     |
| |
|
Frequently Asked QuestionsTraffic Sentinel
Traffic Server and sFlow ProbeThe FAQ for Traffic Server and the sFlow Probe is maintained here. How do I migrate from Traffic Server to Traffic Sentinel?The document Migrating from Traffic Server 4 to Traffic Sentinel describes the steps involved in migrating an existing Traffic Server installation. The major differences between Traffic Server and Traffic Sentinel are described in Announcing InMon Traffic Sentinel. How much disk space does Traffic Sentinel require?The amount of disk space used by Traffic Sentinel is dependent on the size of the network and the amount of traffic it carries. For larger networks (200 - 1500 switches/routers) the space requirement falls in the range of 0.5 - 2.0 Gigabytes per day. A 300G disk would provide between 6 months and two years worth of storage. How do I adjust how much traffic history to keep?The amount of traffic history to keep is controlled by the following preference settings:
How do I configure email forwarding?Taffic Sentinel makes use of sendmail to deliver email. Typically you will want to configure sendmail to forward mail from Traffic Sentinel to your site mail server for delivery. The following steps configure email forwarding:
Which devices does Traffic Sentinel support?Traffic Sentinel relies on instrumentation embedded within switches and routers to provide the raw traffic information.
How do I filter on IP Multicast traffic?In Traffic Sentinel there are several database fields included to help with selecting unicast, multicast and broadcast traffic. They take the value 0 or 1. For example, to select only multicast traffic, add this filter:
compare also:
How do I print the maps and topN charts?The maps and real-time top N charts are Java applets. Some browsers do a poor job of printing applets, either loosing part of the chart or getting the scaling wrong. If your browser does not print the applet well, then alternatives are to create a bitmap of the chart (on windows with alt+print screen or on X-windows platforms with xwd (x-windows dump)) and then to print the bitmap. To improve the resolution, you can make the window larger. There are preference settingsto increase the height (in pixels) of the maps and charts. How do I configure Traffic Sentinel to receive Cisco NetFlow?Configure the routers with a flow-export timeout active of 5 minutes or less and direct them to forward NetFlow version 1, 5, 7 or 9 to the Traffic Sentinel on UDP port 9985 (Consult your router documentation for instructions on configuring NetFlow). To change the port that Sentinel is listening on, see the NetFlowPort preference setting. You can confirm that NetFlow packets are arriving at the server by running: % /usr/sbin/tcpdump -n udp port 9985
Even if you see packets arriving, you may still need to configure the software firewall on the server to allow these packets through to the application: % iptables --list
The source IP address of these packets should ideally be that of a loopback IP address on the router. To confirm that the packets are reaching the application, see the file: % more /usr/local/inmsf/mib/NetFlowProbe.mib
This file is updated every minute. The next test is to make sure that the Traffic Sentinel can make SNMP requests back to the IP address that the router is sending with: % /usr/local/inmsf/bin/systemwalk <router IP> <community string>
If this does not work, then you may need to change the router configuration to enable read-only SNMP access. To override the default community string for your router, create an agent entry in your configuration and then add a new SNMP setting just for that router. To override the default sampling-interval for your router, create an agent entry in your configuration and then add a new Sampling setting just for that router. However, if you have configured a sampling-interval on the router, then that setting will take priority and no further sampling will be applied. How do I extract traffic data for use in a billing system?Traffic Sentinel provides a powerful web-based query mechanism for extracting traffic data (see Tutorials:Scripting). Any HTTP capable tool can be used to make queries and extract aggregated totals suitable for charging for network usage. It is also possible to bypass the web-server and execute javascript queries directly on the server: % /usr/local/inmsf/bin/query < myquery.js
How much bandwidth does sFlow use?This example calculation shows that in a typical configuration sFlow traffic is less than 0.1% of the network bandwidth. You can use this as a basis for calculating network overhead in a specific network configuration. Assumptions
