions.

14 Apply SNMP settings. For SNMP mode, select:

Use SNMPif the device supports SNMP. Let NetFlow Tracker use SNMP to scan

a device because the numbers used to identify the inbound and outbound inter-faces in NetFlow exports are not constant and SNMP is the only way NetFlow

Tracker can make a correct correlation between an identifier and a physical in-

terface or port.

Select an SNMP version (SNMPv1, SNMPv2c or SNMPv3) and enter the SNMP

criteria. See Applying SNMP Settings, above, for more information.

Dont use SNMPif the device does not support SNMP. This assigns default

properties to each interface encountered in NetFlow exports from the device.

NetFlow Tracker


30/163

User Guide

30

Keep current configurationto freeze a devices configuration. This ignores any

new interface encountered, so use this with caution.

To rescan an SNMP device using the SNMP parameters specified in the page, click

Rescan. This scans but does not savethe settings. You must click OKon the Device

Settings page to apply changes. Because NetFlow Tracker rescans a device when the

software restarts, a new interface is encountered, or the device reboots, you do not

normally have to manually rescan a device.

15 Apply BGP settings if BGP is used:

Local ASThe local AS number is required to get correct AS numbers for trafficrouted to or from the local AS. If BGP is not used, leave this setting blank.

Store peer/origin ASesFor a device that can send both the peer and origin AS

number for each NetFlow record, choose which AS numbers are stored in the

database.

Store BGP next-hopFor a device that can send the BGP next-hop address in its

NetFlow exports, store this value in place of the IP next-hop for the device.

16 Set Sampled Data Scaling.Most sampled flows (such as sFlow) contain embedded scaling factors that will be

applied automatically. Note that these scaling factors can vary from source to

source (e.g. from interface to interface) and also from flow to flow. If the supplying

device is experiences heavy loads it may reduce the sampling rate (effectively

increasing the scaling factor) to compensate.

However, a user may manually enter a scaling factor if they are not being supplied

by the device by checking this option and specifying a device-wide scaling factor.For flows that contain the embedded scaling factor, see Applying Interface

Settings, below, for more information.

17 Apply Traffic Class settings. See Applying Traffic Class IDs below.

8 Apply Identified Applications settings. See Applying Identified Applications, below.

9 Apply settings for interfaces. See Applying Interface Settings, below.

10 Click OK.

11 Click OKon the Device Settings page.

NetFlow Tracker


31/163

User Guide

31

Device List

Use the device list on the Device Settings page to check the status of known devices and

override the interface descriptions and speeds collected by NetFlow Tracker.

NetFlow Tracker performs an SNMP scan when it starts to populate this list. When devices

reboot, they are rescanned.

The name and address of each known device are listed, along with a status indicator:

(exclamation point)Indicates that NetFlow Tracker could not contact the device

using SNMP or is ignored due to a license violation.

(hourglass)Indicates that the device is being scanned and cannot be edited. To

see if scanning has finished click Refresh.

No iconThe device is working correctly.

Click a device name to edit its settings.

Note

Any changes you make to any device are only applied when you click OKin the

main Device Settings page.

Applying Traffic Class IDsIn the Traffic Class IDs section of a devices settings page, you can map traffic classes or

manually add these using the list.

For devices that can export traffic class data that helps route the traffic involved in each

flow, leave Automatically map traffic classeschecked. If this option is not available for a

device, add each traffic class to NetFlow Tracker and configure a map from the devices

class ID to the NetFlow Tracker traffic class. Give each class a unique identifier that is used

if you create a URL with a traffic class filter. Note: This identifier does not need to match the

identifier exported by any of your devices for the traffic class.

To add traffic class IDs

NetFlow Tracker


32/163

User Guide

32

1 Select Main Menu >Settings > Device Settings.

2 Select a device from the Device List. See Device List above.

3 Expand Traffic Classes:

For devices that can export traffic class data that helps to help route the traffic

involved in each flow, leave Automatically map traffic classeschecked.

