SOLUTIONS
NetFlow Analyzer
Leveraging OpenNMS as your NetFlow analyzer can help you gather the granular information to cut troubleshooting time and get to the fix faster.
Imagine a scenario where users are calling, Slacking, and emailing your network engineering team about trouble accessing a critical SaaS business application. Actually, most network engineers don't need to imagine such a scenario because they've already faced it, probably more than once. Network engineers confront many troubleshooting challenges in their roles, but one particularly complicated task involves diagnosing network performance issues.
Solving this may require gathering disparate yet detailed data to diagnose the issue, including when it started, if it’s constant or intermittent, if other users are experiencing similar troubles and more.
Luckily, there is a technology that has long been available and can make diving into these details easier: NetFlow. This and other network flow monitoring tools can provide much of the necessary granular information—not just how much bandwidth is used but also what and who are using it—needed to cut troubleshooting time. Utilizing OpenNMS as your NetFlow analyzer puts all the information you need at your fingertips to help you get to the fix faster.
Network Performance Troubleshooting
When facing complaints from network users, determining that the network is the cause is just the beginning of the troubleshooting process. Homing in on the specific issue can require answering the following questions:
- When did the issue start?
- Is the issue constant or intermittent?
- Is the device on the enterprise network or working from home?
- Does the device have a wired or wireless connection?
- Is the issue all applications or a particular one?
- Is there a specific part of the application that is slower? For instance, when you login?
- Are there other users experiencing similar issues with that application or in the same part of the network?
Traditional network management solutions often only provide information about whether the network is congested or if there are physical level errors, not giving much visibility above layer 2. Information like the source and destination IP addresses causing the problem is unavailable in these tools.
Tools that collect and graph interface statistics may not provide enough information to isolate the root cause. Interface thresholds, alarms, and traps are the equivalent of the dashboard lights in your car telling you something is wrong but no real information about what. Packet capture tools can help identify these addresses, but they are often expensive, difficult to maintain, and not deployed at all sites. With some luck, one can locate a bandwidth hog by examining switch ports, application statistics, or web proxy logs.
Network flow monitoring tools like NetFlow can fill in these gaps by providing deep network visibility, making it easier to see where and how your network is performing or not performing.
What is NetFlow?
NetFlow is a network monitoring protocol introduced by Cisco in the mid-90s to measure the amount and types of traffic flowing through Cisco routers and switches. The protocol has expanded beyond Cisco, and today, devices that support NetFlow collect IP traffic statistics on all interfaces where NetFlow is enabled and can export that information.
By analyzing this traffic data, a network administrator can see the traffic source and destination, class of service, and the causes of congestion. A flow monitoring setup consists of three components:
- Flow exporter: combines packets into flows and exports flow records to one or more collectors.
- Flow collector: receives, stores, and pre-processes flow data.
- Flow analyzer: analyzes flow data in the context of intrusion detection or traffic profiling.
Cisco standard NetFlow version 5 defines a flow as a sequence of packets with seven values that define a unique key:
- Ingress interface (SNMP ifIndex)
- Source IP address
- Destination IP address
- IP protocol number
- Source port for UDP or TCP, 0 for other protocols
- Destination port for UDP or TCP, type and code for ICMP, or 0 for other protocols
- IP Type of Service
Advanced NetFlow or IPFIX implementations like Cisco Flexible NetFlow even allow user-defined flow keys.
While NetFlow is the most common name in network flow monitoring due to Cisco’s pioneering of the industry standard, many other vendors, including Citrix, Juniper Networks, Nokia, and 3Com/HP, provide comparable network flow monitoring technology under names such as sFlow, NetStream, and Jflow. The NetFlow protocol itself has been replaced by Internet Protocol Flow Information eXport (IPFIX).
NetFlow Challenges
While NetFlow and its variants sFlow and IPFix have been around a comparatively long time in technology years, they have not been utilized as widely as they could be. There are several reasons for this slow adoption:
Overcoming these barriers often involves education, training, and hands-on experience. As individuals gain more understanding of the benefits and capabilities of NetFlow and related protocols, they will likely be more open to adopting these powerful network flow monitoring and troubleshooting tools. Another way to overcome concerns and smooth adoption is by pairing these tools with a proven network monitoring solution like OpenNMS.
OpenNMS NetFlow Analyzer
One of the advantages of utilizing NetFlow or another network flow source is that your network devices likely include support already—you will just need to activate it and point its output to a collector. If, by chance, your devices don't offer it, adding it is a reasonably low lift: you rarely need new hardware, and it’s relatively easy to configure with no downtime.
The resources consumed while active are low also; despite the concern listed above, the bandwidth required to export NetFlow data is usually less than 0.5% of total bandwidth consumption, and sampled NetFlow is an option for high data volumes.
In the typical network monitoring configuration, OpenNMS acts as NetFlow analyzer. Its classification engine can categorize flows according to a set of rules which define over 6200 applications for basic communication protocols. Users can also create their own classifications based on IP, port, protocol and exporter.
With OpenNMS NetFlow analyzer, you can also set thresholds to identify if a classified application is running above or below a stipulated amount to quickly establish if an application is working properly. A good example might be a video camera that is always sending data: you could set up a “low” threshold that checks to see that the camera is sending data to the network video recorder.
OpenNMS also enriches flow data by tying in the other information OpenNMS collects, such as SNMP-based interface statistics. This allows users to pivot across the environment as you chase a problem around. And users can send these flows via Kafka to other security tools to process the data. For highly secure or other difficult to reach network segments, OpenNMS core and minion can also be utilized as a flow collector in the network flow monitoring set up so you can gather and analyze information across your whole network.
Overall, utilizing OpenNMS as your NetFlow Analyzer offers several benefits that help overcome the challenges of using network flow information, including:
NetFlow and OpenNMS
OpenNMS’s support for NetFlow provides comprehensive visibility and in-depth insights into network performance, allowing network engineers to identify and resolve issues more quickly and effectively.
Embracing a network monitoring solution that supports network flow-based tools like NetFlow, sFlow, and IPFIX can significantly improve your network monitoring and troubleshooting capabilities.
With OpenNMS and NetFlow, you can gather the detail needed to overcome the challenges of troubleshooting network performance issues more quickly.
Keep reading
October 2024 Releases – Horizon 33.0.9, 2024.1.5, 2023.1.21, 2022.1.28
In October, we released updates to all OpenNMS Meridian versions under active support, as well as Horizon 33.0.9. Meridian Stable [...]
OpenNMS Single Sign-On with Kubernetes and Keycloak
OpenNMS continues to invest in Kubernetes. One example is the ability to deploy OpenNMS and OAuth [...]