Flow Monitor - WhatsUp Gold Plugin
What is NetFlow?
NetFlow is a Cisco developed technology that is embedded in many Cisco routers and switches as well as equipment of other manufacturers. Current version of NetFlow is v9.
WhatsUp Gold Flow Monitor (formerly NetFlow Monitor) gathers information from
NetFlow, sFlow and
jFlow enabled switches and routers allowing you to analyze and report on network traffic patterns.
It provides instant insight into how efficiently your network is performing and how bandwidth is utilized. Misbehaving applications and users that are consuming bandwidth inappropriately can be rapidly identified. WhatsUp Gold Flow Monitor presents detailed information to assess network quality of service and quickly resolve traffic bottlenecks.
WhatsUp Gold Flow Monitor integrates NetFlow traffic data into WhatsUp Gold monitoring and reporting, increasing your visibility into network performance.
Offered as plug-in technology to the extensible WhatsUp Gold architecture, WhatsUp Gold NetFlow Monitor integrates NetFlow, sFlow and JFlow generated traffic data into WhatsUp Gold monitoring and reporting, increasing your visibility into network performance and security.
- Fully integrated plug-in for all editions of WhatsUp Gold
- Scalable - also available as a stand-alone installation for enterprises with large amounts of traffic
How does it work?
Each router or switch with NetFlow enabled collects and aggregates information about traffic passing through the device and when configured to do so will transmit the information as records to a NetFlow enabled network management and monitoring system such as WhatsUp Gold. As packets traverse a device, seven parameters are analyzed, if they all match exactly, then this sequence of packets is determined to be a flow.
Each flow is time-stamped and assembled into a flow record by the device and exported to a specified NetFlow collector.
Key capabilities of the WUG Flow Monitor include:
Mapping Flows to Business Units
Flow data from multiple devices and ports may be grouped together by business function allowing reports to be generated by business use or unit, rather than
individual ports. This functionality can be leveraged by both the reporting and threshold alerting engines giving rapid response capabilities to business
impacting traffic bottlenecks.
Automatic flow source discovery and configuration
Using SNMP, the Flow Monitor plug-in can determine what devices on the network are "flow capable" and automatically configure those devices to forward
flow records with all appropriate timeouts and flow collector parameters configured. Effectively eliminating the need for "flow expertise" among staff
who can now focus on interpreting the results and not configuring systems.
*Support for Popular Flow Formats
In a single plug-in, Flow Monitor offers support for all the popular flow management formats, including NetFlow, sFlow, J-Flow and IPFIX. WhatsUp Gold
Flow Monitor also offers support for Cisco's newest NetFlow implementation called NSEL (NetFlow Secure Event Logging), which is available on the ASA
product line. With such extensive flow format support, you can utilize Flow Monitor using your existing infrastructure - no need to upgrade. Flow Monitor
works with an extensive list of switches and routers from vendors such as Cisco, Extreme, Juniper, HP, and many more.
Flow Monitor also collects NetFlow compliant records from WhatsUp Flow Publisher - through which
it provides visibility into application, host and user traffic across all non-flow capable devices.
Visibility into Network Bandwidth Utilization
Attempting to diagnose a slow network without visibility into QoS and exactly what traffic is causing the problem, is really only seeing a tiny part of the
picture. With WhatsUp Gold's Flow Monitor, you have the complete real-time visibility you need to manage bandwidth utilization and ensure optimal network
performance.
Comprehensive Reporting
Flow Monitor collects NetFlow, sFlow and J-Flow records from routers and switches and converts them into useful reports -- Top Protocols, Top
Applications, Top Senders, Top Conversations and many more-- which track real-time usage as well as historical trends. For example, Top NBAR Applications
report offers a complete view of NBAR traffic so you can accurately diagnose application performance issues and bandwidth constraints, without having to dig
deeper into the traffic flows. And new Class based QoS report offers a unified view of pre-policy and post-policy traffic side by side, including dropped or
deferred packages, so network administrators can easily identify critical issues --like router saturation--that can impact overall network traffic. Additionally,
95th percentile reports provide the capability to verify service providers' burstable billing records.
Threshold Based Alerting
In conjunction with the new Alert Center, Flow Monitor makes it easy to find out exactly where and when problems may develop in real-time. You can now set up
multiple configurable thresholds tracking the volume of traffic between conversation pairs, failed connections per host, top senders and receivers, and
specific interfaces over time. Custom configurable thresholds provide even more granular tracking of network traffic. With the combined Flow Monitor and WhatsUp
Gold solution, alerts are sent when the configured thresholds are exceeded, enabling network managers to proactively troubleshoot and resolve performance
bottlenecks and eliminate malicious network behavior.
The Many Uses of NetFlow
- network monitoring
- Network planning
- Security analysis
- Traffic and bandwidth analysis
- Application monitoring
|
- User monitoring
- Traffic engineering
- Peering agreement
- Usage-based billing
- Destination sensitive billing
|
NetFlow General Features
- Support for NetFlow versions 1, 5 and 9
- Automatic classification of traffic by type and protocol in real-time
- Identification of traffic patterns through the network in real-time
- Identification of traffic sources (top talkers) and destinations
- Dedicated NetFlow SQL Database
- Extensive support for switches and routers from:
- Cisco
- Juniper (cflowd)
- Foundry
- Extreme
- Enterasys
- Automatically flags high traffic flows to un-monitored ports and highlights those ports as candidates for monitoring
- Configurable support for proprietary protocols
Requirements
WhatsUp Gold Flow Monitor 2.0 has the same base system requirements as WhatsUp Gold v12.4. In addition, WhatsUp Gold Flow Monitor requires:
- WhatsUp Gold v14 or greater Premium, Standard, Distributed or MSP Edition
- At least one networking device that support flow monitoring
- SQL Server 2005 Standard or Enterprise Edition (recommended)
Note: WhatsUp Gold Flow Monitor is more demanding on the database than WhatsUp Gold. While WhatsUp Gold Flow Monitor can successfully use SQL Server 2005 Express, we recommend either MS SQL Server 2005 Standard or Enterprise Edition for best performance.
- An additional 2 to 4 GB RAM recommended
- 16 GB (required) to 22 GB (recommended) hard disk space for the databases
- Note: If using Microsoft® SQL Server® 2005, the database size is limited by available hard disk space