For devices that do not automatically map traffic classes, click add/deletein the

Traffic Class column header.

18 On the Traffic Class Names page, enter a unique identifier and name.19 Click Add. To delete an ID, select its checkbox and click Delete.

20 Click OK.

21 Click OKin the devices settings page.

Applying Identified ApplicationsIdentified applications are similar to traffic classes and you configure them in the same

way. Packeteer devices support this feature.

As with traffic classes, leave mapping enabled for devices that support it.

For devices that do not support automatic mapping, you must create a unique, NetFlow

Tracker-specific identifier for each identified application that you want to report on. Thendefine a mapping from the device-specific protocol or service ID to the NetFlow Tracker

identified application for each device.

To add application identifiers:

1 Select Main Menu > Settings > Device Settings.

2 Select a device from the Device List. See Device List above.

3 Expand Identified Applicationsand click add/deletein the Identified Applications

column header.

22 On the Identified Application Names page, enter an identifier and name.

23 Click Add. To delete an ID, select its checkbox and click Delete. Click OK.

24 Click OKon the devices settings page.

NetFlow TrackerU G id


33/163

User Guide

33

Applying Interface Settings

If you cannot change the settings of the device or it has an asynchronous interface, you

can override the description, inward speed, and outward speed for its interfaces. For

non-SNMP compatible devices, you must provide interface descriptions and speeds.

You can associate any interface on any device with a uniquely named Virtual Private

Network (VPN) for reporting and filtering. A VPN groups data from the devices and

interfaces assigned to it. This data is included in the VPNs report and by the VPN filters.

NetFlow Tracker assigns the customer-facing interfaces of an MPLS provider edge router

(PER) using MPLS VPN and supports the standard SNMP MIB automatically. If your

network device does not support this, you must create a unique identifier for each VPN.

Note

If you reset a speed or description setting and the device reboots or has an

SNMP rescan, your settings are overridden.

If the device is sending sampled flows with the sample rate embedded in the flow record

(such as sFlow), then the last sample rate for a flow on a specific interface will be reported.

Note that some devices may be under excessive load and return a large value to indicate

this problem (sampled rate of 2147483647 or 7FFFFFFF hex).

You can also set an interface as inactive. Inactive interfaces do not show up in the interface

status report or in the Filter Editor. This option is useful to remove interfaces that do not

report NetFlow data from reports.

To apply interface settings:

1 Select Main Menu >Settings > Device Settings.

2 Select a device from the Device List. See Device List, above.

3 Expand Interfaces. You have the following options:a Enter an interface name and description.

b Enter the speed.

c To associate an interface with a VPN, click add/deletein the VPN column header.

On the VPNs page, enter a unique ID and name for each VPN. The description is

optional. To delete a VPN from the list, select its checkbox and click Delete. Click

OK.



34/163

User Guide

34

4 In the VPN column on the devices settings page, select from the drop-down list. If the

interface is not part of a VPN, leave the setting to noneand make sure that the P in-

terface(s) on an MPLS PER have their VPN set to nonealso because they carry traffic

from multiple VPNs.

Note

VPNs are assigned to interfaces by name, so each VPN must have a unique

name.

5 To mark an interface as inactive, check its Inactivebox.

6 Click OK.

7 Click OKon the Device Settings page.

Deleting a Device

You can delete a device from the devices settings page.

Note

When you delete a device, if the device is still sending NetFlow data to NetFlow

Tracker it will reappear after you delete it.

To delete a device:

1 From the NetFlow Tracker Main Menu, select Settings > Device Settings.

2 Select a device from the Device List. See Device List, above.

3 On the Device page, click Delete.

Note

If you cancel the deletion at this point, you will lose any other changes you have

made on the setting page.

4 ClickYes to continue.

5 On the Device Settings page, click OK. If you click Cancel, the device will remain, but

other changes you applied will be lost.



35/163

User Guide

35

Making Sure That Data is Received

To check that NetFlow Tracker is receiving data from a device, first check the Device

Settings page to make sure that SNMP access was successful. After several minutes, see

that the Network Overview shows data. Then review information on the Performance

Counters page.

