tag:blogger.com,1999:blog-92135800125214195032024-03-13T02:03:34.379+00:00sFlowTrendsFlowTrend tips and tricksSoniahttp://www.blogger.com/profile/09620068261717712566noreply@blogger.comBlogger11125tag:blogger.com,1999:blog-9213580012521419503.post-88086192636019248652019-10-30T12:28:00.000+00:002019-10-30T12:28:36.613+00:00Filtering on traffic between subnetsWhen looking at sFlowTrend traffic graphs and reports, sometimes you will want to focus on specific traffic of interest, for example understanding traffic patterns between subnets. To do this you can use a filter in a network traffic Top N chart or report. The help includes a section on <a href="https://inmon.com/products/sFlowTrend/help/html/filters.html" target="_blank">filtering</a> which outlines how to build filters. The UI for both network traffic TopN charts and report query sections includes a filter builder. The filter builder has a dropdown menu that lists the traffic database keys that can be used as filter terms. You can also use filter functions in a filter and these filter functions can be typed directly into the filter bar. One such filter function is the inSubnet function. There are two forms of the <i>inSubnet</i> filter function:<br />
<h2>
<b>inSubnet(address, subnet, maskBits)</b></h2>
<div>
In this form <b>address</b> is the database <a href="https://inmon.com/products/sFlowTrend/help/html/reference.fields.html#reference.fields.flows" target="_blank">address key field</a> that you would like to test (for example <b>ipServer</b>), <b>subnet </b>and <b>maskBits</b> define the subnet to test against for inclusion. For example <b>inSubnet(ipServer, "10.1.5.0", 24)</b> will return true for any IP server address that is in subnet 10.1.5.0/24. Note the quotes <b>""</b> around the subnet address. </div>
<div>
<br />
This form of the filter function can also be used for testing IPv6 addresses for subnet inclusion. For example the <b>inSubnet(ipSource, "2001:db8:a::", 64)</b>, can be used to show traffic sourced by any address in the subnet 2001:db8:a::/64.</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVAxro7PNsfImbrzxwudmzEDm1HrW0tXCtEop3qNzTb25m-XoWmN3fhg7r8EmmCRMMT1S05196FuKzHeLo3kFAzJgtVJXvHnI44oruNB3nqgJNftdnpn5Q1eao1zCIURIM3c-yroGYqnM/s1600/Screenshot+2019-10-30+at+11.31.44.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="910" data-original-width="1026" height="566" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVAxro7PNsfImbrzxwudmzEDm1HrW0tXCtEop3qNzTb25m-XoWmN3fhg7r8EmmCRMMT1S05196FuKzHeLo3kFAzJgtVJXvHnI44oruNB3nqgJNftdnpn5Q1eao1zCIURIM3c-yroGYqnM/s640/Screenshot+2019-10-30+at+11.31.44.png" width="640" /></a></div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
This example shows the top connections for server addresses in the 10.1.5.0 subnet. It also uses a custom Top N chart that includes serverAddress, serverPort, clientAddress as key fields, so that the connections are not broken out by ephemeral client port. See the help for more information on configuring <a href="https://inmon.com/products/sFlowTrend/help/html/network.topn.html#network.topn.charts.custom" target="_blank">Custom Top N charts</a>.</div>
<h2>
<b>inSubnet(address, subnetName)</b><span style="font-size: small; font-weight: normal;"> </span></h2>
<div>
In this form, <b>address</b> is the database address key field that you would like to test (for example <b>ipSource</b>) and <b>subnetName</b> has previously been defined as a subnet in the sFlowTrend configuration (see the help section on <a href="https://inmon.com/products/sFlowTrend/help/html/configuration.subnets.html" target="_blank">configuring subnets</a>). For example <b>inSubnet(ipSource, "East Bay")</b> will return true for any IP source address that is in the predefined subnet named East Bay.</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie-ojZn-hRSc_Va2D6dx_x1DmJ69TovsoEv_WLgOs0j_421PdKxEDlXe60rUH2TbIsNRatGMtDPcXRFhQ1VUsTPVfZgHHRnHG0fWFd3b_DFZHYB6kQqBR-y1uVBcsof9lU8L5d94LUH7M/s1600/Screenshot+2019-10-30+at+11.49.47.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" data-original-height="910" data-original-width="1025" height="566" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEie-ojZn-hRSc_Va2D6dx_x1DmJ69TovsoEv_WLgOs0j_421PdKxEDlXe60rUH2TbIsNRatGMtDPcXRFhQ1VUsTPVfZgHHRnHG0fWFd3b_DFZHYB6kQqBR-y1uVBcsof9lU8L5d94LUH7M/s640/Screenshot+2019-10-30+at+11.49.47.png" width="640" /></a></div>
<br /></div>
Soniahttp://www.blogger.com/profile/09620068261717712566noreply@blogger.comtag:blogger.com,1999:blog-9213580012521419503.post-44169711131530515682017-04-27T11:27:00.002+01:002017-04-27T11:27:53.219+01:00Running sFlowTrend in a Docker containersFlowTrend is now available as a Docker image. Docker makes it really easy to try out sFlowTrend, and you can also use it as a convenient way to run it in production. It will work for both the free sFlowTrend, or for sFlowTrend-Pro - just select the free option, or enter your license number in the System Configuration>License dialog.<br />
<br />
To run sFlowTrend in Docker, use the command<br />
<br />
<code>
docker run -v /var/local/sflowtrend-pro:/var/local/sflowtrend-pro -p 6343:6343/udp -p 8087:8087 -p 8443:8443 -h sflowtrend-pro -e TZ=Europe/London -d --restart unless-stopped sflow/sflowtrend</code><br />
<br />
This will run the latest version of sFlowTrend. You can select a specific version using the appropriate tag, e.g. <code>sflow/sflowtrend:6.5.04</code>. See the docker hub repository at <a href="https://hub.docker.com/r/sflow/sflowtrend/">https://hub.docker.com/r/sflow/sflowtrend/</a> for more information on the versions available. Some explanation of the command line options used is worthwhile:
<br />
<ul>
<li><code>-v /var/local/sflowtrend-pro:/var/local/sflowtrend-pro</code> mounts the specified directory on the host at <code>/var/local/sflowtrend-pro</code> in the container. This means that the data and configuration will be persistent, and available in this location. Instead of this, you could optionally use a Docker volume, in which case the persistent data would be in the volume. If you don't specify the volume, the data will be lost from one container to the next - this might be OK for evaluation purposes.</li>
