Extreme Networks

Anonymous · ‎05-19-2020

Have an EXOS Extreme based network, although it is predominantly on older technology like BD8K, or G1’s that does not support telemetry.

The network is generally made up of lots of small remote sites that use Cisco, Juniper and Palo Alto firewalls and EXOS switches. These talk back to two main data centres where the BD8K's exist.

They would like to be able to view flow based information to typically look at top talkers and have mentioned doing this on their firewalls.

At this time the EXOS switches would dictate using a flow collector to retrieve the analytic data.

In the past I could simply, for example, have pointed Netflow from a Cisco device into Netsight and it would start providing all the flow based information, that was before the introduction of an Analytics engine.

So now I’m not sure what is the best course of action.

There is reference in this article that a flow collector is required to retrieve that information specifically from Cisco & HP. Possibly in part to extrapalate the N+15 packets for response time, which in this case we don’t necessarily need to see.

https://community.extremenetworks.com/extrememanagement-230297/extreme-analytics-and-netfow-sflow-or-ipfix-support-7824527

Questions:

If all these remote sites have Cisco / Juniper / Palo firewalls that support Netflow / Sflow / IPFIX and just want to see flow based information without response times, could Analytics / XMC be used in that way?
Would taking taps / telemetry data from the Data Centre switches provide all the flow / response time visibility for the whole of the network including the firewalls if required?
Should the remote sites support telemetry would there be a case to configure telemetry their instead of at the core / Data Centre?

Many thanks in advance.

Tomasz · ‎05-20-2020

Hi Martin,

I’ve no insights to the plans, but my current understanding (some food for thoughts) is:

EXOS G2 22.4+ switches at the edge, PV-FC-180 inline/out-of-band or virtual sensors will be needed to prepare valid feed for EAN for full L7 insights within 3rd party networks.

https://gtacknowledge.extremenetworks.com/articles/Q_A/What-devices-support-Netflow-or-IPFIX-to-the-... (as far as I remember Telemetry has also been added to some VSPs and ERSes recently as well).

What I miss in the picture, is if Netflow can be collected from any other vendors to just see flow stats. I have no option to try it out, I’m sorry. From Zdenek’s respons from the thread you linked seems there is a chance it may actually work.

Mirroring from either the DC switches or edge switches is a matter of design and what kind of traffic you wish to cover, general approach with 3rd party for full L7 inspection is correct - mirror what’s needed to a sensor appliance (and it will produce Netflow+MirrorN to EAN engine on its own). Please have in mind, sensor placement and thus propagation delays might give you slightly (?) different RTT calculations for application response time and network response time. Also local vs remote traffic can make difference. If there are not many sites, maybe it is something to consider to deploy local analytics engines in these sites, so propagation delays from Telemetry-enabled switches or sensor appliances will be of less significance. There was some limit like 6 EAN engines under XMC as far as I remember, but maybe it is gone like it happened with EAC engines. I didn’t spot this kind of change in the release notes though.

Hope that helps,

Tomasz

Extreme Networks

Netflow, Sflow, IPfix support for none Extreme Devices

Netflow, Sflow, IPfix support for none Extreme Devices