CA Network Flow Analysis AP Office Hours Transcript - June 23rd, 2016,  2.00PM - 3.00PM (AEST) Sydney Time

Document created by tarpa01 Employee on Jun 23, 2016
Version 1Show Document
  • View in full screen mode

Tarun Pamu to Everyone: Hi Everyone.. Welcome to the APJ Office hours for Network Flow Analysis... We will be starting in a moment

Manisha Patkar to Everyone: ok Thanks..

Tarun Pamu to Everyone: Lets gets started  now

Tarun Pamu to Everyone: Feel free to ask your questions

Marlos Barroso to Everyone: This slide is a brief summary of the latest version of NFA

Marlos Barroso to Everyone: We've included some UIM integration updates

Marlos Barroso to Everyone: And several fixes

Tarun Pamu to Everyone: The Team is ready to answer your questions..Please go ahead and ask your questions...Remember this is a chat only session...

Marlos Barroso to Everyone: New Linux Harvester installs must be installed to an RHEL 6.7 system or later

Manisha Patkar to Everyone: in case of 2 tier architecture...can we install NFA Console and Harvester on same machine/server?

Marlos Barroso to Everyone: Yes Manisha. This will be a standalone install, so you can install the harvester and the console on the same server

Marlos Barroso to Everyone: by default this setup will be a 2-tier architecture

Sumitha James to Everyone: How to view licenses on NetQoS

Manisha Patkar to Everyone: @manisha : is thr any performance issue post go live if we monitor 50 routers traffic?

Marlos Barroso to Everyone: @manisha: 50 routers should not cause any performance issue in NFA standalone setups

Marlos Barroso to Everyone: @Sumita: The number of licenses consumed can be viewed under System Status page

Todd to Everyone: Will the new version have any provision for automatically enabling interfaces (i.e. set it so that any interface with an ifname of Di1 is enabled as soon as netqos recieves the traffic)?

Marlos Barroso to Everyone: Todd: at the moment NFA does not have any provision to automatically enable new devices based n a filtering criteria.

Manisha Patkar to Everyone: how to trobleshoot (besides wireshark) when NetQos not receved any traffic from router eventhough netflow configured done at router? Any specific router configuration which can ask relevant team to configure at router?

Sumitha James to Everyone: we could see the number of liscensed devices as 1000 in our environment , how many devices / interfaces can be monitored on NetQoS

Satyanarayana Reddy Mokalla to Everyone: @Sumitha: Capacity of NetQoS Harvester depends on number of flows...Typically 500 interface per harvester

Marlos Barroso to Everyone: @Manisha: You can find the link below with a list of most common  netflow configurations for several vendors

Marlos Barroso to Everyone: https://communities.ca.com/docs/DOC-1061

Satyanarayana Reddy Mokalla to Everyone: @Sumitha: https://docops.ca.com/ca-network-flow-analysis/9-3-3/en/installing/system-recommendations-and-requirements

Sumitha James to Everyone: How to take online backup for NetQoS DB?

Marlos Barroso to Everyone: @Manisha: also there is some more comprehensive information on how to troubleshoot data flow in the user guide, this link contains further details: https://docops.ca.com/ca-network-flow-analysis/9-3-3/en/troubleshooting/troubleshoot-data-collection

Ranga to Everyone: Hi, We are using Juniper J6350 and 4350 serries routers. we see difficult in enabling netflow on Juniper routers do we have any documents on showing how to make NFA work on Juniper series ?

Marlos Barroso to Everyone: @Sumitha: you can use mysqldump to backuo the database: https://docops.ca.com/ca-network-flow-analysis/9-3-3/en/managing/maintenance-and-data-collection/backing-up-and-restoring-data

Sumitha James to Everyone: @Satya - ok, then what is that number of licensed devices (1000) mentioned in the NFA console represents/refers to?

