This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forÂ
- Extreme Networks
- Community List
- Network Management & Authentication
- ExtremeCloud IQ- Site Engine Management Center
- "Useless Protocols/Applications/Servers" and Analy...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
"Useless Protocols/Applications/Servers" and Analytics Licensing
"Useless Protocols/Applications/Servers" and Analytics Licensing
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-09-2018 03:53 PM
Hi Guys,
I'm working on a customer's Analytics PoC and after get it running for a few days we could measure how many flow licenses they need... (deployed in Overlay mode, with PV-FC-180).
The customer's network is generating around 260K flows/min (EMC Analytics License usage graph)
But we discovered that the 2 TOP applications by flows in the customer's network are DNS and SNMP, followed by MS SQL Server.
Taking a closer look, as shown by EMC the number of flows in 1 hour timeframe (this is a consistent number if you extend the timeframe to days) is DNS=1.7M, SNMP=1.2M (the customer uses other SNMP applications than EMC for specific monitoring of devices) and SQL=950K (prodution databases).
With these numbers, we need 300K licenses for Analytics (which obviously costs money)... But DNS and SNMP statistics (flows) aren't a concern for the customer (useless information), and are consuming Application licenses.
I was thinking about how can I exclude/ignore these types of flow from the Analytics workload, which could allow the customer to buy it.
I found this article https://extremeportal.force.com/ExtrArticleDetail?an=000082263 but I don't know if this only excludes the data from reporting (even using the Application Licensing) or it ignores these flows (and don't count as license usage).
Also, I don't know if including in the policy mirror some rules denying these protocols (as I do for GRE) could prevent the Netflow records being generated for the Analytics Engine on the PV-FC-180, saving this licensing needs.
Any ideas?
Best regards,
-Leo
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-10-2018 09:22 AM
Hi Leo,
Dropping packets using Access list on the egress direction (mirror to port) on the choke points, is that an option?
Dropping packets using Access list on the egress direction (mirror to port) on the choke points, is that an option?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-10-2018 08:34 AM
My suggestion is to first disable spanning tree, on your SSA, then loop it throught the SSA, basically first running through a policy filter to remove the traffic that you want, then loop it back through into a port that then monitors the flows with netflow and then a policy mirror. the first would be a pure port mirror (port to port via "set port mirroring") then loop in back into the same SSA into a policy mirror and netflow monitor.
Otherwise if you have some other way to prune the traffic (like running it through a linux box with ebtables and then dropping what you want) that should be used before you hit the SSA/FC.
Otherwise if you have some other way to prune the traffic (like running it through a linux box with ebtables and then dropping what you want) that should be used before you hit the SSA/FC.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-09-2018 06:59 PM
Hi again... Sorry, but I'm afraid I have bad news...
The procedure in the article (https://extremeportal.force.com/ExtrArticleDetail?an=000082263) give me also bad results...
Maybe there's another way and/or I may have made some mistake...
Let's see if we got some comments from the Engineering guys.
Best regards,
-Leo
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-09-2018 06:28 PM
Hi John,
I doesn't seems to work...
With policies applied, I can't see any SNMP traffic on the mirror port of the Appliance Engine, but it still showing records on the Application Flows...
It looks like the Netflow records keeps being generated.
I'll try the method on the article I've referenced before and let you know about the results.
Best regards,
-Leo
I doesn't seems to work...
With policies applied, I can't see any SNMP traffic on the mirror port of the Appliance Engine, but it still showing records on the Application Flows...
It looks like the Netflow records keeps being generated.
I'll try the method on the article I've referenced before and let you know about the results.
Best regards,
-Leo
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎08-09-2018 06:14 PM
Hi John,
As there's no answer until now, I decided to try using the policy approach, but I'm not really sure it won't generate the flows and get counted as Application Licensing usage... I'll let it run for a few hours to make sure...
I've chosen the SNMP protocol as my "dummy", and created the following policies on the PV-FC-180:
set policy profile 1 name Application pvid-status enable pvid 0 mirror-destination 1
set policy rule admin-profile port tg.1.2 mask 16 port-string tg.1.2 admin-pid 1
set policy rule admin-profile port tg.1.4 mask 16 port-string tg.1.4 admin-pid 1
set policy rule 1 udpdestportIP 161 mask 16 drop prohibit-mirror
set policy rule 1 ipproto 47 mask 8 drop prohibit-mirrorAfter applying it to the PV-FC-180, I can't so no more Application Flows on the EMC regarding SNMP, but as it takes some time, I'm not sure it is not accounted anymore.
I'll let you know about my progress.
Best regards,
-Leo
As there's no answer until now, I decided to try using the policy approach, but I'm not really sure it won't generate the flows and get counted as Application Licensing usage... I'll let it run for a few hours to make sure...
I've chosen the SNMP protocol as my "dummy", and created the following policies on the PV-FC-180:
set policy profile 1 name Application pvid-status enable pvid 0 mirror-destination 1
set policy rule admin-profile port tg.1.2 mask 16 port-string tg.1.2 admin-pid 1
set policy rule admin-profile port tg.1.4 mask 16 port-string tg.1.4 admin-pid 1
set policy rule 1 udpdestportIP 161 mask 16 drop prohibit-mirror
set policy rule 1 ipproto 47 mask 8 drop prohibit-mirrorAfter applying it to the PV-FC-180, I can't so no more Application Flows on the EMC regarding SNMP, but as it takes some time, I'm not sure it is not accounted anymore.
I'll let you know about my progress.
Best regards,
-Leo
