Netsight Oneview Applications shows fingerprint matches, but no detail or bandwidth figures?

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
I have a new setup with a wireless controller dumping mirror data into Netsight. I had a lot of trouble getting this going initially. One of my issues resulted in having to disable the management interface and start using a "physical" type topology to manage my controller. This became the IP of the controller in Netsight. But I have to wonder if that old IP is still floating around in a config file somewhere on the Netsight side?

Anyway - the problem is this ... I am collecting all sorts of fingerprint data and application flows. But when I try to look at a bandwidth chart, I see nothing? For something like Facebook, I am getting a ton of hits. Yet '0' bandwidth usage?



Can anyone think of where I might have something mis-configured?

Also, a completely unrelated question (hijacking my own thread): When I am in the Wireless tab > Clients, with a particular client selected ... is there any way for me to go to an applications view for that client? I know that I can go to the Applications tab and then search for that client by MAC, but it seems like there has to be a direct method. And it seems like click-drag is disallowed on that Clients page so I can't do a copy/paste between those tabs.
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,306 Points 20k badge 2x thumb
Hey Steve,

could you try the same report but from OneView > Applications > Reports
On the right you'll see the most used applications - right click and choose Application usage for xyz.

Regarding to the 2nd question - I also didn't found a way to do it but I think it would be great to have such redirect.

-Ron
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
Hello Ron,

That trick works to pull up applications - but - it's empty! When I am looking at Active Flows, and then choose to show all flows for that client, I get nothing. Seems like something is disconnected with the flow of data?
Photo of Matthew Hum

Matthew Hum, Principal Engineer, APAC

  • 1,542 Points 1k badge 2x thumb
Have you verified the configuration?
Go to Configuration -> Status -> Diagnostics and then drop down Configuration Verification.



After that pulls up press Verify Configuration.



Check the bottom and see if everything is configured correctly.
Photo of Matthew Hum

Matthew Hum, Principal Engineer, APAC

  • 1,542 Points 1k badge 2x thumb
So it seems your SSA/Flow Collector/S-series is not sending netflow correctly. I would:
1. check connectivity between the SSA Mgmt interface and the Purview appliance. If you have not defined a management interface, you probably should do that.
2. verify the Netflow configuration. make sure the port and destination IP is correct. Make sure that is it enabled on interfaces, and enabled globally. verify that the number of exported packets increases.
3. tcpdump the purview appliance to see if you see the netflow packets. wireshark sniff the SSA to ensure that netflow is actually being sent.
These steps should tell you where the problem is.
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
Hello Matthew, maybe my issue is that I am not really using Netflow at all. I have a C5210 wireless controller (and only a wireless controller) that I want to monitor with OneView. Should I be dumping mirror traffic on the C5210 directly to the Netsight appliance instead of to the Purview?

On the Purview box, I am not seeing any packets on the standard Netflow ports (on either eth0 or eth1) but I am seeing the mirror traffic dump just fine.
(Edited)
Photo of Matthew Hum

Matthew Hum, Principal Engineer, APAC

  • 1,542 Points 1k badge 2x thumb
So Netflow only egresses on a physical port in the data plane of the wireless controller. You will need to ensure that a physical port (e.g. ESA0) has IP connectivity to the Purview appliance. Do not forget that you will need a route in the routing table, or a static default route (0.0.0.0 mask 0.0.0.0 gateway ). Please ensure that the netflow configuration is configured correctly in the VNS global settings and that netflow is also enabled per VNS.

As for mirrored traffic, that will need to egress another physical port (e.g. ESA1) and run to an interface on the purview appliance. This will be the interface mirrored configuration on the purview appliance.
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
Hello Matthew, let me run down that list.
  • ensure that a physical port (e.g. ESA0) has IP connectivity to the Purview appliance - I *do* have a "physical" type port with IP connectivity to the appliance, but it's on my lag2. Does that matter?
  • a route in the routing table, or a static default route (0.0.0.0 mask 0.0.0.0 gateway ) - Check!
  • ensure that the netflow configuration is configured correctly in the VNS global settings and that netflow is also enabled per VNS - Triple check!
  • As for mirrored traffic, that will need to egress another physical port (e.g. ESA1) - Check! This too seems to be working fine.  I have been over this several times. It all looks good. And for that matter, appears to be working when I run tcpdumps.
Seems like everything is set up right. I am just left wondering if there is some residual configuration hanging out somewhere from when I had an IP from the same subnet as my Purview and Netsight appliances configured on my management interface. Seems like there is a disconnect somewhere that I can't put my hands on. I did end up opening a GTAC case yesterday. No takers as of yet.  ;-)
Photo of Matthew Hum

Matthew Hum, Principal Engineer, APAC

  • 1,542 Points 1k badge 2x thumb
Can you send me a screenshot of your topologies so i can understand what you are talking about? a screenshot of the physical port details as well would help.

Does that physical port IP respond to ping from the purview appliance?

Ah. and I just remembered, netflow from the EWC comes on port 2095, not 2055. please tcpdump for that and see if you see that coming in.
Photo of Mike Thomas

Mike Thomas, Employee - GTAC - NMS

  • 7,498 Points 5k badge 2x thumb
Steve, are there any outstanding issues still? Are you all set?
Photo of Steve Ballantyne

Steve Ballantyne

  • 132 Points 100 badge 2x thumb
I still have a case open with support. So far, no one has been able to figure this out. I am tempted to pull the plug on this server and start over. But I would hate to go through all the work only to arrive to the same problem.
Photo of Dudley, Jeff

Dudley, Jeff, Employee

  • 914 Points 500 badge 2x thumb
Hi Steve,

I have some additional detail on how we save and report on data.  I will send a note along through your support ticket.

Thanks
Jeff
Photo of Steve Ballantyne

Steve Ballantyne

  • 5,566 Points 5k badge 2x thumb
Hello Jeff, thanks for the info. I understand that Purview is only collecting the "top figures", but the figures I want to look at - are the top applications, and the top bandwidth users. :-) Also, seems odd that it will always show me bandwidth histograms of the *wired* device/server on my network ... but it won't show me anything about the host on my wireless network, that is the reason for the data being collected?

I had an engineer out earlier this week from Extreme just to see how things are going with my new setup and I showed him some of these oddities. He suggested that I move along to version 7.x to see if these bugs go away. And I would like to use some of the other new improvements of 7, so even if it doesn't fix this problem, I am okay with that.

Also --- because I saved a screenshot, I found this file on my purview box which still had the original IP address of my wireless controller, not what it was changed to several weeks ago. Although, it appears that this file is the result of the installation, and perhaps is not read by any services?

Filename is: /opt/appid/server/config.properties

I updated the IP to the correct one and rebooted my Purview box ... but it had no effect on the problem.  :-(

Photo of Dudley, Jeff

Dudley, Jeff, Employee

  • 914 Points 500 badge 2x thumb
Addressed via the support ticket.