Hello. This is Jeff blank solar and sales engineer with a guided tour of solar winds netflow traffic analyzer or NTA. NTA is an add on module to solar winds network performance monitor. Using the flow technology that is inherent in most firewalls, routers and switches, NTA monitors, real time network utilization and bandwidth usage all the way down to the interface level. Within NTA you can identify which users or endpoints applications and protocols that are consuming your bandwidth and highlight your top talkers through analyzing Cisco Netflow, juniper J-Flow, s-Flow, IPFIX, NetStream data and much more. Remember NTA requires an installation of network performance monitor to function. MPM provides fault availability and performance data for your network devices and servers by pulling these devices using SNMP or WMI. When you first log onto your solar winds deployment, you'll be presented with your enterprise dashboard. This dashboard provides an at a glance insight into the status of your monitored network devices along with the dynamic network map and a variety of other monitoring resources. Here to the left you will see a view of all the network nodes that you are monitoring. This is a list of all your network devices by manufacturer, expand any of these and you will get a detailed list of all the manufacturer specific devices. The indicator will provide you with the status of the device and you can hover over any device for additional detail and then drill down for even more granular data simply by clicking on the device. Let's go ahead and select the Internet Gateway 3725. On the left hand side, you will see a number of customizable tabs that will allow you to create your own no details view. On the all details tab you'll see statistics such as note information, response time and packet loss, interface utilization, availability, statistics and more. Most of the charts provide a dragon discover capability. This allows you to drill down to a specific time frame simply by clicking and dragging over the period of interest. [MUSIC] Or by adjusting the slider below the chart. [MUSIC] Additionally, you can add or remove certain data with one click. [MUSIC] Let's look at an example, on our MinMax average response time and packet loss resource, we can isolate a specific spike by clicking and dragging over that device. [MUSIC] Now let's see how using NetFlow can help us further troubleshoot these spikes. If you click on the NetFlow tab at the top of the menu, you will be taken to a summary homepage. Solar winds NetFlow traffic analyzer is a collector that receives the flow data generated from your flow enabled network devices, processes the data and then displays that data in a number of easy to use charts, tables and graphs. To begin utilizing NTA, you need to first enable your network devices to generate the flow data and point it to NTA as the collector. On the NTA summary page, you will first see a list of the flow enabled devices that NTA is currently collecting data from. Remember that in addition to NetFlow, NTA also collects and analyzes s-Flow, J-Flow, IPFIX and NetStream data. By hovering over a device, you will see details about the node. Expanding a device will reveal the list of flow enabled interfaces. [MUSIC] The summary page also presents various helpful resources, including the top 10 flow sources by percent utilization, your top in points, applications, top conversations and countries. Within any of these resources, you can begin to drill down to access more specific data. [MUSIC] The flow navigator is a powerful search engine with an NTA that allows you to view data that meets criteria such as time period, flow direction, application and so on. [MUSIC] Let's now go back and look at the Internet Gateway that we previously saw a spike on by clicking to expand. Here you will see that NTA is receiving flow data on the Ethernet1-WAN interface and the in and out traffic. Click the interface for details. At the top of the page you will see an option to set the time frame that you would like to view [MUSIC] As well as choose whether you would like to see traffic that is ingress, egress or both. [MUSIC] This page provides information on who or what is generating traffic and where your traffic is coming from or going to with the top end points, top conversations, protocols, domains, applications, types of service, countries and CBQoS policy data for Cisco devices. [MUSIC] Starting an NTA fordauto NetFlow is able to store the flow data in a high performance database called the NetFlow storage database. This allows for virtually unlimited retention of one minute flow data granularity as well as a significant increase in the number of flows per second that can be processed. This allows users to be able to troubleshoot issues in a much more accurate way. For example, let's say a user complaints about a very slow but sporadic access to an application, having a one minute granularity level makes it possible to identify what type of traffic is consuming all the available bandwidth based on the pattern identified in NetFlow. [MUSIC] Now I'd like to point out that under the NetFlow tab, you'll see a number of sub menus that you can select. In essence, these are summary pages that are specific to a certain category. For example, by clicking on the Apps page, you will be taken to a NetFlow application summary page, which simply provides greater detail on the top applications that are generating traffic. You will also see pages for conversations, countries, endpoints, receivers, transmitters, IP groups, protocols, types of service and BGP info. [MUSIC] Using the Flow Navigator tab, you can also set filters and then create your own custom menus based on the data you have found. [MUSIC] So let's go into the NTA settings page. So you can see some of the behind the scenes activities. The settings page is where you will manage the NetFlow sources and how it collects data. The applications and service ports is a really cool feature. Let's say that you have a proprietary application in your environment, you can specify that application and added as an application to be monitored. Click Add application, let's name it, accounting traffic. It so happens that the accounting application uses port 9,000. You can select a range or specify multiple ports here. [MUSIC] If you know there's a sub net like the one here for the accounting department, you can specify the IP range 10.199.15.1 to10.199.15.60. If you want to see the application in your resource, simply enable the display in the top x IP address groups resource. Now set the destination IP address for this example. Let's set the IP address for the accounting server 10.199.15.2. So now you have the description, the port, the source IP address, range and the destination IP address range. So this allows you to collect traffic data that is traversing through this particular switch that is coming from the accounting department and hitting the accounting server. [MUSIC] The autonomous system settings allow you to edit and delete autonomous systems that are monitored by NTA. [MUSIC] In the IP address group settings, you are able to create custom IP address ranges to track in the top IP address groups resource as well as use when defining applications and applications and service ports. Out of the box, NTA monitors 141 protocols that can be enabled or disabled by default in the monitored protocols section. [MUSIC] If you have disabled the automatic edition of NetFlow sources, you can manually add or remove interfaces and define your CBQoS polling. [MUSIC] In NetFlow collector services, here you can choose to add another NetFlow collect report. By default NTA uses UDP port 2,055 but that can be changed. [MUSIC] The top talker optimization setting is really important for those that have a lot of traffic that they are monitoring. In most instances, the majority of NetFlow traffic is generated by conversations that represent a certain percentage of all possible monitored flows. In this section, you can define that percentage and then only record those flows that are utilizing the most traffic. By default, this is set at 95%. So if you find that you are missing some traffic, you can adjust that amount up to a 100, ultimately, this feature improves the overall responsiveness and performance of NTA. [MUSIC] In the database settings, you'll be allowed to define how long you will store your one minute data and at what levels of compression you will use to help with memory management. The delete expired flow data defines the frequency at which to perform the purge of data older than the retention period. The recommended value is once a day. [MUSIC] This concludes our tour of solar winds NetFlow traffic analyzer. Remember you can download a free, fully functional 30 day trial of NTA and other products at solarwinds.com. Check out solar winds user community thwack at thwack.com where you can get tips, tricks and advice on all things networking. [MUSIC]