Satyanarayana Reddy Mokalla to Everyone:@Ranga: This link gives netflow commands for most of the routers, https://communities.ca.com/docs/DOC-1061

Satyanarayana Reddy Mokalla to Everyone: @Ranga, Juniper Series is listed here...

Tarun Pamu to Everyone: For people who have just joined the session..Please feel freel to ask your questions..

Satyanarayana Reddy Mokalla to Everyone:@Sumitha: This link give more information on licenses: https://communities.ca.com/message/241872955

Sumitha James to Everyone: How to integrate NetQoS with CA Spectrum and how to configure alarms on netqos?

Manisha Patkar to Everyone: post fresh installation do we need to apply license file in NetQoS?

Satyanarayana Reddy Mokalla to Everyone: @Sumitha:  You can configure trap destination  in NFA, so that traps can be sent to spectrum, you also need to import NFA MIB in spectrum...

Marlos Barroso to Everyone: @Manisha: No. No license file is required in NFA 9.3.3

Kaushlendra Tomar to Everyone: Hi Marlos

Kaushlendra Tomar to Everyone: I have one client requirement

Satyanarayana Reddy Mokalla to Everyone: @Sumitha: This is how you can configure Trap/Alarms in NFA: https://docops.ca.com/ca-network-flow-analysis/9-3-3/en/managing/maintenance-and-data-collection/work-with-traps/create-change-or-delete-traps

Todd to Everyone: It looks like the interface in and out speed is currently set using the ifSpeed SNMP variable. A lot of the interfaces we monitor have a different in/out speed (i.e. 2 mbs in 1 mbps out) so using the one speed from ifSpeed doesn't show the correct bandwidth. Cisco has in its  ciscoIfExtensionMIB a variable cieIfSpeedReceive which is the true recieve speed. Is there any intention to allow the interface speeds to be set by variables other then just ifSpeed?

Kaushlendra Tomar to Everyone: how can we segregate http link data in analysis report..

Satyanarayana Reddy Mokalla to Everyone: @Simtha: Trap Destination can be configured in Application settings in NFA Admin page, you have to configure spectrum IP here.

Kaushlendra Tomar to Everyone: for eg. if I want to check how much bandwidth is consumed by gmail only

Marlos Barroso to Everyone: @Kaushlendra: You can create a custom report and apply http protocol as the filter

Satyanarayana Reddy Mokalla to Everyone: @Todd: Not as of now Todd, that would be enhancement and should be posted as Idea...

Kaushlendra Tomar to Everyone: for http traffic I can watch....

Kaushlendra Tomar to Everyone: but I want to segregate http traffic itself

Kaushlendra Tomar to Everyone: is it possible?

Kaushlendra Tomar to Everyone: can we achieve it with NBAR enabled interface...

Marlos Barroso to Everyone: @Kaushlendra: You can use NBAR reporting capabilities in NFA if supported by your router to report against a particular http application such as gmail

Kaushlendra Tomar to Everyone: ok thanks Marlo...

Kaushlendra Tomar to Everyone: in ehealth, there is a separate element for NBAR enabled interface...

Manisha Patkar to Everyone: if we have spectrum and UIM both...do we require to integrate NFA with UIM and Spectrum or integrating with UIM is sufficient for reporting purpose?

Kaushlendra Tomar to Everyone: in NFA, which report should we use to fetch NBAR data...

Satyanarayana Reddy Mokalla to Everyone: @Manisha: Integration with UIM is sufficient for reports.... for alerts, you have configured traps in NFA, please refer my answers to Sumitha question...

Marlos Barroso to Everyone: @Tomar: You need to create an NBAR2 mapping, this article has more information: https://docops.ca.com/ca-network-flow-analysis/9-3-3/en/managing/report-customizations/set-up-application-mapping/create-an-nbar2-application-mapping-rule

Kadhir to Everyone: Hi, Actual conversation between two lan users / device, but NFA is showing as only two location wan accelerator IP’s (Riverbed), due to this we are unable to get exact source and destination.. how we will be fix this ?

