Jump to content

WhatsUp Gold Flow Monitor

Network traffic monitoring and analysis

Visualize network bandwidth utilization by users, hosts, and applications

Free 30 Day Evaluation

As a network manager, you spend a good portion of your time discovering and mapping your network, overseeing the performance of your applications and underlying physical or virtualized infrastructure, troubleshooting problems and managing alerts, or simply sharing information and reports with all major stakeholders. But, did you know that the best way to resolve intermittent network performance problems and ensure Quality of Service is to analyze, understand and manage IP traffic over your network?

Analyze and manage network and application traffic and bandwidth use with WhatsUp Gold Flow Monitor

Available as a fully integrated plug-in to WhatsUp Gold, Flow Monitor provides detailed insight into exactly how your network bandwidth and capacity are utilized and by whom. Flow Monitor not only highlights the overall utilization of the LAN, WAN, specific device, or interface, it also indicates which users, applications and protocols are consuming the bandwidth. And for business critical applications, Flow Monitor enables you to easily conduct traffic identification and analysis, as well as verify Quality of Service (QoS) through ToS, DSCP for the LAN/WAN, or new Top NBAR and CBQoS reports.

With WhatsUp Gold Flow Monitor, you can ensure application performance, oversee network traffic prioritization policies, and save money by eliminating costly bandwidth utilization issues.

New in WhatsUp Flow Monitor v15

New Auto-Tuning & Optimization Capabilities—up to 3 million flows per minute! Flow Monitor will automatically optimize flow retention settings for your network to speed up performance by 200% to 300%, and decrease your database storage costs.

Flow Configuration Wizard. Start monitoring network traffic and bandwidth usage with a few clicks, since Flow Monitor automatically discovers and detects your routers and other network devices and even configures them for you.

Flow Aggregation Capabilities. Group and manage multiple flow sources in a single view—even across different devices—and treat them as a single aggregated source.

Network Monitoring aligned to your business requirements. Besides new port assignments to applications (Cisco, Avaya IP telephony & Cisco Business Video Solutions), you'll be in complete control of what data to collect, store, and report on.

Ultra-flexible Reporting. Visualize information the way it makes sense to your business—IP or hostname, bytes, interface flows or packet counts—or filter report data by CIDR subnet definitions.

Customizable data collection for one or multiple ports. Adapts to all network designs, including those with complex firewalls, or forwarding rules, since Flow Monitor collector can bind itself to multiple ports on the server system, and receive flow data on multiple ports.

And if you have non-flow enabled devices in your network, you can use WhatsUp Gold Flow Publisher to extend WhatsUp Gold Flow Monitor capabilities, and gain complete visibility into your network traffic across every segment and device – whether they natively support flow monitoring or not. By capturing raw traffic from the network and converting it into standard NetFlow records, Flow Publisher complements Flow Monitor giving you complete control over your network traffic. Learn more about WhatsUp Gold Flow Publisher here.

Key capabilities of the WhatsUp Gold Flow Monitor include:

Mapping Flows to Business Units

Flow data from multiple devices and ports may be grouped together by business function allowing reports to be generated by business use or unit, rather than individual ports. This functionality can be leveraged by both the reporting and threshold alerting engines giving rapid response capabilities to business impacting traffic bottlenecks.

Automatic flow source discovery and configuration

Using SNMP, the Flow Monitor plug-in can determine what devices on the network are “flow capable” and automatically configure those devices to forward flow records with all appropriate timeouts and flow collector parameters configured. Effectively eliminating the need for “flow expertise” among staff who can now focus on interpreting the results and not configuring systems.

*Support for Popular Flow Formats

In a single plug-in, Flow Monitor offers support for all the popular flow management formats, including NetFlow, sFlow, J-Flow and IPFIX. WhatsUp Gold Flow Monitor also offers support for Cisco's newest NetFlow implementation called NSEL (NetFlow Secure Event Logging), which is available on the ASA product line. With such extensive flow format support, you can utilize Flow Monitor using your existing infrastructure – no need to upgrade. Flow Monitor works with an extensive list of switches and routers from vendors such as Cisco, Extreme, Juniper, HP, and many more.

Flow Monitor also collects NetFlow compliant records from WhatsUp Flow Publisher – through which it provides visibility into application, host and user traffic across all non-flow capable devices.

Visibility into Network Bandwidth Utilization

Attempting to diagnose a slow network without visibility into QoS and exactly what traffic is causing the problem, is really only seeing a tiny part of the picture. With WhatsUp Gold’s Flow Monitor, you have the complete real-time visibility you need to manage bandwidth utilization and ensure optimal network performance.

