cancel
Showing results for 
Search instead for 
Did you mean: 

Which switches should we monitor with ExtremeAnalytics and what ports?

Which switches should we monitor with ExtremeAnalytics and what ports?

Stephen_Stormon
Contributor

In each of our offices we have a x460G2 at the core and then a number of x440G2 switches uplinked to that which are used for PCs and VOIP.

At each of our colocation facilities, we have 4 x 695s and 3 x 5520s.  Our external internet connects to one of the x695s, the MPLS network that connects the colos and the two offices connects to another x695, and a P2P that directly connects the colos connects to the other x695.

The 4 x 695s are all connected via a tiered MLAG setup.  Should we just monitor the ports that uplink switches to another site or should we monitor all ports on all switches?  We also have a number of VMware servers that I know we will need to setup the Virtual Sensor for.

 

8 REPLIES 8

Zdeněk_Pala
Valued Contributor III

Topology: Switch X is connected to Switch Y

Scenario A: enable analytics on Switch X only

  • PLUS: Analytics will see traffic passing switch X
  • MINUS: Analytics will not see traffic local to switch Y

Scenario B: enable analytics on both Switch X and Y

  • PLUS: Analytics will see all traffic
  • MINUS: traffic passing both switches will be processed twice (higher CPU), but deduplication happens the result is correct as long as both switch X and Y are processed by the same Analytics Engines

Scenario C: enable analytics on edge ports of Switch X and Y = exclude inter-switch links.

  • PLUS: little lower overhead on the network
  • MINUS: the minimum version XIQ-SE 23.2.10 and enable Fabric Mode on the analytics engine. 
  • MINUS: manual configuration of the switch (disable the analytics on the inter-switch links

For EXOS the recommendation/best practice is Scenario B.

Regarding the Virtual Sensor:

  • Virtual Sensor was a paid component
  • Virtual Sensor was not a successful product and is end-of-sales already
Regards Zdeněk Pala

Thank you for the clarification.  I tried adding more of our switches but what of them is giving this error which I am not sure what to do about.

An error has occurred while adding a telemetry source to the selected engine. The switch's ACLs may be fully utilized due to other switch policy. You can use the EXOS "show access-list" command to investigate. See below for an error message from the EXOS device.

Every switch HW has some limitations in the ASIC chip. The premium edge devices have more ACL space compare to non-premium devices.

You can try the command "configure policy resource-profile" to limit the resource allocation made by policy.

You can modify the telemetry.pol file to limit the analytics.

I hope it helps. Good luck.

 

Regards Zdeněk Pala

Stephen_Stormon
Contributor

I read your initial comment of "I recommend enabling analytics on all ports where the traffic can enter your network" to mean that we only needed to enable Analytics on the ports connected to our MPLS network and infrastructure (entering our network between sites) and not as "entering the network" from anywhere like a PC or server connected to the network.

 

So enable it on all ports on all switches?  For example in our one office, we have the core switch which uplinks to a desktop switch stack and a VoIP switch stack.  So we want Analytics enabled on all ports on all of those or just the core?

Is there any benefit/need to also install the Virtual Sensor on our VMware servers if we already have analytics enabled on every switch port?

 

GTM-P2G8KFN