Venuraja to Everyone: We have challenge in getting the BW utilization from Juniper router. How ever no issues with Cisco router. We tried with Jflow .. but it is not working. The issue is - If the BW utilization is 100 MB , it is showing 1 MB. In case 100 KB , it is showing as 1 KB. Any specific settings to be done? in our environment

Venuraja to Everyone: We are using 9.2.0 version

Marlos Barroso to Everyone: @Kadhir: This depends on what flow information the device (router/switch) is sending to NFA, if the devices are behind the wan accelerator equipment and flow information is preserved, the source/destination IP information of the netflow flows should be preserved in the NFA reports.

Satyanarayana Reddy Mokalla to Everyone:@Venuraja: Recheck netflow configuration with vendor, also below link should help you: https://communities.ca.com/message/241875295#comment-241875295 : Check what is the samplerate configured on router and you may need to override the value

Satyanarayana Reddy Mokalla to Everyone: @Venuraja: Also refer below KB: TEC606788

Vijayaram to Everyone: How to get the 5 minutes interval utilization report for peak houra and non-peak hours ?

Marlos Barroso to Everyone: @Vijayaram: You create a time filter for Monday through Friday from 8:00 A.M. to 5:00 P.M for example. More information: https://docops.ca.com/ca-network-flow-analysis/9-3-3/en/managing/report-customizations/create-change-or-delete-time-filters

Kadhir to Everyone: Hi, Yes devices behind the riverbed only, Bu If it is preserved, how some tims it showing a exact source and destination Ip's ?

Vijayaram to Everyone: When we finding actual high utilization in the link same we are not able get from NFA..It shows normal utilization only...

Venuraja to Everyone: Normallay - in NFA , we are geteing the report for 1 min .. is it  possible to generate the report for 2 months back for a time interval of 15 Days with 1 min interval?

Vijayaram to Everyone: we have Juniper and Cisco devices and we have configured flow in the devices to fetch the actual utilization from the routers interfaces.

Marlos Barroso to Everyone: @Kadhir: Support would need to investigate this in more details. We should collect a packet capture from the harvester to troubleshoot what the NFA fields are reporting to NFA in order to narrow down the root of the problem.

Satyanarayana Reddy Mokalla to Everyone: @Vijayaram: You need to recheck netflow configuration on the router, check if best practices are followed...

Vijayaram to Everyone: But we are finding difficulties frm NFA to get the nactual link utilization report.

Sumitha James to Everyone: how to add Windows and UNIX servers under NetQoS?

Marlos Barroso to Everyone: @Sumitha: Can you please confirm if you want to monitor these servers?

Satyanarayana Reddy Mokalla to Everyone: @Venuraja: 1 minute interval report can be fetched for past one month only by default...

Satyanarayana Reddy Mokalla to Everyone: @Venuraja: https://docops.ca.com/ca-network-flow-analysis/9-3-3/en/managing/maintenance-and-data-collection/data-collection/1-minute-data

Sumitha James to Everyone: @Malo: yes, we need to monitor the server network traffic

Sumitha James to Everyone: @Marlo : yes, we need to monitor the server network traffic

Satyanarayana Reddy Mokalla to Everyone: @Vijayaram: That seems to be support issue, if you still face problem after configuring netflow properly on the router...

Marlos Barroso to Everyone: @Sumitha: You can create a custom report in NFA if you are insterested in monitoring traffic from the server. You can add the IP addresses of the servers.

Marlos Barroso to Everyone: @Sumitha: More information on custom report: https://docops.ca.com/ca-network-flow-analysis/9-3-3/en/using/custom-reports

Vijayaram to Everyone: You mean to say this issue is with devices compatability with NFA ?

Vijayaram to Everyone: If yes, how to address this ?

Sumitha James to Everyone: @Marlo: ok,, is it possible to add the server itself under netqos ? if so how to add it ?