Comprehensive Reporting

Flow Monitor collects NetFlow, sFlow and J-Flow records from routers and switches and converts them into useful reports -- Top Protocols, Top Applications, Top Senders, Top Conversations and many more-- which track real-time usage as well as historical trends. For example, Top NBAR Applications report offers a complete view of NBAR traffic so you can accurately diagnose application performance issues and bandwidth constraints, without having to dig deeper into the traffic flows. And new Class based QoS report offers a unified view of pre-policy and post-policy traffic side by side, including dropped or deferred packages, so network administrators can easily identify critical issues --like router saturation--that can impact overall network traffic. Additionally, 95th percentile reports provide the capability to verify service providers’ burstable billing records.

Threshold Based Alerting

In conjunction with the new Alert Center, Flow Monitor makes it easy to find out exactly where and when problems may develop in real-time. You can now set up multiple configurable thresholds tracking the volume of traffic between conversation pairs, failed connections per host, top senders and receivers, and specific interfaces over time. Custom configurable thresholds provide even more granular tracking of network traffic. With the combined Flow Monitor and WhatsUp Gold solution, alerts are sent when the configured thresholds are exceeded, enabling network managers to proactively troubleshoot and resolve performance bottlenecks and eliminate malicious network behavior.

Flow Monitoring Basics

  • Support for Cisco’s NetFlow v1, v5, v9; sFlow v5; Juniper Network’s J-Flow format, standard IPFIX and Cisco NSEL (Network Security Event Logging) formats
  • Dedicated SQL Server database
  • Extensive support for switches and routers from Cisco, Juniper, Foundry, Extreme, Enterasys and Packeteer

Monitoring/Troubleshooting Capabilities

  • Automatic classification of traffic by type and protocol in real-time, including NBAR traffic
  • Identification of traffic flow patterns through the network in real-time
  • Identification of traffic sources (top talkers) and destinations
  • Identification of traffic destination by group, domain, top level domain (TLD), and country
  • Pinpointing of internal and external traffic sources and destinations
  • Conducting traffic identification and analysis for LAN and WAN for Quality of Service through ToS or DSCP
  • Grouping of flow data based on common parameters, including IP addresses by domain, TLD or country
  • Grouping of flow data based on source or port so flows may be mapped to business structures, applications, and organizations.
  • Automatic identification of high traffic flows to un-monitored ports and highlighting of those ports as candidates for monitoring
  • Exposure of unauthorized applications, including file and music sharing
  • Detection of failed connections

Reporting

  • Access to 21 flow management reports via WhatsUp Gold web console
  • Automated rollup of flow data with hourly, daily, weekly, monthly and yearly views
  • User configuration of all reports to display flow information in custom formats
  • Sorts and displays filtered reports by protocol, application, host, domain, TLD, country, groups or type of service
  • Integration of flow reports with WhatsUp Gold dashboard reports
  • Access to WHOIS information for sender and receiver reports
  • Display traffic information by bytes, packets or flows
  • 95th percentile reporting within the Interface Overview reports
  • New Top NBAR Applications and Class based QoS reports

Configuration and Management

  • Automatic discovery and configuration of flow sources via SNMP
  • Automatic tuning and filtering of “noise flows” so important flows are accurately reported with greater performance and flexibility
  • Configuration of role based management for user access to configuration and reports
  • Configuration and management of flow data retention policies
  • Configuration of flow logging levels
  • Configurable support for non-standard ports and proprietary protocols
  • Starting and stopping of flow services
  • Setting of address resolution levels
  • Access to flow database and service status, providing instant views of database parameters and running flow services
  • Backup and restoration of flow database
  • Apply custom names to flow interfaces
  • Notification of database status

 

How Flow Monitor Helps Ensure Network Performance

As a network manager, how much time do you spend discovering and mapping your network, monitoring applications in both physical and virtualized infrastructure? Did you know that most of the network slowdowns can be identified and resolved by simply monitoring and analyzing your network traffic and bandwidth utilization?

With Flow Monitor you can:

Understand how your network is being used and by whom

  • Determine exactly which users, applications or hosts are consuming network bandwidth
  • Display top talkers (by IP address), so you can determine exactly which hosts (authorized or unauthorized) are consuming critical bandwidth. For example, YouTube™ video streaming by multiple users may cause network congestion and slow down other critical business applications
  • Verify network QoS policies required to support applications like VoIP using TOS reports
  • Group flow sources and specific interfaces to focus directly on business critical systems and data flows.

