I was looking for one, because one of our clients was complaining about performance issues with their network, and I also wanted to start using Cisco's NetFlow protocol to monitor traffic statistics better. Although, I was very interested in NetFlow I also wanted to start using the infamous SNMP protocol too. After a few hours of searching on Google, I stumble across this program called OpManager, which gathers stats through SNMP and also has a NetFlow Analyzer plug-in!.
Allow me to briefly explain what the heck SNMP and Netflow is
SNMP
For those who just started learning about IP Networks, devices that support the SNMP protocol can advertise all sorts of cool information about themselves, such as CPU, Memory and Disk utilization (and that's just some of the cool things). SNMP typically runs on port 161 over UDP, and consists of an Managed Device (or SNMP Agent) that advertises info to a Network Management System (NMS). The NMS receives SNMP messages from all the agents and processes the data into tables or nice graphical reports. In order for SNMP agents to talk to an NMS, they must advertise the proper keyword, or 'Community String' to it. The latest version of the SNMP protocol (v3) includes support for user authentication and better security from sniffing attacks.
NetFlow
Cisco defines a flow by packets that match the same criteria of:
- Source IP Address
- Destination IP Address
- Source TCP or UDP port
- Destination TCP or UDP port
- Layer 3 protocol
- Class of Service
- Input interface
Using a tool like the NetFlow Analyzer, you can tell your devices to send these flow stats to a server, using UDP port 9996 (default for NetFlow) and also generate some nice graphical reports as to who's using up your bandwidth.
Instead of explaining all this, how about I just show you what I'm talking about
The first two screenshots are from SNMP monitoring and the last are NetFlow stats. The 10.x.x.x IP addresses are the internal Source and Destination IP Addresses, and what applications they are using. These graphs show the Top Talkers, on the network.
If you would like to start monitoring your network too, you can download the Free Edition of OpManager if you'll just be monitoring 10 devices, or you can get a trial/licensed version to use in your company. Download here http://www.manageengine.com/network-monitoring/download.html
Configuring SNMP on an ASA
snmp-server host inside 192.168.0.50
snmp-server community secretpasswordhere
also, to specify a specific version: snmp-server version x
Configuring Netflow on an ASA device:
flow-export destination inside ipaddress 9996
access-list acl_name extended permit ip any any
class-map class_name
match acl_name
policy-map policy_name
class class_name
flow-export event-type all destination server_ip
Configuring NetFlow on IOS devices:
go under the interface you want to monitor
int FastEthernet0
ip route-cache flow
ip flow-export destination ipaddress 9996
No comments:
Post a Comment