NetFlow traffic analysis per interface

This support forum board is for support questions relating to Nagios Network Analyzer, our network traffic and bandwidth analysis solution.
Locked
johnycled
Posts: 6
Joined: Fri Aug 04, 2017 3:59 am

NetFlow traffic analysis per interface

Post by johnycled »

We are currently running Nagios XI and Netflow Analyzer in our datacenter.
XI works great, but we've some trouble with NA.

When configuring netflow on our cisco C3850, we can only set one udp port for Netflow to be sent on.
After enabling netflow on each interface of the switch all flow data are collected and sent through one single UDP port (the one we configured).

The data presented in Nagios NA address the traffic for the whole switch (kind of global analysis of the traffic on all interfaces of the switch)

We would like to have netflow traffic analysis on each interface of the switch just like Nagios XI provides bandwidth usage on each interface of the switch.
Is there a specific config to apply to the switch or on Nagios NA side ?
Or can we have this netflow traffic analysis per interface (eg: TenGigabitEthernet1/0/3) by creating views or using advanced custom queries ?

By the way, we have a support contract. I wanted to submit this ticket in Customer support forum but I couldn't see "NEWTOPIC" Button.

Thanks,
John.
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: NetFlow traffic analysis per interface

Post by tgriep »

In NNA, there is not a way to display any data based on which interface the traffic is coming in or out of. The reporting in NNA can only report on IP address and ports, not physical interfaces.
If you can setup your network device to capture and send flow data from multiple interfaces at once, you could setup separate sources in NNA and use that to run the top talkers reports and queries for the different sources.

To get access to the Customer section of the forums, you would have to send an email to sales@nagios.com with your username and contract information and they can add your account to those forums.
Be sure to check out our Knowledgebase for helpful articles and solutions!
johnycled
Posts: 6
Joined: Fri Aug 04, 2017 3:59 am

Re: NetFlow traffic analysis per interface

Post by johnycled »

tgriep wrote:In NNA, there is not a way to display any data based on which interface the traffic is coming in or out of. The reporting in NNA can only report on IP address and ports, not physical interfaces.
If you can setup your network device to capture and send flow data from multiple interfaces at once, you could setup separate sources in NNA and use that to run the top talkers reports and queries for the different sources.

To get access to the Customer section of the forums, you would have to send an email to sales@nagios.com with your username and contract information and they can add your account to those forums.
Many thanks tgriep for your reply

I can indeed enable/disable netflow on each interface of the switch but I can only configure one single UDP port for Netflow on the device which means one netflow source in NNA for the device.

I wrote a mail to sales yesterday till now I have no answer. I specified in the mail my forum ID (johnycled) and our customer number.
is there any other information I should provide?

Thanks in advance for your reply
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: NetFlow traffic analysis per interface

Post by tgriep »

Your welcome. I think you have to have a 4500 series switch to have the ability to send flow data to multiple exporters.

I checked our system and it looks like your forum account is added to your account so you should be able to login to the Customer section.
Be sure to check out our Knowledgebase for helpful articles and solutions!
johnycled
Posts: 6
Joined: Fri Aug 04, 2017 3:59 am

Re: NetFlow traffic analysis per interface

Post by johnycled »

tgriep wrote:Your welcome. I think you have to have a 4500 series switch to have the ability to send flow data to multiple exporters.

I checked our system and it looks like your forum account is added to your account so you should be able to login to the Customer section.
I got an answer from sales and I did the necessary to add my account into our support account. Please let me know if I should move this thread into the customer support.

As we have others devices in the datacenter such as cisco 1001-X, cisco 2960x and fortigate 600D on which we intend to configure netflow too, I wanted to know if this issue of netflow analysis per interface is due to :

- a limitation of NNA (which doesn't offer this ability)
- the device (may be the switch we configured doesn't have this feature)
- a limitation of netflow protocol ( layer 3 protocol and can't provide layer 2 information)

You answer will help finding how we can overcome the issue and eventually close this ticket.
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: NetFlow traffic analysis per interface

Post by tgriep »

The ability to view flow data per physical interface is a limitation of NNA at this time.
Be sure to check out our Knowledgebase for helpful articles and solutions!
johnycled
Posts: 6
Joined: Fri Aug 04, 2017 3:59 am

Re: NetFlow traffic analysis per interface

Post by johnycled »

Hello tgriep,

Noted. Thank you for the support.
User avatar
tgriep
Madmin
Posts: 9177
Joined: Thu Oct 30, 2014 9:02 am

Re: NetFlow traffic analysis per interface

Post by tgriep »

Your welcome.
Be sure to check out our Knowledgebase for helpful articles and solutions!
Locked