Satyanarayana Reddy Mokalla to Everyone: @Vijayaram: Not device compatibility, that may be netflow data related or anyother thing that should be troubelshooted.  you can raise case for that.. we will take it offline...

Marlos Barroso to Everyone: @Sumitha: Normally you would add a netflow enabled network dev ice such as a switch or a router into NFA. A server usually does not export netflow data.

Sumitha James to Everyone: @Marlo: if we add the harvester ip in the snmp config of the server, will it reflect under netqos ?

Marlos Barroso to Everyone: @Sumitha: no, the purpose of the harvester is to collect flows from netflow enabled devices.

Marlos Barroso to Everyone: @Sumitha: If you want to monitor server traffci you may want to consider using UIM.

Satyanarayana Reddy Mokalla to Everyone: @Sumitha: Seems like, you want basic server monitoring like CPU, disk and Memory, it can be done through UIM (Nimsoft), not through NFA..

Sumitha James to Everyone: Anomaly detector is already installed on our environment. how to use effectively?

Satyanarayana Reddy Mokalla to Everyone: @Everyone: You can search with any errors or topics in google...

Vijayaram to Everyone: so there are the below things to be addressed in Offline.....1. Netwflow data related. 2. When we find utilization most of the times source and destination IP addresses showing only Riverbed Wan accelearator IP's. 3. When we take manothly report as per cusatomer expectation we will not be able to get meaningful report. Configuration of NFA to be analyzed..

Marlos Barroso to Everyone: @Sumitha:: Chapters 4 and 5 of the manual below has some recommendation: https://support.ca.com/cadocs/0/CA%20Network%20Flow%20Analysis%209%202%200-ENU/Bookshelf_Files/PDF/AD_Guide_en_US.pdf

Kadhir to Everyone: Hi,

Tarun Pamu to Everyone: @Kadhir... Please ask your question

Kadhir to Everyone: Hi, If support needed means, How i do proceed further on this ??

Kadhir to Everyone: To get exact source and destination details.

Sumitha James to Everyone: how much BW (%) will take by netqos monitoring ?

Satyanarayana Reddy Mokalla to Everyone: @Vijayaram: I will take it offiline..

Sumitha James to Everyone: how to add nexus switch under netqos?

Kaushlendra Tomar to Everyone: @Maarlo - can we create HA and DR for NFA?

Tarun Pamu to Everyone: @Kadhir.. Can you explain your question in detail please? Are you looking for opening a support case or something like that?

Marlos Barroso to Everyone: @Sumitha: Cisco general guidelines mentios bandwidth consumption around 1-2%

Sumitha James to Everyone: @Marlo: is it for pulling 5 mins report or 1 min report ?

Marlos Barroso to Everyone: @Tomar: HA and DR capabilities are not officially available at this moment for NFA.

Vijayaram to Everyone: So once NFA data related issues sorted then only we can able to find whether we are getting actual utilization reports and correct source and destination IP's and other NFA related issues ?

Satyanarayana Reddy Mokalla to Everyone: @Sumitha: nexus netflow configuration is listed here: https://communities.ca.com/docs/DOC-1061

Vijayaram to Everyone: ok..

Marlos Barroso to Everyone: @Sumitha: Nexus configuration should be available in the link: https://communities.ca.com/docs/DOC-1061

Kaushlendra Tomar to Everyone: @Marlo: can we do it in other way as it is required by manny client?

Sumitha James to Everyone: what will be the minimum bw required for the device to pull the report under netqos? for eg if the deviceis configured with less than 2MBPS whether netqos will pull the report or not ?

Satyanarayana Reddy Mokalla to Everyone: @Sumitha; It should be able to get reports...

Marlos Barroso to Everyone: @Tomar: You can discuss that with our CA Services team so that a custom solution can be applied by using third party tools

Sumitha James to Everyone: @sathya: what will be the minumum bandwidth it requires

Tarun Pamu to Everyone: We will have last 3 questions for today's session...

