This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- How to check bandwidth hogs either netflow to what...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How to check bandwidth hogs either netflow to whatsupgold or purview
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-07-2019 03:14 PM
Hello,
Previously we had cisco 2901 routers with netflow enabled and pointed to a NMS called WhatsUpGold. Its a pretty popular network management system so some of you may have heard of it (or you could google it). If we wanted to see what user was hogging up bandwidth over the WAN, this was a great tool to see a visual graph.
We moved our core routing from a 2901 at our HQ to a pair of X690s. Its working rather well and theres better throughput vs the cpu limited 2901 (we sould of been using an ISR4400 series or something more powerful).
However now how can I get this netflow data for two particular WAN ports exported into WhatsUpGold? Or another alternative is Purview which we have with the Extreme Management Center. We have our cores (X690's) mirrored to a PurView appliance which does packet sampling and forwards to the Purview virtual machine. In Purview I can search for IP addreses and see whats going where, but to me I haven't found a very good visual like in WhatsUpGold. In WhatsUpGold I get very colorful and modern pie charts or line graphs that make it dead simple to find out the bandwidth hog. Not only that but there's a top 10 IPs by bandwidth (which DNS resolve) that I can sort the column to see who or what is using the most traffic.
So how can I get this functionality?
Thanks!
Previously we had cisco 2901 routers with netflow enabled and pointed to a NMS called WhatsUpGold. Its a pretty popular network management system so some of you may have heard of it (or you could google it). If we wanted to see what user was hogging up bandwidth over the WAN, this was a great tool to see a visual graph.
We moved our core routing from a 2901 at our HQ to a pair of X690s. Its working rather well and theres better throughput vs the cpu limited 2901 (we sould of been using an ISR4400 series or something more powerful).
However now how can I get this netflow data for two particular WAN ports exported into WhatsUpGold? Or another alternative is Purview which we have with the Extreme Management Center. We have our cores (X690's) mirrored to a PurView appliance which does packet sampling and forwards to the Purview virtual machine. In Purview I can search for IP addreses and see whats going where, but to me I haven't found a very good visual like in WhatsUpGold. In WhatsUpGold I get very colorful and modern pie charts or line graphs that make it dead simple to find out the bandwidth hog. Not only that but there's a top 10 IPs by bandwidth (which DNS resolve) that I can sort the column to see who or what is using the most traffic.
So how can I get this functionality?
Thanks!
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-08-2019 12:34 PM
Does What's up Gold support sflow? If so most EXOS switch have sflow export in hardware. WE have about 4000 interface in solarwinds all from various extreme switches. Solarwinds is a bit pricey but we use it for many other things too... There is multiple ways to trigger alarms, pull up reports, and create thresholds. It supports Netflow and Sflow so we are golden on other vendor products too.. Good luck
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-08-2019 03:31 PM
For us we use the default of each switch from factory... Key thing to remember is sfLow is still a sample of traffic so over time you get great intel. If you are looking for a 1 or 2 minute slice from z to a it can a be spotty unless z and a were big talkers... This is where ExtremeAnalytics will shine more as you can create filters to look for very specific traffic patterns at a much lower PPS rate...
Glad sflow worked for you... everybody loves pie charts ?
Glad sflow worked for you... everybody loves pie charts ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-08-2019 02:47 PM
Well I wasn't sure if WhatsUpGold supported sFlow, but sure enough it does! I also checked in ExtremeAnalytics and I have it set to pull from the Purview appliance. I was able to change it to both the appliance and flow monitoring. So when I added our two core X690 switches in, it automatically added to the configuration. I just had to add the sflow collector IP and port of our WhatsUpGold icon. Anyway here is a sample of the config:
configure sflow sample-rate 512
configure sflow poll-interval 60
enable sflow
configure sflow collector 10.1.1.16 port 9999 vr "VR-Default"
configure sflow collector 10.1.0.72 port 6343 vr "VR-Default"
configure sflow agent ipaddress 10.1.0.251
configure sflow ports 1:1 sample-rate 512
enable sflow ports 1:1 ingress
configure sflow ports 1:2 sample-rate 512
enable sflow ports 1:2 ingress
... and so on through all the ports down to 2:72
create mirror "EAN"
configure mirror EAN to remote-ip 10.1.0.72 from 10.1.0.251
enable mirror EAN
(Where Purview VM is 10.1.0.72, this core switch default vlan is 10.1.0.251. and whats up gold is 10.1.1.16 in my network).
Let me ask you is the sample rate and poll interval good enough?
I'm getting data in WhatsUpGold and its graphing nicely. I am able to pin point a particular host, network, country, interface, etc... and I see the makeup of the traffic. In ExtremeAnalytics I already had Purview setup, but now under Reports I can get a little more information such as interface statistics (for example I can search on port 1:1 and see the makeup of that traffic). Previously the Purview mirror was the only thing sampling packets to the Purview 1U hardware.
I'd say we can mark this as solved as sFlow is the answer to this question. Though to take it one step further, I would be interested in seeing what others use for sample sizes.
configure sflow sample-rate 512
configure sflow poll-interval 60
enable sflow
configure sflow collector 10.1.1.16 port 9999 vr "VR-Default"
configure sflow collector 10.1.0.72 port 6343 vr "VR-Default"
configure sflow agent ipaddress 10.1.0.251
configure sflow ports 1:1 sample-rate 512
enable sflow ports 1:1 ingress
configure sflow ports 1:2 sample-rate 512
enable sflow ports 1:2 ingress
... and so on through all the ports down to 2:72
create mirror "EAN"
configure mirror EAN to remote-ip 10.1.0.72 from 10.1.0.251
enable mirror EAN
(Where Purview VM is 10.1.0.72, this core switch default vlan is 10.1.0.251. and whats up gold is 10.1.1.16 in my network).
Let me ask you is the sample rate and poll interval good enough?
I'm getting data in WhatsUpGold and its graphing nicely. I am able to pin point a particular host, network, country, interface, etc... and I see the makeup of the traffic. In ExtremeAnalytics I already had Purview setup, but now under Reports I can get a little more information such as interface statistics (for example I can search on port 1:1 and see the makeup of that traffic). Previously the Purview mirror was the only thing sampling packets to the Purview 1U hardware.
I'd say we can mark this as solved as sFlow is the answer to this question. Though to take it one step further, I would be interested in seeing what others use for sample sizes.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
01-08-2019 12:34 PM
Does What's up Gold support sflow? If so most EXOS switch have sflow export in hardware. WE have about 4000 interface in solarwinds all from various extreme switches. Solarwinds is a bit pricey but we use it for many other things too... There is multiple ways to trigger alarms, pull up reports, and create thresholds. It supports Netflow and Sflow so we are golden on other vendor products too.. Good luck