Properly measure bandwidth usage

  • Automatically discover and configure flow sources
  • Verify burstable billing accounting from bandwidth service providers with 95th percentile reporting
  • Track and resolve network traffic or congestion problems using automatic classification of traffic by type and protocol in real-time
  • Plan for spikes in usage to avoid dropped packages or delays
  • Ensure critical business applications get the bandwidth they need

Protect and secure your network

  • Track the number of failed interface connections, which can indicate external attacks on your network and other rogue activity directed at your network
  • Detect the use of unauthorized applications, enabling you to ensure your network’s security compliance and legal liability
  • Track traffic anomalies to quickly detect the introduction of viruses and worms into the corporate network

What is flow?

A flow is a series of packets with a set of common characteristics sent between devices. As packets traverse a device, seven parameters are analyzed, if they all match exactly, then this sequence of packets is determined to be a flow. Flows are comprised of one of the IP protocols (usually TCP or UDP) depending on the end system being accessed.

What is flow management?

Flow management is the analysis of the different types of traffic traversing the network (as compared to simply looking at bandwidth utilization) to ensure the network is able to support key business applications. The practice of flow management began with the implementation of NetFlow, a technology developed by Cisco, which is part of the device IOS (internal operating system). In addition to the NetFlow format, other popular formats include J-Flow (developed by Juniper Networks), and sFlow (RFC 3176 standard). The vast majority of hardware manufacturers support one or more flow formats.

Why is flow management important?

The practice of flow management enables you to efficiently characterize the IP traffic on a network, which is critical to identifying the cause of link/network congestion, facilitating effective network capacity planning, and ensuring network resources are used to support organizational goals, including the support of key business applications.

What can flow management data be used for?

Flow data can be used for many applications such as:

  • Traffic and bandwidth utilization analysis
  • Application monitoring
  • User monitoring
  • Network performance monitoring
  • Network capacity planning
  • Security analysis
  • Traffic engineering
  • Peering agreement
  • Usage-based billing
  • Destination sensitive billing

How does it work?

Each flow enabled router or switch (source) collects and aggregates information about traffic passing through it, and when configured to do so, transmits the information to a flow enabled network management and monitoring system such as WhatsUp Gold.  WhatsUp Gold then converts the flow data into actionable reports (or something to that nature).

How does WhatsUp Gold support flow management?

Flow management support is provided through a Flow Monitor plug-in that fully integrates into the WhatsUp Gold web console. It supports multiple popular formats including NetFlow, J-Flow and sFlow.

How does WhatsUp Gold support Cisco NBAR?

Mission critical applications –such as ERP or workforce optimization applications-- can be intelligently identified and classified using Network Based Application Recognition (NBAR). NBAR is an intelligent classification engine in Cisco IOS Software that can recognize a wide variety of applications, including Web-based and client/server applications. Once these mission critical applications are classified they can be guaranteed a minimum amount of bandwidth, policy routed, and marked for preferential treatment. WhatsUp Gold Flow Monitor intelligently identifies classifies and oversees NBAR traffic, including difficulty-to-classify protocols and applications that utilize dynamic TCP/UDP port assignments. With WhatsUp Gold Flow Monitor new Top NBAR Applications report you will gain a complete view of your NBAR traffic so you can accurately diagnose application performance issues and bandwidth constraints, without having to dig deeper into your traffic flows

What components are included?

The WhatsUp Gold Flow Monitor includes all the required components to enable flow data collection and reporting including; dedicated flow SQL database, flow collector, management and configuration interface and reporting.

What type of information does it provide?

WhatsUp Gold Flow Monitor provides comprehensive information to network managers allowing them to identify, view and report on the following types of data about their network and its usage.

  • Protocol
  • Application (multiple ports and IP ranges)
  • Conversations
  • Sender host
  • Receiver host
  • Sender domain
  • Receiver domain
  • Sender top level domain (TLD)
  • Receiver TLD
  • Top sender country
  • Top receiver country
  • Type of service (ToS)

How is it licensed?

The WhatsUp Gold Flow Monitor is licensed by flow source. A flow source is a device that collects network traffic data and forwards flow compliant records to a designated collector. A source can have any number of configured interfaces.

What Flow technologies does Flow Monitor support?

The WhatsUp Flow Monitor offers support for all of the common flow management formats including NetFlow, sFlow, J-Flow, IPFIX and NSEL.

Which manufacturers support flow management?

In addition to Cisco, a number of OEM manufacturers support NetFlow. Specific information for the manufacturers is provided below.

Cisco Device Support

The following IOS versions and hardware platforms fully support flow record export for NetFlow v1, v5 and v9.

