cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

"Useless Protocols/Applications/Servers" and Analytics Licensing

"Useless Protocols/Applications/Servers" and Analytics Licensing

LeoP1
Contributor

Hi Guys,

I'm working on a customer's Analytics PoC and after get it running for a few days we could measure how many flow licenses they need... (deployed in Overlay mode, with PV-FC-180).

The customer's network is generating around 260K flows/min (EMC Analytics License usage graph)

But we discovered that the 2 TOP applications by flows in the customer's network are DNS and SNMP, followed by MS SQL Server.

Taking a closer look, as shown by EMC the number of flows in 1 hour timeframe (this is a consistent number if you extend the timeframe to days) is DNS=1.7M, SNMP=1.2M (the customer uses other SNMP applications than EMC for specific monitoring of devices) and SQL=950K (prodution databases).

With these numbers, we need 300K licenses for Analytics (which obviously costs money)... But DNS and SNMP statistics (flows) aren't a concern for the customer (useless information), and are consuming Application licenses.

I was thinking about how can I exclude/ignore these types of flow from the Analytics workload, which could allow the customer to buy it.

I found this article https://extremeportal.force.com/ExtrArticleDetail?an=000082263 but I don't know if this only excludes the data from reporting (even using the Application Licensing) or it ignores these flows (and don't count as license usage).

Also, I don't know if including in the policy mirror some rules denying these protocols (as I do for GRE) could prevent the Netflow records being generated for the Analytics Engine on the PV-FC-180, saving this licensing needs.

Any ideas?

Best regards,

-Leo

15 REPLIES 15

Steve_Ballantyn
Contributor
Hey folks - just wanted to chime in that I also have a similar problem. I have a particular application running on my wireless network that generates thousands of UDP broadcasts that are blowing up my flow counts. It's only two wireless clients and one server. I am licensed for 3,000 flows and I am now generating between 7,000 and 10,000 (just from these three devices). My options are to stop watching flows for all of wireless - or tolerate the "License Violation" notice in place of useful data. Because as you are seeing - you can't ignore specific IP's.

I opened a case with GTAC on this and they said that while there is not really a cure for this - there is a cure coming in XMC 8.2. We just don't have an ETA on when that will be out.

Quote from my GTAC case:
It is confirmed we don't have the option to filter a specific IP against our flow count. We do however plan to make some changes in 8.2 that will make this issue go away for you. This will come out later this year.

Oh good. I stopped capturing flows on my core S4 and moved to only getting application data from the wireless APs because of this problem, I had a lot of SNMP clogging up my flows.

Hi folks,

Any news on this issue?
Anyone has achieved a successful conf to exclude DNS & SNMP protocols?
XMC 8.2 is now there... but anyone knows what we should add as settings?

Thanks for your answers in advance.
Regards,
Fernando.

Tomasz
Valued Contributor II
Hi Fernando,

XMC/EAA 8.2 comes with a significant change in licensing - per device instead of per flow, with FPM license being migrated to per device. You won't care about unwanted flows any more, but you might care about all MACs seen by the analytics engine. šŸ˜‰

Hope that helps,
Tomasz
GTM-P2G8KFN