August 2014 Webcast Q&A Transcript

Document created by Stuart_Weenig on Aug 19, 2014
Version 1Show Document
  • View in full screen mode

Joe Mohacsi - 11:22 AM
Q: I know you import your NAST output to a db. Why not import it into something like CA Performance Mgt or some other CA product user interface?
Customer Programs8 - 11:23 AM
A: This question was answered verbally.
I could have used the MySQL database already present in the NFA console or in Performance Center. However, to avoid problems and segregate data, I built a separate database on the NFA Console MySQL instance. It was cleaner this way. I could have inserted directly into the PC database, however since there is no easy/good way to build custom charts and widgets in Performance Center, I decided to make it a standalone environment. This method also allows me to put my reporting tool on any server I want (e.g. separate from the entire CA system).

massoud shamsian - 11:24 AM
Q: Are there any updated device Netflow configuration guidelines? i.e. Flexible Netflow? on Nexus.
Customer Programs8 - 11:25 AM
A: This question was answered verbally.
The best guideline for configuring Netflow is the 'How to Enable Netflow' document on the community.

Amruth Patil - 11:25 AM
Q: Hi Stuart, can you assist for checkpoint configuration?
A: Unfortunately, it looks like the 'How to Enable Netflow' document doesn't contain any information about Checkpoint firewalls and I don't have any experience doing it.

massoud shamsian - 11:26 AM
Q: On neflow 9.2 is ther an option to measure and report on device to device latency?
Customer Programs8 - 11:27 AM
A: This question was answered verbally. Thanks!
There were plans a while back to use Netflow data to show per hop latency, but it hasn't yet been built into the product.

Amruth Patil - 11:30 AM
Q: any utility u use to backup NFA DB?
Customer Programs8 - 11:30 AM
A: This question was answered verbally - thanks!
Yes, the recommended tool is DBToolv3 (Tech Tip - Database Optimization) and I built a wrapper around it that provides additional features called nqbackup (Stuart's Semi-Professional Blog: NQBackup). You can use it to do backups on any MySQL database on any Windows server.

irshad khan - 11:30 AM
Q: how to configure NAST with NFA?
Customer Programs8 - 11:32 AM
A: This question was answered verbally.
There is no real configuration. It's like using Wireshark on your harvester. You simply copy the tool to the harvester and run it. There is no configuration.
If you want to run it as part of a batch script, simply add the --batch argument to the command and the number of minutes you want to analyze.

massoud shamsian - 11:31 AM
Q: Any plans to enable migration of existing 3 tier to 2 tier NFA in 9.2?
A: This is a question for the product manager, Martin Kowalewski.

Dave Moy - 11:34 AM
Q: do you have any conversion table that would estimate flow rate from the bit rate of an interface? (for estimating purposes - additional Harvester needed)
Customer Programs8 - 11:38 AM
A: This question was answered verbally - thank you!
I don't, and there's a very good reason for that. There is no good correlation between volume on an interface and the number of flows required to describe that volume. Consider an example:
10 users doing 10kbps on an interface. This requires at least 10 flows. 1 User doing 100kbps (e.g. same volume) requires only 1 flow. Flow count is really not proportional to the volume. It's proportional to the complexity of the data.
Consider another example of two conversations between the same two end points. Conversation A is 100KB of data while Conversation B is 200GB of data. There would be only one flow for each conversation. The only difference would be the 'IN_BYTES' field which would contain a much bigger number for conversation B. Otherwise, they would be the same, while the volume of each conversation would be drastically different.
For this reason, there isn't, wasn't, and won't be a good table that correlates volume with flow count.