What is Network NetFlow monitoring?
NetFlow data is obtained by enabling the NetFlow, sFlow or Jflow protocol on routers and switches. Once activated, these devices send IP-level 3 and 4 (IP addresses, TCP/UDP ports) information.
This package is designed to summarize NetFlow statistics collected for a single interface, in order to identify any suspicious host or application activity on the specified interface.
Application NetFlow monitoring
The nettrace-netflow package, based on collection made by the ServicePilot Agent, gets aggregated statistics for network flows. The ServicePilot Agent can collect NetFlow (v5, v9), sFlow or Jflow.
Aggregated statistics are provided for each monitored interface: Conversations, Bytes In/Out, Packets In/Out. These are calculated by summing all of the received flow packets for an interface. Depending on the flow protocol used, these values will either be representative of the total traffic passed through the interface or only representative of the samples that the flow protocol takes from the interface.
The ServicePilot Agent summarizes the flow data received to keep only the top 3 flows (conversations between the same IP addresses and port numbers) by volume of data transferred per minute. These conversations details are stored in a specific collection "NetTrace" in order to provide advanced dashboards presenting the top consumers of bandwidth by host and application per interface monitored.
Requirements
NetFlow Collectionmust be configured and started on each NetFlow router.Network Flows
It is necessary to ensure network connectivity between ServicePilot and the monitored device.
UDP/2055 (NetFlow): Between NetFlow Router and ServicePilot Agent
Installation
Before adding a resource to monitor, make certain that all pre-requisites are in place.
Follow the documentation to add a resource to ServicePilot.
Key field notes
- In the Policies tab, specify the policy or policies to apply to the resource. Note that SNMP Policies are not applicable on NetFlow resources
- General tab:
- Source IP address Router or Switch IP address, sending flow records
- Source interface index: SNMP table index of the interface to monitor
- Summary: Create summary objects per service
- Top 3: Collect top 3 IPs, Applications, Ports per minute
- Interface Speed Parameters tab:
- Speed In (bps): The incoming interface speed in bps used to enable in load calculation
- Speed Out (bps): The outgoing interface speed in bps used to enable out load calculation
License
| Object Type | License object Consumed | Condition |
|---|---|---|
| NetTrace | 1 per service | If Summary is selected |
This package will also consume data in the NetTrace collection (Hosts Full-Stack license).
How to install a netflow resource?
- Use your ServicePilot OnPremise installation or a SaaS account.
- Add a new netflow resource via the web interface (
/prmviewsor/prmresources) or via API (/prmpackagespage), the default ServicePilot agent or another agent will be provisioned automatically.
Details of the netflow package are located in the
/prmpackagespage of the software.
Benefits
ServicePilot enables you to deliver IT services faster and more securely with automated discovery and advanced monitoring features.
By correlating the technology NETFLOW with APM and infrastructure monitoring, ServicePilot is able to provide a more comprehensive view of an organization's IT environment.
This allows IT teams to quickly identify and diagnose issues that may be impacting application performance, and take corrective action before end-users are affected.
Start with a free trial of our SaaS solution. Explore ourplans or contact us to find what works best for you.
