Most monitoring systems can tell you you that a port is being maxed out. You have to trace that traffic back to the switch its coming from and view all the ports connected there to see what is using the traffic. It can be time consuming and half way through the traffic can stop.
Netflow and sFlow can help with this.
Netflow is a feature that was introduced on Cisco routers that give the ability to collect IP network traffic as it enters or exits an interface. By analyzing the data that is provided by Netflow a network administrator can determine things such as the source and destination of the traffic, class of service, and the cause of congestion. Netflow consists of three components: flow caching, Flow Collector, and Data Analyzer.
sFlow uses sampling to achieve scalability and is, for this reason, applicable to high speed networks (gigabit per second speeds and higher). sFlow is supported by multiple network device manufacturers and network management software vendors.
An sFlow system consists of multiple devices performing two types of sampling: random sampling of packets or application layer operations, and time-based sampling of counters. The sampled packet/operation and counter information, referred to as flow samples and counter samples respectively, are sent as sFlow datagrams to a central server running software that analyzes and reports on network traffic; the sFlow collector.
You should try to use sFlow instead of netflow because of the performance hit. Netflow is more like port mirroring. Your device needs to support it and you need some software to analyze the data. There are lots of free and paid tools to do it. First step is contacting your vendor and asking them how you can configure it. You may be limited to netflow / port mirroring. In those cases you need to plug a laptop into the port on the device that's mirroring with the software running.
http://sflow.org/products/collectors.php
Free tool for netflow
http://www.solarwinds.com/products/freetools/netflow-analyzer.aspx
Solarwinds also offter a paid product.
No comments:
Post a Comment