What to do without Netflow

Unanswered Question
May 5th, 2010

Hi All,

I look after a network of about 100 PC workstations, 60+ SUN/Microsoft servers. At the access layer I use 2960G's and 3560G's. My routing (inter-VLAN) is handled by the 3560G's (and it works quite well). At the core of my network I have a stack of 3750's. Beyond that I make use of Fortinet hardware for firewalls, etc.

For my monitoring I use the freeware version of OP Manager. It works well, gives me graphs in real-time, and basic reports.

My company is giving serious thought to relocating our datacenter from our building to a co-located facility.

I really want to get a better understanding of the flow of traffic at the core of my network. Netflow seemed like the perfect choice but it is not supported on any of the switches I use. The data I get from OP Manager really isn't enough. I don't have the time to evaluate lots of different products, and need something that I can get up and running quickly so I can begin to gather the information that is required to enable us to make an informed decision over the connections we will need from our building to the co-located site. Please do not worry about the detail of this. I know there is far more to this. At this stage I am just looking for a product that can detail the flow (volume) of data within the switch.

Hope this makes sense.

Thanks

Darren

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jan Nejman Thu, 05/06/2010 - 03:08

Hello Darren,

  I think that unsupported netflow on 35xx and 37xx series is one of the biggest disadvantages

of this product line. You can solve this problem by external probe. This probe will create a

netflow stream from SPAN sessions (monitored traffic) or from from TAP (splitter) on the line.

See the following URL to see more details about flowmon probes:

http://www.caligare.com/product/flowmon/

If you require more information don't hesitate to contact me.

Kind regards,

Jan Nejman

Caligare, co.

http://www.caligare.com/

darren-carr Thu, 05/06/2010 - 17:25

Hi Jan,

Do you have further information regarding your product?

Having used SPAN sessions before I have only ever been able to SPAN ports on a 1:1 configuration i.e. span Gi 0/1-Gi 0/24 with my monitoring station placed at the end of Gi 0/24.

I guess you can do the same for Port/Etherchannels, over a period of time.

Also, what I have not looked into is the limitation on the number of SPAN sessions you can have for a switch stack i.e my core that is made up of a stack of 3750 devices.

I guess I could configure a SPAN session for the portchannels that connect the access layer to the core, and have probes placed here that could capture the data.

Do you think your product would be useful in this sort of environment?

Thanks

Darren

Jan Nejman Fri, 05/14/2010 - 13:24

Hello Darren,

  sorry for late answer, I was on business trip this week.

FlowMon probe is not Caligare's product, we are reselling this product.

This product is made by Invea-tech company. See http://www.invea-tech.com

for more information about it.

I'm not sure if etherchannel can be SPANned, but I assume that yes.

Maybe it is a question for some Cisco guru. I'm rather netflow specialist.

There are several scenarious how can be traffic monitored. The span is

one of the possibilities.

Once again, I'm sorry for late answer.

Kind regards,

Jan

Actions

This Discussion