General Product Information
What is Caligare Flow Inspector?
What is NetFlow?
What are the different versions of NetFlow available?
How is NetFlow different from traffic analyzers like MRTG™?
Is Cisco the only vendor supporting NetFlow?
License Information
Is a trial version of Caligare Flow Inspector available for evaluation?
Does the trial version have any restrictions?
Do I have to reinstall Caligare Flow Inspector when moving to the full version?
How many users can access Caligare Flow Inspector simultaneously?
How do I buy Caligare Flow Inspector?
Installation
What are the recommended system requirements for Caligare Flow Inspector?
How can I tune the database for better performance?
Configuration
My device has been set up to export NetFlow data, but I still don't see it on the Status->Collectors page. Why?
There seems to be a time difference between the router and the server. What should I do?
What happens if I send NetFlow packets other than version 1,5,6,7 or 9 to Caligare Flow Inspector?
Reporting
Why are the graphs empty?
How long do I have to wait before the graphs are populated?
Why are only the top 10 values shown in the reports? Can I get a more detailed report?
The graphs show only IN traffic for an interface, although there is both IN and OUT traffic flowing through that interface. Why's that?
Why are some interfaces labeled as IfIndex2, IfIndex3, etc.?
What is Caligare Flow Inspector?
Caligare Flow Inspector is a web-based bandwidth monitoring and traffic analysis tool that uses
Cisco NetFlow to provide detailed reports on network traffic. Caligare Flow Inspector helps IT
administrator answer the who, what, when, where, and how of bandwidth usage.
What is NetFlow?
Cisco® NetFlow technology is an embedded feature within Cisco IOS devices. NetFlow data records
consist of information about source and destination addresses, along with the protocols and
ports used in the end-to-end conversation. Caligare Flow Inspector uses this information to
generate graphs and reports on traffic patterns and bandwidth utilization.
What are the different versions of NetFlow available?
Version 1 is the original format supported in the initial NetFlow releases, while version
5 is the standard and most common NetFlow version deployed. Version 5 is an enhancement
that adds Border Gateway Protocol (BGP) autonomous system information and flow sequence
numbers. Version 6 is similar to version 7. This version is not used in the new IOS
releases. Version 7 is an enhancement that exclusively supports NetFlow with Cisco
Catalyst 5000, 6500 and 7600 series switches. Version 8 is an enhancement that adds
router-based aggregation schemes. It was introduced to reduce resource usage, and
includes a choice of eleven aggregation schemes. Version 9 is an enhancement to support
different technologies such as Multicast, Internet Protocol Security (IPSec), and Multi
Protocol Label Switching (MPLS). Versions 2, 3 and 4 either were not released.
Caligare Flow Inspector currently supports NetFlow versions 1,5,6,7 and 9.
How is NetFlow different from traffic analyzers like MRTG™?
MRTG and other such equivalent tools provide information that is limited to interface
statistics. Such tools cannot give application-level details such as hosts, protocols,
and conversations, which are an inherent part of IP traffic. NetFlow traffic statistics
are much more detailed, offering in-depth and fine-grained bandwidth analysis.
Is Cisco the only vendor supporting NetFlow?
NetFlow technology was invented by Cisco, and Cisco IOS devices offer NetFlow compatibility.
There may be other vendors offering NetFlow support on their devices. However, Caligare
Flow Inspector has been tested to support NetFlow-enabled Cisco devices only.
Contact Caligare Support for further details.
Is a trial version of Caligare Flow Inspector available for evaluation?
Yes. A 30-day free trial version of Caligare Flow Inspector can be downloaded
on the: http://www.caligare.com/netflow/trial.php.
Does the trial version have any restrictions?
The trial version is a fully functional version of Caligare Flow Inspector, with
this limitation: your monitoring results will be displayed in two minutes.
The trial version is available for download on the:
http://www.caligare.com/netflow/download.php.
Do I have to reinstall Caligare Flow Inspector when moving to the full version?
No. You do not have to reinstall or shut down the server. You just need to enter the new
license key in the menu Help->License key of the Caligare Flow Inspector web interface.
How many users can access Caligare Flow Inspector simultaneously?
This depends only on the capacity of the server on which Caligare Flow Inspector is
installed. The Caligare Flow Inspector license does not limit the number of users
accessing the application at any time.
How do I buy Caligare Flow Inspector?
You can order Caligare Flow Inspector from Caligare web pages
(http://www.caligare.com/netflow/offer.php).
What are the recommended system requirements for Caligare Flow Inspector?
- 2.8 GHz Pentium 4
- 1 GB MB RAM, DDR 333 or 400 MHz
- 80 GB HDD with ultra ATA or in better choice SCSI disk
- video card
- fast ethernet LAN
- CD-ROM
- Linux OS
Traffic volume | Processor | RAM |
Up to 100Mbps | 1.7 GHz | 512 MB |
100Mbps - 2Gbps | 2.4 GHz | 1 GB |
2Gbps - 10Gbps | 3.4 GHz | 2 GB |
10Gbps - 40Gbps | 2 * 3.4 GHz | 4 GB |
40Gbps - 100Gbps | 4 * 3.4 GHz | 4 GB |
How can I tune the database for better performance?