Use the Performance Counters page to diagnose problems in NetFlow Tracker setup and

ongoing operation. Counters are stored for each device from which the software has

received data (see Table 3, Performance Counters, below). Counts start when the

system is started and you can reset them at any time.

Table 3 Performance Counters

Item Definition

System started at The time and date the system started.

Counters last reset at The time and date the performance counters were reset back to zero.

Free space for database The amount of available space on the disk for the database. The following message:ALERT: Flow processing suspended due to insufficient disk space. is shownwhen the tracker has stopped collecting flows because less than 10% of the disk

space is available. A warning is shown when less than 25% of the disk space is

available.

Disk usage over last hour

indicates disk will be full in

Trended disk usage over the last hour indicates that the disk will be full in the specified

time period.

Disk usage over last dayindicates disk will be full in

Trended disk usage over the last 24 hours indicates that the disk will be full in thespecified time period.

Current Free Memory The amount of free memory from the current program allocation.

Maximum Free Potential

Memory

The maximum potential free memory available to NetFlow Tracker.



36/163

User Guide

36

Current Program Allocation The amount of memory currently allocated to NetFlow Tracker.

Maximum ProgramAllocation

The maximum amount of memory that is available to NetFlow Tracker.

Average sample storage

duration:

The average time it takes to store samples to the database.

Last long-term database

maintenance durations:

This also lists the reports completed fully, partially, or skipped.

Last real-time database

maintenance duration:

The time that it took to delete real-time data older than the real-time data storage

period, plus the time that it took to archive the data. If the time is greater than 30minutes, it may indicate a performance problem on the server, too much data in the

database, or insufficient memory allocated for NetFlow Tracker.

NetFlow data received Shows the number of exports and amount of NetFlow data received from each device.Note: This is not the amount of traffic described by the exports but the LAN trafficgenerated by the exports.

Flow versions Indicates the flows versions received from this device. It is possible for a device to

send more than one version.

Traffic described Tracks the total amount of network traffic across all interfaces in each direction as

described by NetFlow exports received from each device.

Ignored flows These are flows that are discarded by Tracker and therefore are not included in theTracker flow database. Flow records are discarded for the following reasons:

Flow records are latesee Late Flows When devices are first seen by tracker (the device starts sending flow records), the

tracker attempts an SNMP query of the device and stores a record of the device inthe database. The tracker ignores flows from the device until the device record is

stored in the database.



37/163

37

Late flows This indicates whether flows are arriving at the tracker on time. If the counter is

non-zero, the router configuration should be reviewed. A temporary measure is to

increase the holdback timer so that late flows are processed; however, this introducesa delay in flow processing.

A flow is considered to be late if the difference between the flow end time and therouter sysUpTimemarked in the flow export header is greater than the tracker

holdbacktime. Ideally, flow exporting devices should be configured so that this timedifference is approximately one minute.

Long flows This shows the number of flows longer than 60 seconds received from a device. A

device sending a number of long flows should be examined to ensure that the activeflow timeout and/or mls aging settings are as advised in Appendix A, Setting upNetFlow on Network Devices.A consequence of long flows can be that utilization

spikes of greater that 100% appear in Trackers charts.

Unprocessed flowsets NetFlow version 9 flows are encoded in a flexible manner using templates exported bythe router every few seconds. For several minutes after starting NetFlow Tracker or

after a router reboots, NetFlow Tracker may receive flows that it cannot decode.

If you do not see data after 10 minutes, check the server, NetFlow Tracker settings,and the router configuration.

Interface scans NetFlow Tracker scans the interface list of each device exporting to it when the device

or NetFlow Tracker software restarts. A rescan also occurs when a new v9 export

template is received. A large number of rescans, particularly failed ones, indicates aproblem.

