Editor’s note: HP Software recently announced the launch of six free network utilities. This series of blog posts provides short overviews of how each tool can help you manage your network.
Do you know what apps are hogging your network? Checking your network interfaces for utilization and errors isn’t enough. When monitoring your network, it’s important to measure your network traffic in order to quickly isolate hotspots like top talkers, top applications and others.
The HP Network Flow Analytics is a free lightweight and flexible utility that provides a web-based console for viewing application and router traffic data in easy-to-understand Treemaps. This blog post will take you through how you can use Network Flow Analytics to more accurately understand the traffic patterns of your enterprise network.
What it does
Network Flow Analytics listens to netflow packets from routers on a certain port (default 9996) and stores the volume of traffic per router in a database. It also categorizes the traffic by application based on the destination port numbers—this is based on the IANA port specification for standard applications.
A set of Treemaps for nodes and applications is generated by exporting NetFlow packets from the network devices of interest to the utility’s NetFlow collector.
Working with the tool
First, make sure that the JAVA_HOME file from the TrafficLite folder is set to a proper location that has JDK 1.6 version installed.
After starting the utility (run TrafficLite\bin\startTool.bat), ensure that the router is forwarding netflow packets (version 1 or version 9) to the 9996 port on the machine where you have installed the tool. You can check using Wireshark software to confirm if packets are coming to this port.
To launch the Performance View, use the URL http://<your machine>:8081/PV
The Tree Map view is useful for identifying the top traffic contributors and hotspots. It color-codes and sizes elements based on two metrics.
The Node Tree Map (Figure 1) shows all the routers. The color is based on the number of in-bytes reported by the router while the size is based on the number of unique applications detected on the router.
The Application Tree Map (Figure 2) shows all the applications detected in the network based on the destination port mapping. The color is based on the number of in-bytes reported by the router while the size is based on the number of unique flows detected for the applications.
The Application for Node Tree Map shows all the applications detected in the network on a per node basis. The color is based on the number of in-bytes reported by the router while the size is based on the number of unique flows detected for the applications.
Several operations can be performed on the Tree Map elements, including:
Workbench launch—The operator can select a particular element and launch the performance workbench with the context set for that element.
Drill down—The operator can drill down by double-clicking on the element. If there is a second level tree-map available then it will expand the current element into the second level tree map. For example, the node tree map can be expanded by double-clicking on a single node to show the applications for the node.
Grouping—The operator can group by higher level entities. For example, in the Application Node tree map, the operator can group by routers which will show the application detected on that particular router. One can also switch between routers by clicking on the top hand right side.
With this operational view (Figure 4), the user can see all the entities being monitored. The LHS Tree shows two primary sub-trees:
1) Applications—this lists all the applications detected in the network by analyzing traffic flows
2) Nodes—this lists all the routers that are sending flows to the tool. Each node can be further expanded to show the applications detected on that node.
When an entity is selected, the metrics that are available for graphing are shown in the middle pane. To create a line graph of the metric for the selected entity, drag the metric into the graphing area on the right. The user can also draw graphs by selecting multiple entities of the same type, or multiple metrics for a set of entities.
Mark is currently employed by Hewlett-Packard's Professional Services (PS) organization and serves as a Lead Solutions Consultant for HP's Business Service Management (BSM) set of HP software products. Mark is responsible for HP Software architecture and solution design for HP's comprehensive IT Performance Management solutions. Mark works with some of HP's largest customers within the continental United States. Mark comes from a strong background of understanding an organizations business needs for monitoring modern day business applications. Mark has held many different and challenging positions and responsibilities over the years at Hewlett-Packard Company including roles as a Senior Product Marketing Manager for HP's Network Management Center of products and has held various software presales roles including Dedicated Network Consultant, District Presales Leader and Solutions Consultant. Mark understands the many challenges that face network operators and corporations today and can craft management solutions from the smallest to the largest of enterprises. Mark enjoys working with leading edge technology as that engineered by HP Software.