<li><code>-p 6343:6343/udp -p 8087:8087 -p 8443:8443</code> publishes the required network ports. You can map the ports used in the container to something different on the host if you like. UDP port 6343 is the sFlow port, and if you use something else then your network infrastructure would need to be configured to send sFlow on the new port. Port 8087 is used for the http connection for the sFlowTrend web client, and port 8443 for the https connection; if you change these, then the new port would need to specified in the web browser you are using to connect to sFlowTrend.</li>
<li><code>-h sflowtrend-pro</code> sets the hostname of the container. This is important if you are using sFlowTrend-Pro: you would need to use the hostname that matches your license. The hostname is also shown on the dashboard.</li>
<li><code>-e TZ=Europe/London</code> sets the timezone of the container. All data in sFlowTrend is shown in this timezone, so it is important that you set it correctly for your location. You can use a standard <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones" target="_blank">Linux timezone identifier</a> here.</li>
<li><code>-d</code> runs the container in the background.</li>
<li><code>--restart unless-stopped</code> automatically starts the container when the Docker engine starts.</li>
</ul>
When you first run sFlowTrend in Docker, the latest version will be pulled from the Docker hub. After this, because it is cached locally, on future runs it will run the same version. If a new version of sFlowTrend has been released, you can force this to be downloaded using the command<br />
<ul>
</ul>
<div>
<code>docker pull sflow/sflowtrend</code></div>
<div>
<br /></div>
<div>
<h3>
Configuring sFlow using SNMP in a container</h3>
sFlowTrend has the ability to configure sFlow on some switches <a href="http://inmon.com/products/sFlowTrend/help/html/appendix.switch-sflow.html#appendix.switch-sflow.snmp" target="_blank">using SNMP</a>. This works with only a few vendors devices, but can be easier than using the CLI on the switch to set up sFlow. If you are using SNMP to configure sFlow with sFlowTrend in a Docker container, then you have to ensure that sFlowTrend knows the correct address to use for sFlow data. This is because, using the default Docker network (<code>bridge</code>), the container is effectively run behind a logical NAT device. The easiest way to set this up is to first run the container as above, and then stop it after 10 seconds or so; this will create the file structure and empty configuration file in <code>/var/local/sflowtrend-pro</code>. Then follow the instructions for the configuration option <code>sflowtrend.natReceiverAddress</code> at <a href="http://inmon.com/products/sFlowTrend/help/html/advanced.html#advanced.configuration.server">http://inmon.com/products/sFlowTrend/help/html/advanced.html#advanced.configuration.server</a>.<br />
<br />
When you run the container a second time, the address you entered will be available in the System Configuration option for the sFlow receiver address. Select this, and the sFlow data should be directed to that address.<br />
<br /></div>
Stuarthttp://www.blogger.com/profile/08107355293650741699noreply@blogger.com0tag:blogger.com,1999:blog-9213580012521419503.post-727801802157740462017-02-27T18:59:00.000+00:002017-02-27T18:59:30.267+00:00Using sFlowTrend to analyse IEEE 802.1ah (PBB or MAC-in-MAC) trafficThe Provider Backbone Bridges (PBB or MAC-in-MAC) standard IEEE 802.1ah defines an architecture and protocol that allows service providers to build large, scalable ethernet bridged networks, interconnecting multiple Provider Bridge networks without losing each customer's individually defined VLANs. It operates using a MAC tunnelling scheme in which a customer packet, including MAC addresses, is encapsulated in a new ethernet frame with new MAC addresses (the backbone bridge MAC addresses). This eliminates the need for backbone core bridges to learn all MAC addresses of every customer and provides complete separation of provider and customer domains. However, visibility of both the backbone traffic and the encapsulated customer traffic is important for troubleshooting configuration problems and managing performance. sFlowTrend (version 6.5 onwards) understands the IEEE 802.1ah frame format, decoding the outer backbone header and the inner customer frame. Here is an example of using sFlowTrend-Pro to gain full visibility of traffic in a PBBN.<br />
<br />
The diagram below illustrates a typical IEEE 802.1ah PBB frame and shows the key fields used by sFlowTrend-Pro to represent the header fields. The sFlowTrend-Pro <a href="http://www.inmon.com/products/sFlowTrend/help/html/reference.fields.html#reference.fields.flows" target="_blank">help</a> gives a full list of the MAC, VLAN, priority, and IEEE 802.1ah key fields.<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWIiPz38HIwdl54Lyt3aMsh5VBMJtS3-j1Mf3uQ5Ui7Q2Sj-JwVIqDUurx2dBNyEDZf16jKRJHIQjzmh1Og8pk9lAIyhCXyXPvqz31HAVXVDdzR3XBnS5_NuUMm2SaDudRc6TgtZUyQ6Q/s1600/PBB.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="330" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWIiPz38HIwdl54Lyt3aMsh5VBMJtS3-j1Mf3uQ5Ui7Q2Sj-JwVIqDUurx2dBNyEDZf16jKRJHIQjzmh1Og8pk9lAIyhCXyXPvqz31HAVXVDdzR3XBnS5_NuUMm2SaDudRc6TgtZUyQ6Q/s400/PBB.png" width="400" /></a></div>
<br />
<br />
One way to view the details of traffic in a PBBN, is to use the <i>Network > Top N</i> tab and create a <a href="http://www.inmon.com/products/sFlowTrend/help/html/network.topn.html#network.topn.charts.custom" target="_blank">custom top N chart</a>.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7d7CydsbKmlU5TsvQu1LrHbhTquIQcX1gYo24MTO9Lq4NvYewwAzyO6Eobozjg9sfcBgqpe_hI1RLuugWpFwHwt-fMQue_LWGLC9-kZlK5lwB990_dIbIvvw9dMim53QoDn-BUvoRkGk/s1600/SFTv6_5-PBB-edit-custom.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="416" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7d7CydsbKmlU5TsvQu1LrHbhTquIQcX1gYo24MTO9Lq4NvYewwAzyO6Eobozjg9sfcBgqpe_hI1RLuugWpFwHwt-fMQue_LWGLC9-kZlK5lwB990_dIbIvvw9dMim53QoDn-BUvoRkGk/s640/SFTv6_5-PBB-edit-custom.png" width="640" /></a></div>
<br />
<br />
<br />