Missed flows NetFlow versions 5 and 7 exports contain a sequence number that NetFlow Trackeruses to detect when exports are missed. It can miss exports due to network

congestion or a busy router. If a switch or router is reordering the UDP packets thatcontain NetFlow exports, missed flows are shown. Each export normally contains dataon about 30 flows.

Note: If the NetFlow Tracker server is processing a very high volume of data it may

drop packets. In this case, increase the receive buffer size in Listener Ports.

See Setting up Listener Ports, above.

Missed exports NetFlow version 9 exports contain a sequence number that NetFlow Tracker uses to

detect when exports are missed. Unlike the version 5 or 7 sequence numbers, only thenumber of missed exports can be counted and not the number of missed flows.



38/163

38

No out interface The router sends flows with no out interface when anaccess control list lookup fails

or multicast traffic is routed. A high number of flows with no out interfaces is normal.

No in interface The arrival of flows with no in interface may indicate a configuration problem on a

Catalyst switch. Contact Fluke Networks TAC.

Applying Security Settings

Use the Security Settings page to set the protection level for user access to NetFlow

Tracker. You can also set a new default or custom home page for all users and for

individual users.

When adding a custom home page, make sure that the URL of any custom home page is

relative to the servers root. For example, the standard home page is specified asindex.jsp and the Network Overview is specified as report.jsp?cid=_topdevices. The

Network Overview is the default home page.

Security settings are optional.

To apply password protection:

1 Select Main Menu >Settings > Security Settings.

2 Choose a protection level:

No password protectionNo login or password is required and all pages are

accessible.

Protect configuration onlyA login and password is required for access. Set-

tings pages are accessible only to administrators.

Protect all accessA login and password is required for access. Settings pagesare accessible only to administrators and standard users have view-only access.

3 Set a custom home page. The default is Network Overview.

To use your own HTML page as a custom home page, place it in the customweb

folder under the NetFlow Tracker install folder and enter the URL here. For example, if

you enter http://server/customweb/file.htmlthe home page is

customweb/file.html.



39/163

39

6 If you applied password protection, add user login and password. You may apply

user-specific home pages. You must set at least one user as an administrator who can

configure settings.

7 Click Add. To delete users, select the users checkbox and click Delete.

8 Click OK. If you applied password protection or changed your own user login details

you must log in again.

Viewing Version InformationThe Aboutpage (Main Menu > Settings > About) shows NetFlow Tracker, Java, MySQL,

and operating system version information. It also shows the status of all main subsystems.

Use this page when consulting with Fluke Networks TAC to help diagnose a problem.



40/163

40

4: Viewing Real-Time Data

After you complete initial setup, real-time data is available within a few minutes. You canview this data in chart and table formats.

Topics include:

Viewing Network Overview Data

Viewing Devices

Viewing Interfaces

Filtering Real-time Data

Viewing Chart Data

See also:

Database Settings in Chapter 8.

Applying General and Real-time Report Settings in Chapter 6.

Viewing Network Overview DataThe Network Overview (Main Menu > Network Overview) shows the top devices and

interfaces on the network. From here, you can drill down to device and interface-specific

application data. It is NetFlow Trackers default home page. This page shows:

A pie chart, stacked bar chart over time, and table show the top five applications plus

Other by percentage of total traffic rate.Average and peak traffic rates are also

shown.



41/163

41

A table shows the top five interfaces by peak percentage of usage, along with the

direction and average percentage of usage.

A table shows the top five interfaces by traffic rate, along with the direction and

average traffic rate.

Viewing options include:

Click a device in the list to see its top applications and busiest interfaces.

Click an interface name to see its top applications and recent traffic.

Right-click a pie segment to create a report for that segment. From the menu, select anitem to create another chart for the selected time range.

Figure 1 Network Overview

Hold mouse over a

segment to highlightcorresponding table

row

Right-click to run an

ad hoc report

Click to view top

applications and

interfaces on device

Click to view top

applications and traffic

rate for interface



42/163

42

Top Applications and Interfaces for a Device

You open the Top Applications and Interfaces page

Online Help En

Documents

Transcript of Online Help En