Cisco IOS Software Release Version Supported Cisco Hardware Platforms
11.1CA, 11.1CC Cisco 7200 and 7500 series, RSP 7200 series
12.0 Cisco 1720, 2600, 3600, 4500, 4700, AS5800
RSP 7000 and 7200 series
uBR 7200 and 7500 series
RSM series
12.0T, 12.0S Cisco 1720, 2600, 3600, 4500, 4700, AS5800
RSP 7000 and 7200 series
uBR 7200 and 7500 series
RSM series, MGX8800RPM series, and BPx8600 series
12.0(3)T, 12.0(3)S Cisco 1720, 2600, 3600, 4500, 4700, AS5300, AS5800
RSP 7000 and 7200 series
uBR 7200 and 7500 series
RSM series, MGX8800RPM series, and BPx8650
12.0(4)T Cisco 1400, 1600, 1720, 2500, 2600, 3600, 4500, 4700, AS5300, AS5800
RSP 7000 and 7200 series
uBR 7200 and 7500 series
RSM series, MGX8800RPM series, and BPx8650 series
12.0(4)XE Cisco 7100 series
12.0(6)S Cisco 12000 series

It should be noted that the following Cisco devices do not support NetFlow: Cisco 3500, 3660, 3750.

Other Vendor Support for Cisco’s NetFlow Format

  • 3Com - 8800 Series Switches
  • Adtran - NetVanta 3200, 3305, 4305, 5305, 1524, 1624, 3430, 3448, 3130, 340, and 344 (Supports NetFlow version 9)
  • Riverbed
  • Enterasys Networks
  • Extreme Networks - Does not support input/output interface, octets, or first and last times
  • Foundry Networks
  • Packeteer
  • VMware – ESX Server v3.5 based upon virtual switch

sFlow and J-Flow Device Support

WhatsUp Gold Flow Monitor device support includes the following manufacturers and devices:

3Com
  • 4800G Family
AlaxalA Networks
  • AX7800R
  • AX7800S
  • AX7700R
  • AX5400S
Alcatel-Lucent
  • OmniSwitch 6850
  • OmniSwitch 9000 series
Allied Telesis
  • SwitchBlade 7800R series
  • SwitchBlade 7800S series
  • SwitchBlade 5400S series
Brocade
  • BigIron series
  • FastIron series
  • IronPoint series
  • NetIron series
  • SecureIron series
  • ServerIron series
Comtec Systems
  • Rex 16Gi
  • 24Gi
  • 24Gi-Combo
D-Link
  • DGS-3600 series
Dell
  • Dell 6200 series
Extreme Networks
  • Alpine 3800 series
  • BlackDiamond 6800 series
  • BlackDiamond 8800 series
  • BlackDiamond 10808
  • BlackDiamond 12804C
  • BlackDiamond 12800R Series
  • Summit X150 Series
  • Summit_X250e Series
  • Summit X450 Series
  • Summit i series
Force10 Networks
  • C series
  • E series
H3C
  • H3C S7500E Series Switches
  • H3C MSR 20-1X Series Routers
Hewlett-Packard
  • ProCurve 2610 series
  • ProCurve 2800 series
  • ProCurve 2900 series
  • ProCurve 3400cl series
  • ProCurve 3500yl series
  • ProCurve 4200vl series
  • ProCurve 5300xl series
  • ProCurve 5400zl series
  • ProCurve 6200yl series
  • ProCurve 6400cl series
  • ProCurve 6600 series
  • ProCurve 8212zl
  • ProCurve 9300m series
  • ProCurve Routing Switch 9408sl
  • ProCurve Wireless Edge Services xl Module
  • ProCurve Wireless Edge Services zl Module
  • ProCurve Access Point 530
Hitachi
  • GR4000
  • GS4000
  • GS3000
Juniper Networks
  • EX series
NEC
  • IP8800/R400 series
  • IP8800/S400 series
  • IP8800/S300 series

WhatsUp Gold Flow Monitor has the same base system requirements as WhatsUp Gold. In addition, WhatsUp Gold Flow Monitor requires:

  • WhatsUp Gold v15 or greater Premium, Standard, Distributed or MSP Edition
  • At least one networking device that support flow monitoring
  • SQL Server 2005 Standard or Enterprise Edition (recommended)

Note: WhatsUp Gold Flow Monitor is more demanding on the database than WhatsUp Gold. While WhatsUp Gold Flow Monitor can successfully use SQL Server 2005 Express, we recommend either MS SQL Server 2005 Standard or Enterprise Edition for best performance.

  • An additional 2 to 4 GB RAM recommended
  • 16 GB (required) to 22 GB (recommended) hard disk space for the databases
  • Note: If using Microsoft® SQL Server® 2005, the database size is limited by available hard disk space.

Webinars

Traffic Analysis Techniques For Flow and Non-Flow Networks

White Papers

The Essentials Series: Solving Network Problems Before They Occur
Relating personal experiences from his long history in IT, author Greg Shields offers a look at network integrations from SNMP to WMI to configuration control and reveals the necessity for a complete solution.