In this example we have build a custom top N chart showing the backbone header fields and the MAC and IP addresses and VLAN in the customer frame. Selecting this custom top N chart from the <i>Chart</i> selection list, generates a chart showing the details of the PBB traffic.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmPI3HddW7HSK2gwRnVkNS2X_I0Eub7GqVbRbngGg6RbOyK_aZZw0D8Bj2WWdRcp0hx3WYkRZZkiSR5Cu-zQs3e_oJ7Lcm2QrIuU6t2L_JyUuaCEF5nBiW_c7dcGVVrwKXPOy8q2Pni9A/s1600/SFTv6_5-PBB.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="416" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhmPI3HddW7HSK2gwRnVkNS2X_I0Eub7GqVbRbngGg6RbOyK_aZZw0D8Bj2WWdRcp0hx3WYkRZZkiSR5Cu-zQs3e_oJ7Lcm2QrIuU6t2L_JyUuaCEF5nBiW_c7dcGVVrwKXPOy8q2Pni9A/s640/SFTv6_5-PBB.png" width="640" /></a></div>
<br />
<br />
<br />
<br />
<br />Soniahttp://www.blogger.com/profile/09620068261717712566noreply@blogger.com0tag:blogger.com,1999:blog-9213580012521419503.post-36785054685475953492017-02-27T11:21:00.000+00:002017-02-27T11:25:16.642+00:00Using sFlowTrend to analyse tunnelled and encapsulated trafficLayer 3/4 tunnels (Geneve, GRE, NVGRE, VXLAN) are often used to virtualise network services so that communication between virtual machines can be provisioned and controlled without dependencies on the underlying network. Hiding the physical network topology is a useful abstraction which offers a significant benefit of operational flexibility, however lack of visibility into the physical and virtual network can result in poorly placed workloads, inefficient use of resources and as a consequence, performance problems. sFlowTrend-Pro v6.5 provides the comprehensive visibility into tunnelled traffic which is essential for effective management of these more complex environments. Here is an example of how you can use sFlowTrend-Pro to understand and analyse tunnelled traffic.<br />
<br />
sFlowTrend-Pro recognises VXLAN tunnelled traffic using the well known port UDP 4789. It then decodes the encapsulated packet in the UDP payload and stores the encapsulated packet header fields using key fields such as <i>sourceAddress.1, destinationAddress.1</i> etc. It also records the VXLAN Network Identifier (VNI). The sFlowTrend-Pro <a href="http://www.inmon.com/products/sFlowTrend/help/html/reference.fields.html#reference.fields.flows" target="_blank">help</a> includes a section on L3/4 encapsulations which lists the key fields available for tunnelled traffic. One way to view a VXLAN tunnel is to <i>Network > Top N</i> tab and select the <i>Top source-destination flows</i> chart and then add a filter <i>isVXLAN:</i><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqqTnnAh9b-XMBk8L7owaBeUP-YMhEgaC7JRAtLah6WT5EWEp5lNPgPyPoZ2ZmANAvlIiUZCUaMK7JhT1GhioaCCqKjktNnUbg-O-QYMz4FVGx1NOKlDOH5gdb32kCTwyH1-hZ3QjYKo4/s1600/SFTv6_5-isVXLAN.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="415" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqqTnnAh9b-XMBk8L7owaBeUP-YMhEgaC7JRAtLah6WT5EWEp5lNPgPyPoZ2ZmANAvlIiUZCUaMK7JhT1GhioaCCqKjktNnUbg-O-QYMz4FVGx1NOKlDOH5gdb32kCTwyH1-hZ3QjYKo4/s640/SFTv6_5-isVXLAN.png" width="640" /></a></div>
<i><br /></i>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
If you click on the source and destination address in the legend, you can also add the tunnel end points to the filter:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhGWrANZ-HnqIK2S_JpcByHvEW2DixK5N6BZfy8XQPYYaQtQ-4TWRmctRYY51ER1ezIpz7gSk0kmzd1ecBCNEKBRVET021sj_FtMsrWI_8Fz1JL-IdF1DsSFDPMVxFhH3zLyHLYuzH7cE/s1600/SFTv6_5-isVXLAN-src-dest.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="416" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhGWrANZ-HnqIK2S_JpcByHvEW2DixK5N6BZfy8XQPYYaQtQ-4TWRmctRYY51ER1ezIpz7gSk0kmzd1ecBCNEKBRVET021sj_FtMsrWI_8Fz1JL-IdF1DsSFDPMVxFhH3zLyHLYuzH7cE/s640/SFTv6_5-isVXLAN-src-dest.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
To see the traffic inside the tunnel, you can build a <a href="http://www.inmon.com/products/sFlowTrend/help/html/network.topn.html#network.topn.charts.custom" target="_blank">custom top N chart</a> (click on the edit button next to the <i>Chart </i>selection list):<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZFtjmn317enc57gOOLavCl3OQD_wWWSRzyjy8D50_ko87lCOB1rn5tP9GstKzhEsEYOy0V5NgstvnHNvXuvB1yOs5vE_IGhVpJljkQBPKVN-RXa9qMmpJNpEsc4Imno5Uwbe8K-mpXU0/s1600/SFTv6_5-VXLAN-edit-custom.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="416" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjZFtjmn317enc57gOOLavCl3OQD_wWWSRzyjy8D50_ko87lCOB1rn5tP9GstKzhEsEYOy0V5NgstvnHNvXuvB1yOs5vE_IGhVpJljkQBPKVN-RXa9qMmpJNpEsc4Imno5Uwbe8K-mpXU0/s640/SFTv6_5-VXLAN-edit-custom.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
In this example we have built a custom Top N chart with fields <i>vni, sourceAddress.1, sourcePort.1, destinationAddress.1, destinationPort.1</i>. Selecting this custom top N chart from the <i>Chart</i> selection list, generates a chart showing the details of the traffic flows carried by the tunnel that we are filtering on:<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijdKrS1OrXbS1QDC_lis0_OMIGy3nQSa2AOIdWbr0Be1LO2mvPKCkx8HOjzK5xEUdvBbeCQAFLLcgMFuaELZRPCI-u_0VCQvS2ncZdi5Alj7_5u-VDc5bC40Zaw38ckqS3FO2nUZ4cu70/s1600/SFTv6_5-VXLAN.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="414" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijdKrS1OrXbS1QDC_lis0_OMIGy3nQSa2AOIdWbr0Be1LO2mvPKCkx8HOjzK5xEUdvBbeCQAFLLcgMFuaELZRPCI-u_0VCQvS2ncZdi5Alj7_5u-VDc5bC40Zaw38ckqS3FO2nUZ4cu70/s640/SFTv6_5-VXLAN.png" width="640" /></a></div>
You can use a similar technique to look at traffic flows carried by other tunnelling protocols (Geneve, GRE, NVGRE).<br />
<br />
You can also create reports using the <i>Reports</i> tab and creating a query section using <i>Advanced settings</i> to select key fields for encapsulated packets.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8nie0z7U2AfwLipmjOC8fgUOOkYlJI0DNgCGbisnfIZ9ceHNAwq2v0PrWSJBfFMrpDgUoucze6YT9fUKL-GzWJogNqPhXJlHm52nr4HrvoBc_xgtmxYlEcIYndQMtbc8frd0wLt9P1xU/s1600/SFTv6_5-VXLAN-rpt-query.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="416" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8nie0z7U2AfwLipmjOC8fgUOOkYlJI0DNgCGbisnfIZ9ceHNAwq2v0PrWSJBfFMrpDgUoucze6YT9fUKL-GzWJogNqPhXJlHm52nr4HrvoBc_xgtmxYlEcIYndQMtbc8frd0wLt9P1xU/s640/SFTv6_5-VXLAN-rpt-query.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-a54cdhF3asONl0siFMmfKSKxjlIXBRMRJlALBdsi4tAPJ23MvR6BueAj2u2_IlW6WbCbAdYxCJygxnVNXaicZVTFSoqR6ikDthATbBHECyw0B7FKcROYi9WMII9QDrG7nq32tQXPpeM/s1600/SFTv6_5-VXLAN-report.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="416" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh-a54cdhF3asONl0siFMmfKSKxjlIXBRMRJlALBdsi4tAPJ23MvR6BueAj2u2_IlW6WbCbAdYxCJygxnVNXaicZVTFSoqR6ikDthATbBHECyw0B7FKcROYi9WMII9QDrG7nq32tQXPpeM/s640/SFTv6_5-VXLAN-report.png" width="640" /></a></div>
