Hi Guys,I'm working on a customer's Analytics PoC and after get it running for a few days we could measure how many flow licenses they need... (deployed in Overlay mode, with PV-FC-180).The customer's network is generating around 260K flows/min (EMC Analytics License usage graph)But we discovered that the 2 TOP applications by flows in the customer's network are DNS and SNMP, followed by MS SQL Server.Taking a closer look, as shown by EMC the number of flows in 1 hour timeframe (this is a consistent number if you extend the timeframe to days) is DNS=1.7M, SNMP=1.2M (the customer uses other SNMP applications than EMC for specific monitoring of devices) and SQL=950K (prodution databases).With these numbers, we need 300K licenses for Analytics (which obviously costs money)... But DNS and SNMP statistics (flows) aren't a concern for the customer (useless information), and are consuming Application licenses.I was thinking about how can I exclude/ignore these types of flow from the Analytics workload, which could allow the customer to buy it.I found this article https://extremeportal.force.com/ExtrArticleDetail?an=000082263 but I don't know if this only excludes the data from reporting (even using the Application Licensing) or it ignores these flows (and don't count as license usage).Also, I don't know if including in the policy mirror some rules denying these protocols (as I do for GRE) could prevent the Netflow records being generated for the Analytics Engine on the PV-FC-180, saving this licensing needs.Any ideas?Best regards,-Leo
Hi again... Sorry, but I'm afraid I have bad news...The procedure in the article (https://extremeportal.force.com/ExtrArticleDetail?an=000082263) give me also bad results...Maybe there's another way and/or I may have made some mistake...Let's see if we got some comments from the Engineering guys.Best regards,-Leo
Hi guys,My idea doesn't seem to work... Mirroring takes precedence over ACL...The article: https://extremeportal.force.com/ExtrArticleDetail?an=000082079 talks about it, but i need to apply it as ingress on all interfaces, and it it not desirable.Any ideas?
This is only for a policy mirror. IIRC, you should be able to use policy to filter ingress traffic before sending to the port mirror process (which is a different internal process than the policy mirror).
Sorry. This is on EOS devices, like N-Series/S-Series. not XOS. not sure but I think policy implementation uses the ACL engine on XOS.
It is confirmed we don't have the option to filter a specific IP against our flow count. We do however plan to make some changes in 8.2 that will make this issue go away for you. This will come out later this year.
Contact Us:Sam PirokCommunity@extremenetworks.com