Calculation for a 100-interface switchInterface counter bits per second (ICBR) = 100*ICS*8*ICSR Flow samples per second (FSR) = NTR*PSR Flow sample bits per second (FSBR) = FSR*FS*8 Typically all 4 flow samples and the counter samples will fit in a single datagram sFlow datagram bits per second = ICBR + FSBR + (SDTO*8) = 2.88 + 6.4 + 0.53 = 9.81kbps This is approximately 0.1% of a 10Mb link. If the sampling rate is 1/100 the network overhead for the same traffic rate and packet size is 0.7% How can I add my own web pages to Traffic Sentinel?Traffic Sentinel web pages all have the web path http://<server>/inmsf/. By default, when you connect to the home page, you are redirected to the Traffic Ser/web pages. This behavior is controlled by the file /usr/local/inmsf/etc/apache/inmsf_httpd.conf. If you wish to replace the home page with your own, simply edit the inmon_httpd.conf file and comment out the redirect, then restart apache with: % /etc/init.d/httpd restart
You can now make changes to the web server's home page (typically in /var/www/html/). To access Traffic Sentinel, you will need to explicitly type in the /inmsf/ path in your URL. It is generally a good idea to create a link from the home page to Traffic Sentinel so that you don't need to remember the path extension. Creating your own home page is a good way to provide contact information, additional information about the network and links to other network management tools. You can also create your own customized reports and navigational screens with links to specific Traffic Sentinel pages, reports and charts. How do I configure NetFlow on my Cisco router?The exact commands to configure NetFlow vary between products and IOS releases. The best way to find the appropriate commands for your Cisco product is to search the Cisco web site. As a starting point, here are a few useful links: You need to configure the router to send NetFlow version 1, 5, 7 or 9 to port 9985 on the Traffic Sentinel server. Please ensure that the active flow cache timeout is set to 5 minutes or less. In order to allow Traffic Sentinel to provide long term trending you also need to ensure that you configure your switch or router to provide SNMP ifIndex Persistance. How do I configure JFlow on my Juniper router?The exact commands to configure JFlow vary between products and OS releases. The best way to find the appropriate commands for your Juniper router is to search the Juniper web site. As a starting point, here is an example configuration:
core-rtr-1-re1> show configuration forwarding-options
sampling {
input {
family inet {
rate 100;
max-packets-per-second 7000;
}
}
output {
cflowd 140.221.135.130 {
port 9985;
source-address 140.221.250.127;
version 5;
no-local-dump;
autonomous-system-type origin;
}
}
}
hash-key {
family inet {
layer-3;
layer-4;
}
}
How do I configure sFlow on my Foundry Networks switch?The following commands configure a Foundry switch to sample at 1-in-512 and send the sFlow packets to Traffic Sentinel (192.168.4.5) over UDP port 6343:
config> int e 1/1 to 1/8
You can also use the command: show sflow
to list the configuration settings. Additional information can be found on the Foundry Networks web site. How do I configure sFlow on my Force10 switch?The following commands configure a Force10 switch 192.168.1.1 to sample at 1-in-512 and send the sFlow packets to Traffic Sentinel (192.168.4.5) over UDP port 6343:
config> sflow collector 192.168.4.5 agent-addr 192.168.1.1
Then for each interface: interface> sflow enable
You can also use the command: show sflow
to list the configuration settings. Additional information can be found on the Force10 Networks web site. How do I configure sFlow on my Extreme Networks switch?The following commands configure an Extreme switch (192.168.1.1) to sample at 1-in-512 and send the sFlow packets to Traffic Sentinel (192.168.4.5) over UDP port 6343:
enable sflow
Additional information can be found on the Extreme Networks web site. How do I configure sFlow on my Hewlett-Packard ProCurve switch?The HP ProCurve switches support the standard sFlow MIB, so Traffic Sentinel can be configured to discover and configure them automatically. Ensure that the Traffic Sentinel is given the read-write community string, and has "manager" priviledges on the switch. For example: snmp-server community "private" Unrestricted
Next add an agent section for it in the Traffic Sentinel configuration, or add an agentrange section and then click File>Control>Scan For Agents. After a minute or two it should appear under Traffic>Status. As an alternative, many ProCurve switches also support sFlow configuration via the switch CLI. For example:
sflow 1 destination 192.168.1.1
Additional information can be found on the HP ProCurve web site. How do I configure sFlow on my Alcatel-Lucent OmniSwitch?The Alcatel-Lucent OmniSwitches support the standard SNMP MIB, so Traffic Sentinel can be configured to discover and automatically configure these switches to send sFlow. Ensure that the Traffic Sentinel is given the read-write community string. Then add an agent section for the switch in the Traffic Sentinel configuration (or add an agentrange section and then click File>Control>Scan For Agents). Ensure that the switch is also configured with an appropriate loopback address so that Traffic Sentinel can uniquely identify the switch (see below).