<br />Soniahttp://www.blogger.com/profile/09620068261717712566noreply@blogger.com0tag:blogger.com,1999:blog-9213580012521419503.post-58659687954290840212017-01-10T18:20:00.000+00:002017-01-10T18:20:30.093+00:00Upgrading sFlowTrendsFlowTrend will tell you when a new version is available, if it has internet access. You can also check using <span style="font-family: "courier new" , "courier" , monospace;">Configuration>Check for updates</span> in the web client.<br />
<br />
<div>
To upgrade sFlowTrend, you just need to install the new software on top of the old. There's no need to uninstall first, that is all taken care of by the installer. The one thing that is important to remember is to use the same version of installer as you did for the initial install:<br />
<ul>
<li>If you used the 32-bit Windows installer, update using the 32-bit installer. Just run the new installer, and it will uninstall the old version and install the new one.</li>
<li>If you used the 64-bit Windows installer, update using the 64-bit installer. Again, just run the new installer.</li>
<li>If you used the interactive Linux installer, use this to upgrade, again by running the new installer.</li>
<li>If you used a Linux rpm package to install, then upgrade using the command</li>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"># rpm -Uvh sFlowTrend-linux-version.rpm</span></div>
<li>If you used a Linux deb package to install, then upgrade using the command</li>
<div>
<span style="font-family: "courier new" , "courier" , monospace;"># dpkg -i sFlowTrend-linux-version.deb</span></div>
</ul>
If you want to change how sFlowTrend is installed (eg, from the Linux interactive installer to a package), then you must first uninstall sFlowTrend using the original method. This will not remove any configuration or data. Then install using the new method. If sFlowTrend was originally installed using the interactive installer, you can use the uninstall program located in the main installation directory to uninstall it.<br />
<br /></div>
<div>
The data and configuration should not be affected when upgrading, but you can of course back this up to be sure. The best way is to stop the sFlowTrend-Pro service, then just copy all of the contents of the sFlowTrend-Pro data directory (this is called the home directory in the user interface, you can see it using options dialog in the Java client or the system config dialog in the web client). Once you have copied it (or zipped or tared it up as appropriate), then restart the service.</div>
Stuarthttp://www.blogger.com/profile/08107355293650741699noreply@blogger.com0tag:blogger.com,1999:blog-9213580012521419503.post-50161613857062938032016-12-09T10:22:00.000+00:002016-12-09T10:25:18.090+00:00Migrating to a new serverSometimes you need to move your sFlowTrend installation to a new server. This is quite easy to do without losing any data, but you have to be careful to make sure it goes smoothly. All of the data is in the sFlowTrend <i>home directory</i>. For free sFlowTrend, this contains the configuration and user preferences (when using the web client). For sFlowTrend-Pro, it also includes all of your traffic data contained in the database.<br />
<br />
First, find the location of the home directory on the old system. If you installed sFlowTrend using an interactive installer, then you would have selected the directory during installation. If you used a package installer on Linux, then you can't change the location. In any case, you can find the name of the directory using Configuration>System Configuration in the web client:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfKsP4gcOdqf86IJgbRBQUBkimkEaZY2MTVgUbl5_040QYiTJn3eoSZVqNGSR7tbfVpQ4m4KHCL0gRgdAHXDhBAgq282hBuiBdkc6wUnvUSp7Kwh0POyhqhTfciz0cs6VIVDUiN3sK1prp/s1600/Screen+Shot+2016-12-08+at+11.40.05.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="411" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfKsP4gcOdqf86IJgbRBQUBkimkEaZY2MTVgUbl5_040QYiTJn3eoSZVqNGSR7tbfVpQ4m4KHCL0gRgdAHXDhBAgq282hBuiBdkc6wUnvUSp7Kwh0POyhqhTfciz0cs6VIVDUiN3sK1prp/s640/Screen+Shot+2016-12-08+at+11.40.05.png" width="640" /></a></div>
<br />
<div>
Next, stop the sFlowTrend service on the old system. It is essential that you do this step, otherwise data is likely to be corrupted.<br />
<br />
On Windows, use Windows Administrative Tools>Services, find sFlowTrend-Pro server, and stop it.<br />
On Linux, depending on which distribution you are using, one of the following commands will work:<br />
<span style="font-family: "courier new" , "courier" , monospace;"># systemctl stop sflowtrend-server</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"># service sflowtrend-server stop</span><br />
<span style="font-family: "courier new" , "courier" , monospace;"># /etc/init.d/sflowtrend-server stop</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">Once you have stopped the service on the old system, move to the new one. Go ahead and install sFlowTrend on this system, again taking note of the home directory. Then, stop the sFlowTrend service on the new system - again, it is critical that you do this step. After this, copy the entire home directory from the old system to the new system, ensuring that the ownership and file permissions stay the same. Start the service on the new system.</span><br />
<br />
<span style="font-family: inherit;">At this stage, sFlowTrend should be running on the new system. There may be a couple of other tasks that need to be done. First, if you are using sFlowTrend-Pro and the new system has a different hostname from the old, then you will need to update the license to have the new hostname. To do this, go to </span><a href="http://www.myinmon.com/" style="font-family: inherit;" target="_blank">www.myinmon.com</a><span style="font-family: inherit;">, log in, and click the Request New Key link to the license. The license will be updated shortly. Next, if the IP address of the new system is different, then you will need to update the sFlow configuration on your infrastructure to forward sFlow data to the new system, rather than the old. There's more information on configuring sFlow in <a href="http://blog.sflowtrend.com/2016/10/configuring-switches-to-send-sflow-to.html" target="_blank">this blog post</a>, and in the <a href="http://www.inmon.com/products/sFlowTrend/help/html/appendix.switch-sflow.html" target="_blank">on-line help</a>.</span><br />
