As networks get busier, they also tend to get slower. Trends like increased use of cloud services, bring-your-own-device (BYOD), video and VOIP all create incremental stress and pressure on the network. BYOD can also introduce challenges like increased use of photo and video sharing, and peer-to-peer traffic.
Upgrading networks can be very costly, and usually is only a short-term fix.
One solution: NetFlow
Many administrators turn to NetFlow analysis to help identify not just what kind of traffic is flowing on the network, but also top devices creating the traffic. This allows them to take action to manage excessive bandwidth consumption, possibly saving money on expensive upgrades.
SolarWinds recently gave us a preview of the newest version of their NetFlow Traffic Analyzer (NTA), expected to be released later this year. NTA has always done a great job at helping to decipher Flow data, and the new version has some interesting new features designed to make it easier for administrators to understand and take action to manage network traffic.
How well does it work? In this review we look at a couple of the new features, and test out NTA’s abilities.
What is the NetFlow Traffic Analyzer?
If you aren’t yet familiar with the product, NetFlow Traffic Analyzer is a traffic analyzer that can receive standard “Flow” data generated by devices from Cisco, Juniper, Extreme, Foundry, Riverbed, HP, Nortel, or Huwawei. It can support various implementations of the protocol including NetFlow, sFlow, IPFIX, etc.
Flow data shows how much, and what type of data is passing through a network interface. For example, it might show that IP Address #1 sent a 50 Mb data stream to IP Address #2 on port 80, and so on. Given the large volume of data on today’s networks, Flow data can be huge and hard to work with.
Analyzers like NTA attempt to take all that data and make it meaningful, and also add other features like alerting and historical reporting to help administrators gain network utilization intelligence.
One of the biggest changes in NTA 3.10.0 is the new chart styles. Gone are the old static charts, instead NTA now has charts that can be dynamically changed for custom date ranges on the fly using a sliding scale below the chart. Checkboxes allow users to turn on or off the display of different chart elements, making it easy to simplify the view by removing unnecessary data.
The charts also add a nice hover pop-up information box that appears when hovering the pointer over chart elements. The box shows detailed values for the element in question.
Users can also now click and drag to zoom in on charts, making it faster to zoom in to get a closer look at chart detail.
The speed of the new charts is impressive. Charts load very quickly compared to previous versions, and changes to date-ranges or other parameters are reflected almost instantly.
Other new features include enhanced support for sFlow v2 and v4, as well as enhanced support for interfaces that can’t be managed with SNMP – such as vSwitch interfaces.
NTA also has a lot of great features that have been there all along. Some of them include:
Designed for Administrators
NetFlow Traffic Analyzer delivers a good user experience from the start. Default views include a series of dashboards that identify a range of possible problem areas – top talkers, top endpoints, and top applications, to name a few.
The dashboard allows users to drill-down for greater detail. Want to know specifics of an endpoint that consumes a lot of data? Click on the endpoint to get detailed views of the kind of traffic flowing to and from that device. Drill down links help pinpoint when, where, and how much traffic is generated.
A nice feature is the ability to save customized views of the network. For example, if an administrator wants to monitor a specific traffic source or application, they could create a view that instantly bring up that traffic source – saving time and speeding problem resolution. They can email links to that “view” to other users, enabling fast sharing of data.
Forensics and Drill Downs
A strong case for having a NetFlow analyzer is the ability to troubleshoot network problems when there are no obvious errors or outages. NetFlow Traffic Analyzer allows administrators to drill-down to see not just volume, but also what kind of traffic is flowing through the network. So when network performance problems crop up, admins can instantly tell whether the cause is a single bandwidth hog or some other activity.
NTA does a nice job of enabling views that can be filtered down to specific time windows, a great way of looking back to determine the cause of an incident, and possibly pinpoint the source.
NTA adds another level of visibility into the network by helping to identify application traffic out of the general flow data. It can map common applications like Oracle, and many web applications like Facebook or online gaming sites.
So rather than a list of IP addresses and ports, admins see a readable, useful picture of exactly what kind of traffic is generated. This could be used to identify and shutdown bandwidth vampires, or perhaps to determine how much bandwidth to allocate to QOS queues, enabling better traffic management and possibly avoiding costly bandwidth upgrades.
Speaking of QOS, the NetFlow Traffic Analyzer can also help to manage your CBQOS policies. Admins can view traffic segmented by QOS policy, allowing them to confirm that queues are allocated appropriately for voice, video, or other critical applications.
Drawing on their history of making network monitoring tools, SolarWinds has enabled NTA to raise alerts when interfaces become saturated above a defined threshold. Alerts can be delivered via SMS Text, email, and other common notification methods.
The alerts can contain a couple of helpful items to pinpoint problems. The first is a list of top talkers – so you can instantly see who is generating the bulk of the traffic. The second is a direct link to details of the specific flow that triggered the alert – saving time by providing a quick way to jump to the NTA interface for further investigation.
SolarWinds’ NetFlow Traffic Analyzer is a must-have tool for any administrator who receives complaints that the network is slow – but can’t find the reason why. It provides deep insight into exactly what kind of traffic is flowing across the network, including details on what applications are being accessed and which devices are generating all of the traffic.
NTA is designed to be integrated with the SolarWinds Network Performance Monitor, which is their complete network monitoring system. NTA is available as an add-on module to Network Performance Monitor, and pricing starts at $1795 (USD) for 100 devices.
Unfortunately, that also brings up the only complaint with NTA – it’s not available as a standalone product, it must be purchased along with, and integrated into the full Network Performance Monitor product. There’s good reason for this – it provides a high level of detail, full SNMP management of devices, etc, but unfortunately doesn’t provide a good stand-alone option for businesses that may already have a full network management suite, and just want to add NetFlow analysis.
Other than that minor complaint, it’s a thoughtfully designed piece of software with a comprehensive UI providing a variety of ways to find the information you need.
If you need better insights into your network performance, then we recommend trying out a 30-day free trial of NetFlow Traffic Analyzer, or try out the online Live Demo environment to test out its abilities. Our bet? You’ll be surprised at what users are really doing with your bandwidth.