Traffic Flow Analyzer - Example

The following describes typical situations where flow is useful. When ports are over-utilized because of intermittent performance problems diagnosis of the problem sometimes difficult. Turn on flow traffic data collection to evaluate who, what applications, and so on, are responsible for the traffic on the affected ports. This avoids getting overwhelmed with collection of traffic going in all directions. Follow these steps to do this:

1. From the Resources monitor, select a desired router that has support for sFlow

2. Enable sFlow on most impacted routers that support sFlow. Also, register a number of exporters to enable an efficient and scalable data collection environment.

You can disable sFlow and unregister exporters.

3. After sFlow has been running for a while, verify that bandwidth utilization is within expectation. This will help insure optimum performance of critical business applications.

4. Select the Top 5 Applications portlet (or add it to the page).

5. From the list of the Top 5 Applications, you’ll typically see most bandwidth is being consumed by the key applications in our organization.

Alternative 1

6. To ensure bandwidth is not being hijacked by unauthorized or unwanted video or music streaming applications, select the Top 5 Conversations.

7. Often the top conversation is video streaming software.

8. To answer “Where and who is running this rogue application?,” drill down into the conversation to see End points involved in the conversation. This identifies the user running the streaming application. You could now go and stop (or block) this rogue application.

Alternative 2

An alarm indicates port X is surpassing its threshold. If the port has become a bottleneck in the overall network bandwidth, we want to identify what applications are at cause, and who is responsible for running them.

1. Look in the Top 5 Traffic Flow Endpoints portlet.

2. From the list of the Top 5 Endpoints, you will typically see that port X is high on the list.

3. Expand the portlet and drill down into the port X endpoint to see what are the top conversations going through port X.

4. Drill down into conversations to identify any unauthorized applications.

5. Drill down further to identify users of any unauthorized applications

6. Now, go stop them!