<span style="font-family: inherit;"><br /></span>
<span style="font-family: inherit;">Now you have sFlowTrend running on the new system, you can uninstall it on the old. To recover some space, you can also delete the home directory on the old system, as this isn't automatically deleted when uninstalling.</span></div>
Stuarthttp://www.blogger.com/profile/08107355293650741699noreply@blogger.com0tag:blogger.com,1999:blog-9213580012521419503.post-71814865725443294772016-11-09T11:04:00.000+00:002016-11-09T11:05:22.474+00:00Diagnosing abnormal network traffic levels<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="margin-left: 1em; margin-right: 1em;">
</div>
<a href="webkit-fake-url://ba28ab67-1b49-4a96-879d-aa629d939236/image.tiff" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><br />
<br />
<a href="webkit-fake-url://ba28ab67-1b49-4a96-879d-aa629d939236/image.tiff" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"></a>A common question that network managers handle is "Why is the network slow?". In many cases, poor network performance can be caused by a localised overload. This may be caused by mistakes in the network configuration, equipment malfunctions, inadvertent mis-use, or because capacity is insufficient for the normal load. Since an sFlow enabled network and sFlowTrend provide complete visibility of network usage, it is easy to pinpoint overload conditions and take appropriate action. It is even possible to receive alerts so that proactive controls can be implemented to prevent poor performance occurring. Here is an example of how sFlowTrend helps you identify and diagnose network overload conditions.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhV1Gj8JJhyphenhyphenhhZLCZF5EJSH4w41faIlYp0GRL68vOs8XAgfO16X7ICjUaluQDX5gRBbmRhYpxmKF5i5lfZWLr4Cy5rrZuC2LlvxVGA-uIh8V9zkikbEK6iN182A0FgQS6TSf9auldUFVTs/s1600/SFTv6-dashboard.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="490" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhV1Gj8JJhyphenhyphenhhZLCZF5EJSH4w41faIlYp0GRL68vOs8XAgfO16X7ICjUaluQDX5gRBbmRhYpxmKF5i5lfZWLr4Cy5rrZuC2LlvxVGA-uIh8V9zkikbEK6iN182A0FgQS6TSf9auldUFVTs/s640/SFTv6-dashboard.png" width="640" /></a></div>
<br />
Dashboard, Thresholds indicates an abnormally high level of unicast traffic. Click on the unicast indicator to view the Thresholds tab and find out why.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioSvan83zNfPY62sSQuycC9jUs4Zgu3q44hOthW54RncSAeptlUiHf3OH9kl98m5SZbDHaHPcFolcBzH5uBzEmU5WLnd0Y4oK9OICDXfxEsgazrbv3s3fi7edX3TrYG0Aeen2woYevNBU/s1600/SFTv6-thresholds.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="490" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioSvan83zNfPY62sSQuycC9jUs4Zgu3q44hOthW54RncSAeptlUiHf3OH9kl98m5SZbDHaHPcFolcBzH5uBzEmU5WLnd0Y4oK9OICDXfxEsgazrbv3s3fi7edX3TrYG0Aeen2woYevNBU/s640/SFTv6-thresholds.png" width="640" /></a></div>
<br />
<br />
<br />
<br />
The <i>Thresholds</i> tab indicates the switch 10.1.4.253 is experiencing the abnormally high level of unicast traffic. Click on the unicast indicator to see which interfaces are affected.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiILslHuj6YxwCOnTzuKFj2tsyQ00ZInLKmeUTe1cEP7VDI6HluPAQTRhGny7HfVe1HxwaXlzW0N_SmLdiemkD4aILv38mvsAQjYZ4ilm64DeRtl5osVS_VvrA_2SNOhHY5yWMzOmCwC-4/s1600/SFTv6-thresholds-If.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="494" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiILslHuj6YxwCOnTzuKFj2tsyQ00ZInLKmeUTe1cEP7VDI6HluPAQTRhGny7HfVe1HxwaXlzW0N_SmLdiemkD4aILv38mvsAQjYZ4ilm64DeRtl5osVS_VvrA_2SNOhHY5yWMzOmCwC-4/s640/SFTv6-thresholds-If.png" width="640" /></a></div>
The interface with ifIndex 23 is most affected by the unicast traffic. Click on the unicast indicator to bring up the menu and select <i>Root cause</i> to see who and what is contributing to the unicast traffic.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRf_Aojo6BzYe8DHhlF3cCzsdQq9ToYs8_QNr6lOBEM5CKtToQM2HLfJjzqO4O_C1BsyYxl156qiBRjA7V00PJ-Vpt7xXTH4HgQT5ufROHFUWRF0M6GQnPeFqWfuJ19QleGeMTcYflxBo/s1600/SFTv6-rootCause.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="492" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhRf_Aojo6BzYe8DHhlF3cCzsdQq9ToYs8_QNr6lOBEM5CKtToQM2HLfJjzqO4O_C1BsyYxl156qiBRjA7V00PJ-Vpt7xXTH4HgQT5ufROHFUWRF0M6GQnPeFqWfuJ19QleGeMTcYflxBo/s640/SFTv6-rootCause.png" width="640" /></a></div>
<br />
100% of unicast frames are sent from hosts in the External subnet to hosts in the External subnet. Looking at the fourth row, 58% of the unicast frames are sent from 208.65.153.251 TCP:80 to 64.151.76.36. From this we can conclude that the major factor causing the abnormally high unicast traffic is web traffic from server 208.65.153.251 (which is in the External subnet). To see for how long abnormal levels of unicast traffic have affected this interface, click on the <i>Network > Counters</i> tab (or choose <i>View chart</i> from the <i>Root cause</i> tab menu).<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4763V_dYdiKK5JwEL0LQaxvrCWDEmBo5t97m3oAiYsAouXYDNLtqda4Un3j8bPbaGv2DxBtBZ10D1ScFTClX7EDzFFiX9iaOEFJApqMJgWPhwxKrXbLvDbuv8iYAQao-QL2OmzQW47ys/s1600/SFTv6-counters.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="492" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4763V_dYdiKK5JwEL0LQaxvrCWDEmBo5t97m3oAiYsAouXYDNLtqda4Un3j8bPbaGv2DxBtBZ10D1ScFTClX7EDzFFiX9iaOEFJApqMJgWPhwxKrXbLvDbuv8iYAQao-QL2OmzQW47ys/s640/SFTv6-counters.png" width="640" /></a></div>
<br />
<br />
The <i>Network > Top N</i> tab displays the details of the top connections.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiR_zGt0WV2CrPxoWOJ_jHEazgxiUPMh4c0P6jVot4oRfdqm0u9OmZbyaTFKhUs6TtE4F3TL3l_aI2TIn__6GHwkF_lb8TTEX-gAXvKEye8HSa9rDbm0XWWxRdQ5aSZIZ6OkDZ56rGYIhg/s1600/SFTv6-topN.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="492" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiR_zGt0WV2CrPxoWOJ_jHEazgxiUPMh4c0P6jVot4oRfdqm0u9OmZbyaTFKhUs6TtE4F3TL3l_aI2TIn__6GHwkF_lb8TTEX-gAXvKEye8HSa9rDbm0XWWxRdQ5aSZIZ6OkDZ56rGYIhg/s640/SFTv6-topN.png" width="640" /></a></div>