Marlos Barroso to Everyone: @Sumitha: in percentage terms is roughly 1-2% of the interface speed, this varies depending on the number of interfaces being monitored.

Kaushlendra Tomar to Everyone: ok

Kaushlendra Tomar to Everyone: Thanks Marlo..

Kaushlendra Tomar to Everyone:Thanks to all..

Kaushlendra Tomar to Everyone: I am going offline..

Tarun Pamu to Everyone: Alright people we will be winding this session now

Sumitha James to Everyone:@Marlos: you are asking for duplex or auto

Tarun Pamu to Everyone: Thanks Tomar for attending

Sumitha James to Everyone: i still have my ques unanswered !

Sumitha James to Everyone: @sathya: what will be the minumum bandwidth it requires

Tarun Pamu to Everyone: @Sumitha...Marlos is answering your question now

Satyanarayana Reddy Mokalla to Everyone: 1 to 2% of total interface bandwidth of interface...

Marlos Barroso to Everyone: @Sumitha: Does that answer your question?

Sumitha James to Everyone: @sathya: what will be the minimum bw required for the device to pull the report under netqos

Sumitha James to Everyone: @Marlos: yes it answers

Venuraja to Everyone: i  am not able to open this link ..https://communities.ca.com/message/241875295#comment-241875295 :

Satyanarayana Reddy Mokalla to Everyone: @Sumitha: I will call you discuss this..

Venuraja to Everyone: Please shsare the document to refer

Sumitha James to Everyone: Also please let us share the document for uim

Satyanarayana Reddy Mokalla to Everyone: https://communities.ca.com/message/241875295#comment-241875295

Sumitha James to Everyone: one more query , we face watchdog service is getting stopped intermediately after the upgrade

Satyanarayana Reddy Mokalla to Everyone: @Venuraja: https://communities.ca.com/message/241875295#comment-241875295

Marlos Barroso to Everyone: @Venuraja: the link requires login

Venuraja to Everyone: i tried with my Ca support Login and couldn't open this

Satyanarayana Reddy Mokalla to Everyone: @Venuraja:  Colon is extra character...

Satyanarayana Reddy Mokalla to Everyone: just remove that..

Satyanarayana Reddy Mokalla to Everyone: @Venu: Try again..

Tarun Pamu to Everyone: @Sumitha for the watch dog service ..Please raise a Support ticket and we will look into that... It requires indepth investigation

Sumitha James to Everyone: @Tarun :- sure we will raaise

Sumitha James to Everyone: can we get the link for uim document

Vijayaram to Everyone: We have an issues with NFA related data. Post resolving this issue only we can able to find if any other issues occuring...Please find my mail id to sort out NFA issues in offline.....vijayaram.muthukrishnan@sifycorp.com

Marlos Barroso to Everyone: @Vijayaram: we took note of your email address and we will contact you to sort out the issues with NFA

Vijayaram to Everyone: Thanks Marlos..

Satyanarayana Reddy Mokalla to Everyone: @Sumitha: I will share the document offline..

Sumitha James to Everyone: 1. what will be the minimum bw required for the device ? 2.to pull the report under netqos.we are unable to get the flow forensics report , only for 4 hours we get the report , if we give it for 24 hours it take 2-3 days for the report to generate. pls contact to so_tools@go2uti.com

Tarun Pamu to Everyone: Alright everyone... We are already running beyond the sitpulated time .... We will be having an Office hours session very soon again ...This Transcript will be posted on the communities site...Thank you everyone for joining...Hope this session was useful.

Satyanarayana Reddy Mokalla to Everyone: @Sumitha: Will call you ...

Tarun Pamu to Everyone: We are ending this session now..

Tarun Pamu to Everyone: Thanks again for joining...

Sumitha James to Everyone: thanks all

Attachments

    Outcomes