The database parameters are tuned for systems with 1 GB RAM (for ISO CD images).
If you have higher RAM, please change the following in the "my.cnf" MySQL configuration
file under /etc/mysql or /etc directory.
- For a machine running with 512 MB of RAM, you can set these to:
key_buffer=128M table_cache=1024 sort_buffer=64M read_buffer=2M record_buffer=4M
- For a machine running with 1 GB of RAM, you can set these to:
key_buffer=256M table_cache=2048 sort_buffer=128M read_buffer=2M record_buffer=8M
- For a machine running with 2 GB of RAM, you can set these to:
key_buffer=512M table_cache=3072 sort_buffer=256M read_buffer=2M record_buffer=8M
- For a machine running with 4 GB of RAM, you can set these to:
key_buffer=1G table_cache=4096 sort_buffer=512M read_buffer=2M record_buffer=8M
Note: Please take a back up of this file before you make any changes. In case you
are uncomfortable making these changes, please send a mail to support@caligare.com
so that we can assist you in doing this.
My device has been set up to export NetFlow data, but I still don't see it on
the Status->Collectors page. Why?
There are a number of things you can check here:
- Check if NetFlow is enabled on the device, and that it has started sending
flows. (http://netflow.caligare.com/configuration.htm)
- Check if your device is exporting NetFlow data to the port on which
Caligare Flow Inspector is listening.
- Check if the device is exporting supported NetFlow version data. Flows with any
other version will be discarded. On a Linux console run the following command:
less /var/log/syslog | grep nfc
There seems to be a time difference between the router and the server. What should I do?
Caligare Flow Inspector stamps the flows based on the router time. It is therefore important
to ensure that the time on the router is set properly. Netflow collector can handle routers
from different time zones automatically, provided the correct time is set.
In case you see this, please ensure the following on the router:
- Check if the correct time is set on your router. You can check this by logging in to
the router and typing: show clock. You can set the clock time using the command:
clock set hh:mm:ss month date year
- Check if the time zone and the offset (in Hours and Minutes) for the time zone is
set properly (i.e. PST -8 00 for PST or EST -5 00 for EST). You can check this by logging
in to the router, going into the configure terminal and typing show running-config.
You can set the clock time zone and offset using the command:
clock timezone zone hours [minutes] (i.e. clock timezone PST -8 00)
- Check if the correct time is set on your collector server. You can check this by logging
in to the Linux server and typing: date. You can set the clock time using the command: date MMDDhhmmYY,
where MM is a month, DD is a day and YY is a year.
What happens if I send NetFlow packets other than version 1,5,6,7 or 9 to Caligare Flow Inspector?
Caligare Flow Inspector supports only version 1,5,6,7 and 9 exports. If NetFlow packets with any
other version number are received, you will get a message in the syslog file that says:
"unsupported netflow v8 exported from …". Caligare Flow Inspector will ignore these packets
and you cannot see any graphs or reports for the same. You can also see incrementing counter
"Dropped packets due to unsupported netflow version" in the Status->Collectors page.
Why are the graphs empty?
Graphs will be empty if there is no data available. If you have just installed
and configured Caligare Flow Inspector, wait for at least 1 minute to start seeing
graphs. If you still see an empty graph, it means no data has been received by
Caligare Flow Inspector. Check your router settings and Status->Collectors page in that case.
How long do I have to wait before the graphs are populated?
Initially, when Caligare Flow Inspector has just been installed, wait for at least
one minute to start viewing traffic graphs. Later, graphs are populated as and when
NetFlow data is received. This can be changed by setting a different export time
interval on the router.
(http://netflow.caligare.com/configuration.htm)
Why are only the top 10 values shown in the reports? Can I get a more detailed report?
Caligare Flow Inspector shows the top 10 values in all reports by default. You can view next top
10 results by click on the next button. If you want to view all records, you can use menu
Data->Search and export results to the CSV file.
The graphs show only IN traffic for an interface, although there is both IN and
OUT traffic flowing through that interface. Why's that?
NetFlow traffic accounting is ingress by default, which means that NetFlow accounts
for only IN traffic across an interface. Hence, to see both IN and OUT traffic graphs
for an interface, you need to enable NetFlow on all the interfaces through which
traffic flows. Some IOS version also supports accounting of egress traffic. For example
this feature can be used if you using edge router where one interface is connected
in to your LAN and the second one is interface with encrypted traffic (crypto map).
Why are some interfaces labeled as IfIndex2, IfIndex3, etc.?
This happens if the interfaces did not respond to the SNMP requests sent by Caligare
Flow Inspector. If the interface is up, then the SNMP settings of the interface may
have been set incorrectly.
Got more questions? Check out the
Caligare Flow Inspector Support Forum.
|