In this example we have created a <a href="http://www.inmon.com/products/sFlowTrend/help/html/network.topn.html#network.topn.charts.custom" target="_blank">custom</a> top connections chart that allows us to focus on the server port and ignore the ephemeral client port.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAjzfXGb4xeEcDyejTulA_wBq7dSOXoxW0NbuL63Q2x3BHdMfZoYpcDkl4QTccFWq4iOaja7GKwF_I0xo6ckp02DPzztoxzvVtDLNDgWfZSIHlpu7nDnQ5J-PTRdBdW-4BGOINeg9xyNM/s1600/SFTv6-circles.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="490" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAjzfXGb4xeEcDyejTulA_wBq7dSOXoxW0NbuL63Q2x3BHdMfZoYpcDkl4QTccFWq4iOaja7GKwF_I0xo6ckp02DPzztoxzvVtDLNDgWfZSIHlpu7nDnQ5J-PTRdBdW-4BGOINeg9xyNM/s640/SFTv6-circles.png" width="640" /></a></div>
The <i>Network > Circles</i> tab allows you to visualise the traffic flows between groups of addresses to help understand the communication patterns across the network.<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
Soniahttp://www.blogger.com/profile/09620068261717712566noreply@blogger.com0tag:blogger.com,1999:blog-9213580012521419503.post-48625985626968929772016-10-26T13:06:00.000+01:002016-10-26T13:31:21.433+01:00Configuring switches to send sFlow to sFlowTrendThe sFlow agent running on a switch or router is responsible for sending sFlow data to sFlowTrend. The sFlow agent must be configured with three main parameters:<br />
<ol>
<li><b>Receiver address and port:</b> The IP address and UDP port of the system that sFlowTrend is running on and on which it will receive data. By default sFlowTrend-Pro listens on all the system IP addresses using UDP port 6343. The configured receiver address must be reachable from the switch running the sFlow agent.</li>
<li><b>Sampling rate:</b> The ratio of packets carried by an interface to the number of packets sampled. For example a sampling rate of 1024 specifies that, on average, 1 packet sample will be generated for every 1024 packets carried by an interface. The sampling rate configured should generate enough samples to be statistically significant, but not too many samples such that the scalability of the system would be affected. Some suggested <a href="http://www.inmon.com/products/sFlowTrend/help/html/appendix.sampling.html" target="_blank">sampling rates</a> for different traffic levels are given in the sFlowTrend help.</li>
<li><b>Polling interval:</b> Controls how frequently counter data (for example interface counters) are exported. Configuring a counter polling interval of 30 seconds is recommended. This will cause counter data to be exported every 30 seconds on average. Since sFlowTrend accumulates data with one minute granularity, setting a counter polling interval of less than 20 seconds generates more load for the switch and the network without improving the resulting measurements.</li>
</ol>
In addition, some sFlow agent implementations allow the <b>sFlow agent address</b> to be configured. The sFlow agent address is included in the exported sFlow data and must uniquely identify the switch. sFlowTrend uses this address to attribute data to the different switches. Some sFlow agent implementations have an inappropriate default sFlow agent address of 0.0.0.0 or 127.0.0.1. This must be changed to a unique address for the switch, preferably an address that will respond to SNMP requests, in order for sFlowTrend to work properly. If the IP addresses for a switch are changed, then you should check that the sFlow agent address is updated properly; this sometimes requires a restart of the sFlow agent.<br />
<br />
There are two methods for configuring the sFlow agent: SNMP and Command Line Interface (CLI).<br />
<h4>
sFlow configuration using SNMP</h4>
If a switch implements the <a href="http://www.sflow.org/SFLOW-MIB5.txt" target="_blank">sFlow MIB</a>, sFlowTrend can use SNMP to configure the sFlow agent. In this case, you must ensure sFlowTrend is configured with the IP address of the switch and the correct SNMP credentials. The switch must also be configured to allow SNMP read and write from the sFlowTrend system. sFlowTrend will then make sure that the switch is configured with the correct settings for receiver address and port, sampling rate and polling interval for all interfaces.<br />
<br />
Follow the steps in the section in the help <a href="http://www.inmon.com/products/sFlowTrend/help/html/configuration.agents.html" target="_blank">Adding a switch configured by SNMP</a>. The help also outlines steps for <a href="http://www.inmon.com/products/sFlowTrend/help/html/configuration.agents.html#configuration.agents.status" target="_blank">verifying</a> and <a href="http://www.inmon.com/products/sFlowTrend/help/html/troubleshooting.html#troubleshooting.troubleshooting.no-sflow" target="_blank">troubleshooting</a><span id="goog_1039113372"></span><span id="goog_1039113373"></span><a href="https://www.blogger.com/"></a> the configuration.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDiNmYqIJ6hjkSZGAJrtkctaMH3-8CzyjhbgqrcR3UFnuuOwU8ftPTLD3yOCjHzA4suwr81a3v6ydyxSH53w8v2WD8kwXLl_kAGKkhLaWHcpexTHE1h_0PO-koaN5LJVtossi7M7Ruw_4/s1600/SFTv6-configAgents.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="502" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiDiNmYqIJ6hjkSZGAJrtkctaMH3-8CzyjhbgqrcR3UFnuuOwU8ftPTLD3yOCjHzA4suwr81a3v6ydyxSH53w8v2WD8kwXLl_kAGKkhLaWHcpexTHE1h_0PO-koaN5LJVtossi7M7Ruw_4/s640/SFTv6-configAgents.png" width="640" /></a></div>
<a href="https://www.blogger.com/blogger.g?blogID=9213580012521419503" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"></a><br />
<br />
sFlow configuration using SNMP is accomplished as follows:<br />
<ol>
<li>sFlowTrend uses SNMP to walk the ifTable to discover all interfaces and their ifSpeeds. This process also ensures that basic SNMP read access is working.</li>
<li>sFlowTrend then tests for the existence of the sFlow MIB.</li>
<li>On discovering the sFlow MIB, sFlowTrend then tries to claim a receiver entry by using SNMP SETs to write its configured receiver IP address and sFlow port, a unique string identifying this sFlowTrend instance, and a timeout value into the receiver entry. The receiver address and port used by sFlowTrend are configured in the System configuration, <a href="http://www.inmon.com/products/sFlowTrend/help/html/configuration.system.html#configuration.system.sflow" target="_blank">sFlow configuration</a> dialog. A switch will support a fixed number of receiver entries, limiting the number of sFlow collectors that it can send data to. If all of the receiver entries have been claimed by other sFlow collectors, then sFlowTrend will fail to configure this switch and in the Configure agents dialog will report <i>Already in use</i> and list the other sFlow collectors. You can tell sFlowTrend to overwrite an existing receiver entry when there are no free entries by using the <a href="http://www.inmon.com/products/sFlowTrend/help/html/advanced.html#advanced.configuration.server">sflowtrend.useForce</a> setting.</li>