Alcatel-Lucent OmniSwitches can also be configured by the command line to send sFlow. The following commands configure an OmniSwitch (192.168.1.1) to sample at 1-in-512 and send sFlow to the Traffic Sentinel (192.168.4.5) over UDP port 6343:
ip interface loopback0 192.168.1.1
How do I programmatically update the Traffic Sentinel configuration file?The Perl script /usr/local/inmsf/bin/postConfig.pl can be used to POST a new XML configuration file to a Traffic Sentinel. This is is equivalent to submitting a new file manually using the "File > Configure > XML" option. Which ports does Traffic Sentinel use when monitoring a network?Traffic Sentinel makes use of a number of ports and services in order to monitor network traffic. Understanding which ports are required is helpful in setting access control/firewall controls.
How can I see which end hosts are connected to each switch port?Traffic Sentinel attempts to keep an uptodate record of which end host is connected to which switch port, using a combination of sFlow and SNMP data. This information can be accessed in a number of ways:
How can I install Traffic Sentinel on a VMWare virtual machine?Linux can be installed on a VM, but there are clock interrupt distribution issues that affect Traffic Sentinel. A work-around is available, but it forces you to use only a single-processor configuration, so it is not recommended:
These requirements may change as more work is done to improve linux VMs - particularly with newer linux kernels (2.6.21 or later). Please let us know if you find anything new. How can I change the hostname to match the software key?If the software key is rejected with "bad value" it is often because the hostname of the server does not match the fully-qualified hostname (e.g. "sentinel.mycompany.com") encoded in the key. Here are the steps to change the hostname on the linux server so that the key is accepted:
What files should I backup to save all traffic data and configuration?The following directories should be backed up in order to ensure that all configuration changes are preserved: /usr/local/inmsf/private /usr/local/inmsf/report /usr/local/inmsf/widget /usr/local/inmsf/etc /usr/local/inmsf/data <---large! If moving to new hardware, make a fresh install on the new server before transferring the above files across, and be careful to ensure that all directories and files can still be read or written by the user "inmsf". How do I configure Traffic Sentinel to use HTTPS?Traffic Sentinel uses the Apache web server as its front end. By default you should be able to connect to Traffic Sentinel using HTTPS, but it is likely that your browser will create numerious security warnings relating to the security certificate. The document Apache HTTP Secure Server Configuration describes the steps needed to install a valid certificate. Once you have installed the certificate you should be able to connect to Traffic Sentinel using the URL https://<server>/ without receiving any warning messages. If you want to automatically redirect all requests to HTTPS, then the following lines need to be added to the beginning of your /usr/local/inmsf/etc/apache/inmsf_httpd.conf file:
# Redirect All HTTP requests to HTTPS
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]
After making these changes you will need to restart Apache using the command: /sbin/service httpd restart How can I configure Traffic Sentinel to authenticate using LDAP, EAP, PAM, MSCHAP, CHAP... ?Traffic Sentinel supports two authentication schemes for verifying user passwords:
A RADIUS server can be used to bridge RADIUS authentication requests into other authentication protocol using the following steps:
How can I integrate Traffic Sentinel with HP ProCurve Manager Plus?Example configuration files and step-by-step instructions are provided here. |
 |
Copyright © 1999-2008 InMon Corp. ALL RIGHTS RESERVED. Sitemap |