Fundamental Question to Analytics
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-08-2018 09:04 AM
We have an Extreme K6 System with a mix of X620 / K6 Switches.
We have Advanced XMC / Netsight and we have implemented the analytics via a appliance.
The core K6 sends packtes via netflow and a gre tunnel to the analytics appliance.
Problem:
we see all packets but only on packets with conncetion to internet we get values for Network Response and Application Response... but this ist the most.
We want to connect a bunch of K6 Systems over MPLS and in our Situation it is most emportant that we can track applications like DNS oder SMB with Network Response.
Behind the central K6 there are application servers and over the other K6 Systems comming clients over MPLS und a lot of hops.
I have a screenshot attached .. perhaps you can give me tips to find my error.
Regards
Christian
We have Advanced XMC / Netsight and we have implemented the analytics via a appliance.
The core K6 sends packtes via netflow and a gre tunnel to the analytics appliance.
Problem:
we see all packets but only on packets with conncetion to internet we get values for Network Response and Application Response... but this ist the most.
We want to connect a bunch of K6 Systems over MPLS and in our Situation it is most emportant that we can track applications like DNS oder SMB with Network Response.
Behind the central K6 there are application servers and over the other K6 Systems comming clients over MPLS und a lot of hops.
I have a screenshot attached .. perhaps you can give me tips to find my error.
Regards
Christian
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-09-2018 03:40 PM
For Network response time you need to see TCP-SYN and TCP-SYN-ACK = you will not see it for DNS most probably as majority of systems does use DNS over UDP.
On the K6 please check if you gather the data from both Access ports and from Uplinks also. Engine needs to see both Netflow from K6 and policy defined mirror from K6.
On the K6 please check if you gather the data from both Access ports and from Uplinks also. Engine needs to see both Netflow from K6 and policy defined mirror from K6.
Regards
Zdeněk Pala
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-09-2018 09:48 AM
Hello Tomasz,
i created the tunnel as suggested into some documents.
ip address 10.10.10.1 255.255.255.255 primary
no shutdown
tunnel destination 10.31.0.22 (analytics appliance)
tunnel mode gre l2 ge.1.23 (real Interface / empry but with a gbic)
tunnel mirror enable
tunnel source 10.10.10.1 (loopback address)
no shutdown
exit
As you see in my screenshot. it´s the same client and a connection to the internet will be show with appliacation response and network response, but a connection to DC for DNS will only see the flow and not the appliacation response ...(network response)
What ist eating this information ???
i created the tunnel as suggested into some documents.
- Loopback
ip address 10.10.10.1 255.255.255.255 primary
no shutdown
- Tunnel to analytics ..
tunnel destination 10.31.0.22 (analytics appliance)
tunnel mode gre l2 ge.1.23 (real Interface / empry but with a gbic)
tunnel mirror enable
tunnel source 10.10.10.1 (loopback address)
no shutdown
exit
As you see in my screenshot. it´s the same client and a connection to the internet will be show with appliacation response and network response, but a connection to DC for DNS will only see the flow and not the appliacation response ...(network response)
What ist eating this information ???
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-08-2018 09:32 PM
Hi Christian,
How is mirroring configured?
Depending on what do you mirror, you can get different results.
Network response time is RTT between TCP session establishment packets, while application response time is RTT between first data packets between client and server.
Is it possible that for traffic different than LAN-Internet you don't catch everything?
Regards,
Tomasz
How is mirroring configured?
Depending on what do you mirror, you can get different results.
Network response time is RTT between TCP session establishment packets, while application response time is RTT between first data packets between client and server.
Is it possible that for traffic different than LAN-Internet you don't catch everything?
Regards,
Tomasz