<li>After having successfully claimed a receiver entry, sFlowTrend will then set sFlow MIB entries for each interface to configure the polling interval and the appropriate sampling rate. sFlowTrend chooses the sampling rate based on the ifSpeed of the interface discovered by walking the ifTable.</li>
<li>Periodically, sFlowTrend will refresh the timeout value in the receiver entry using an SNMP SET. This ensures that the switch will continue to send sFlow. However, if sFlowTrend is stopped, the timeout will decrease to zero and on reaching zero, the switch will clear the receiver entry and stop sending sFlow to sFlowTrend. This means that no resources are used in generating unwanted sFlow.</li>
</ol>
<h4>
sFlow configuration using CLI</h4>
<div>
The sFlowTrend help gives some examples of <a href="http://www.inmon.com/products/sFlowTrend/help/html/appendix.switch-sflow.cli.html" target="_blank">CLI configuration</a> of sFlow. Consult your switch documentation for further details. In this case, no configuration of sFlowTrend is required. Instead, as soon as sFlowTrend receives sFlow from a switch, the switch will be listed in the sFlowTrend System configuration, <a href="http://www.inmon.com/products/sFlowTrend/help/html/configuration.agents.html" target="_blank">Configure agents</a> dialog and the various switch selectors. If sFlowTrend does not list the switch, check the following:<br />
<ol>
<li>The switch is configured with the correct receiver address and UDP port. You can verify the UDP port that sFlowTrend is listening on in the System configuration, <a href="http://www.inmon.com/products/sFlowTrend/help/html/configuration.system.html#configuration.system.sflow" target="_blank">sFlow configuration</a> dialog.</li>
<li>There are no firewalls on the sFlowTrend system or the network that are blocking sFlow data.</li>
<li>The sFlowTrend system is reachable from the switch.</li>
<li>The sFlow agent on the switch is configured with a unique sFlow agent address.</li>
</ol>
</div>
If you want sFlowTrend to display interfaces using ifName or ifAlias, or to display the sysName of the switch, you must configure sFlowTrend with SNMP read access to the switch.<br />
<br />
<br />
<br />Soniahttp://www.blogger.com/profile/09620068261717712566noreply@blogger.com0tag:blogger.com,1999:blog-9213580012521419503.post-34857593805777395352016-09-12T11:00:00.000+01:002019-10-17T09:56:08.389+01:00Getting started with sFlowTrend and sFlowTrend-ProTo use sFlowTrend or sFlowTrend-Pro, first download the installation package. The installation package for sFlowTrend is available from <a href="http://www.sflowtrend.com/">http://www.sflowtrend.com</a>. If you have purchased a license, or requested an evaluation license for sFlowTrend-Pro, you can download the installation package from your account at <a href="http://www.myinmon.com/">http://www.myinmon.com</a> under the Products > Download Software. Choose the correct installation package for the system that will run sFlowTrend or sFlowTrend-Pro:<br />
<ul>
<li>For a Windows installation, use the Windows installation package unless you are running a 64-bit version of Windows with a 64-bit JRE installed, in which case use Windows 64-bit installation package. </li>
<li>For a Linux installation, select either the Linux installer download, which is a graphical and CLI installer, or install using an RPM or .deb file. If you choose the RPM or .deb option, and have a previous installation using the installer, uninstall the previous version before installing the RPM/.deb file. </li>
<li>For an Apple Mac installation, use the .dmg installation package.</li>
</ul>
Make sure that you have Java 1.8 (or later) installed, then run the sFlowTrend or sFlowTrend-Pro installation package following the <a href="http://www.inmon.com/products/sFlowTrend/help/html/installation.html" target="_blank">instructions</a>.<br />
<br />
Once you have installed sFlowTrend or sFlowTrend-Pro, open the GUI by pointing a web browser to http://[hostname]:8087/sflowtrend or https://[hostname]:8443/sflowtrend. You must now <a href="http://www.inmon.com/products/sFlowTrend/help/html/configuration.system.html#configuration.system.general.license" target="_blank">configure</a> the license.<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjih0odFxX6n8jb1gkgA6xXJ0UInTJDkZZddWyjPyrcgKBZ9aB0TDQrBCFQWG9zmfcWK39zMRNS72V_8yPBQ-BDK6fCT3tyVw1M2HFoPQHrzMQlJj8xNF0Dcw6urBvDWe-qW7m4KDX9S7k/s1600/SFTv6-license.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjih0odFxX6n8jb1gkgA6xXJ0UInTJDkZZddWyjPyrcgKBZ9aB0TDQrBCFQWG9zmfcWK39zMRNS72V_8yPBQ-BDK6fCT3tyVw1M2HFoPQHrzMQlJj8xNF0Dcw6urBvDWe-qW7m4KDX9S7k/s1600/SFTv6-license.png" /></a></div>
<br />
To use sFlowTrend-Pro, deselect "Use sFlowTrend (free)" and enter your license number from your account at <a href="http://www.myinmon.com/">http://www.myinmon.com</a>.<br />
<br />
Note that normally sFlowTrend-Pro will use the Internet to download the license key, once the license number has been entered. If a proxy configuration is required for the server to connect to the Internet, please make sure that the proxy is correctly <a href="http://www.inmon.com/products/sFlowTrend/help/html/configuration.system.html#configuration.system.proxy" target="_blank">configured</a>. On initial installation, until you configure the license you cannot use the rest of the product; this means that the proxy also cannot be configured. To work around this, if you have to configure a proxy, first select the option to use the free sFlowTrend license, then configure the proxy, and finally go back to the license dialog and enter your actual license number. If the system has no Internet connectivity at all, then the license key can be entered manually. You can request a manual license key using a support request from your account at <a href="http://www.myinmon.com/">http://www.myinmon.com</a>.<br />
<br />
Now <a href="http://www.inmon.com/products/sFlowTrend/help/html/appendix.switch-sflow.html" target="_blank">configure your switches</a> to send sFlow to sFlowTrend-Pro. Another blog post will describe this in more detail. The Dashboard will show the incoming sampling rate and the status bar will indicate the number of switches and hosts being monitored. The <a href="http://www.inmon.com/products/sFlowTrend/help/html/troubleshooting.html#troubleshooting.troubleshooting.no-sflow" target="_blank">troubleshooting</a> section of the help includes some things to check if sFlow is not being received.Soniahttp://www.blogger.com/profile/09620068261717712566noreply@blogger.com0tag:blogger.com,1999:blog-9213580012521419503.post-4376788672537029592016-08-31T15:28:00.000+01:002016-08-31T15:29:13.468+01:00Comparing sFlowTrend and sFlowTrend-Pro<a href="http://www.sflowtrend.com/" target="_blank">sFlowTrend</a> is the free version of <a href="http://www.sflowtrend-pro.com/" target="_blank">sFlowTrend-Pro</a>. sFlowTrend is limited to analysing data from a maximum of five sFlow agents and stores one hour of data in memory. sFlowTrend-Pro does not limit the number of switches, routers, or hosts that can be monitored and stores data persistently to disk for a configurable period (default one week). sFlowTrend-Pro also supports navigation through and reporting over the whole history of data.<br />
<br />
If you have already installed sFlowTrend and have purchased an sFlowTrend-Pro license, you can upgrade your installation by configuring your installation with your sFlowTrend-Pro license using the <a href="http://www.inmon.com/products/sFlowTrend/help/html/configuration.system.html#configuration.system.general.license" target="_blank">configuration menu</a>.<br />
<br />
<br />
<table border="1" cellpadding="2" cellspacing="0">
<thead>
<tr><th></th><th>sFlowTrend</th><th>sFlowTrend-Pro</th></tr>
</thead>
<tbody>
<tr><td>Industry leading sFlow support</td><td><div style="text-align: center;">
<span style="color: #6aa84f;">✓</span></div>
</td><td><div style="text-align: center;">
<span style="color: #6aa84f;">✓</span></div>
</td></tr>
<tr><td>Supports sFlow from switches/routers/wifi, hosts and services</td><td><div style="text-align: center;">
<span style="color: #6aa84f;">✓</span></div>
</td><td><div style="text-align: center;">
<span style="color: #6aa84f;">✓</span></div>
</td></tr>
<tr><td>Real-time analysis and charts</td><td><div style="text-align: center;">
<span style="color: #6aa84f;">✓</span></div>
</td><td><div style="text-align: center;">
<span style="color: #6aa84f;">✓</span></div>
</td></tr>
<tr><td>Reporting</td><td><div style="text-align: center;">
<span style="color: #6aa84f;">✓</span></div>
</td><td><div style="text-align: center;">
<span style="color: #6aa84f;">✓</span></div>
</td></tr>
<tr><td>Web client UI</td><td><div style="text-align: center;">
<span style="color: #6aa84f;">✓</span></div>
</td><td><div style="text-align: center;">
<span style="color: #6aa84f;">✓</span></div>
</td></tr>
<tr><td>REST API supported</td><td><div style="text-align: center;">
<span style="color: #cc0000;">✗</span></div>
</td><td><div style="text-align: center;">
<span style="color: #6aa84f;">✓</span></div>
</td></tr>
<tr><td>Number of agents (switches, routers, hosts)</td><td>5</td><td>Unlimited</td></tr>
<tr><td>Data storage</td><td>Memory (volatile)</td><td>Disk (persistent)</td></tr>
<tr><td>Historical data</td><td>1 hour</td><td>Configurable (default 7 days)</td></tr>
<tr><td>History reporting and navigation</td><td>1 hour</td><td>Entire duration of historical data</td></tr>
<tr><td>Cost</td><td>Free</td><td>License fee (annual or indefinite)</td></tr>
<tr><td>Support</td><td><a href="https://groups.google.com/d/forum/sflowtrend" target="_blank">Community</a></td><td>Commercial included with license fee</td></tr>
</tbody></table>
<br />Soniahttp://www.blogger.com/profile/09620068261717712566noreply@blogger.com0tag:blogger.com,1999:blog-9213580012521419503.post-60287123227748038912016-08-09T11:03:00.001+01:002016-08-31T09:52:59.734+01:00WelcomeWelcome to the sFlowTrend blog.<br />
<br />
The purpose of this blog is to provide tips for using <a href="http://www.sflowtrend.com/" rel="nofollow" target="_blank">sFlowTrend</a> and <a href="http://www.sflowtrend-pro.com/" rel="nofollow" target="_blank">sFlowTrend-Pro</a> so that you get the most out of your <a href="http://www.sflow.org/" rel="nofollow" target="_blank">sFlow®</a> enabled switches, virtual switches, routers, and hosts.<br />
<br />
The <a href="http://www.inmon.com/products/sFlowTrendHelp.php" target="_blank">help</a> is the definitive documentation for sFlowTrend and sFlowTrend-Pro. These blog posts are intended to address frequently ask questions and more detailed usage examples and case studies.<br />
<br />
<span style="background-color: white;"><a href="http://www.sflowtrend.com/" target="_blank">sFlowTrend</a> and <a href="http://www.sflowtrend-pro.com/" target="_blank">sFlowTrend-Pro</a> are scalable, network and system performance analytics tools, built from the </span>ground up to exploit the detailed data available from the popular <a href="http://www.sflow.org/" target="_blank">sFlow®</a> standard.<br />
<br />
Both sFlowTrend and sFlowTrend-Pro identify who is using the network, for what purpose and how intensively. The web UI provides real-time, interactive charts and historical reports. In addition, sFlowTrend-Pro exposes a REST API for fully flexible data access and integration with other tools. This type of analytics is ideally suited to common management tasks such as diagnosing performance problems, identifying mis-use and abnormal traffic (eg security threats), understanding trends and accurately targeting upgrades, generating management reports.<br />
<div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj16Spz038YS5ZyvND5iCZ42VCKlh-QhLYOzlS5jGFTSrOjC-67NvJc_JT9RsM392Aj10PZnGIs3LnYsj7MDaptw1Pzal446SBXEKRfoRvXCOopEu2no1h65_J8CY2x6hyQVKSwlBmBtY8/s1600/sftv6screen.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj16Spz038YS5ZyvND5iCZ42VCKlh-QhLYOzlS5jGFTSrOjC-67NvJc_JT9RsM392Aj10PZnGIs3LnYsj7MDaptw1Pzal446SBXEKRfoRvXCOopEu2no1h65_J8CY2x6hyQVKSwlBmBtY8/s1600/sftv6screen.png" /></a></div>
<br /></div>
Soniahttp://www.blogger.com/profile/09620068261717712566noreply@blogger.com0