The SolarWinds NetFlow Traffic Analyzer (NTA) might well be called the Network Traffic Analyzer since it handles not just the original Cisco NetFlow but many of its variants from other manufacturers, as well as NetFlow’s primary alternative, sFlow. (That’s why we covered NTA in our review of sFlow collectors and analyzers.)
NTA is not a standalone tool, but rather a module that can be added to SolarWinds’ Network Performance Monitor (NPM). The combination of these two modules create a complete network monitoring software package. NTA and NPM integrate with the rest of SolarWinds’ Orion platform tools, such as the Network Configuration Manager.
NTA collects interface-level flow data and Cisco Class-Based Quality of Service (CBQoS) data, combining them with performance data that NPM collects from SNMP, WMI, and other sources. It processes the data to produce interactive graphs and customizable reports, giving you “one pane of glass” visibility into your network’s status and its historical behavior.
NPM and NTA offer you a wide range of sophisticated facilities for managing multi-vendor networks: bandwidth monitoring, traffic analysis, performance analysis, alerts, customizable reports, policy optimization, etc. NTA and NPM are available in a 30-day fully-functional trial, and pricing depends on the number of network elements you’ll be monitoring.
MORE INFORMATION ON THE OFFICIAL SOLARWINDS SITE:
A bandwidth monitor and traffic analyzer primarily helps you to detect and troubleshoot network problems, and to identify traffic patterns and trends so you can adjust policies and plan network changes.
What are NTA’s particular strengths?
Monitoring bandwidth use
NTA identifies the users, applications, protocols, and IP address groups consuming the most bandwidth, as well as tracking conversations among internal and external endpoints.
Bandwidth monitoring and root cause identification is enhanced by using Cisco NBAR2 (next-generation Network-Based Application Recognition) to help identify common applications and application categories; Cisco WLC (Wireless LAN Controller) traffic monitoring to track the applications and users consuming wireless bandwidth; and the SolarWinds User Device Tracker to identify bandwidth hogs and their locations.
Analyzing traffic patterns
NTA collects traffic data, correlates it, and presents it in its web console. NTA can provide one-minute granularity and analyze historical data over months, days, and minutes. It supports drilling down to individual devices and interfaces.
The PerfStack performance analysis dashboard lets you drag and drop performance metrics onto a common timeline so you can visually correlate network behavior across stacks and more quickly find root causes.
CBQoS policy optimization
When you depend on services like VoIP and cloud applications, intelligently prioritizing and managing traffic becomes critical. NTA lets you compare the effectiveness of pre- and post-policy traffic levels to determine if your QoS policies are working and prioritized traffic is flowing as planned.
Bandwidth capacity planning
Your capacity planning can be more insightful when you can see what your bandwidth utilization patterns are and identify key consumers. Reviewing history lets you identify patterns of peak usage. You can then adjust policies, forestall outages, and avoid buying additional bandwidth when it’s not needed.
As mentioned above, NetFlow Traffic Analyzer is an add-on module for the SolarWinds Network Performance Monitor. NTA uses NPM’s database and node management facilities.
NPM and NTA, as well as the other major tools in SolarWinds’ network management suite, are built on a common backend, Orion. Orion provides the unified user interface, centralized administration and access control, and shared functionality for navigation, settings, alerts, and reports.
NTA and NPM run on Windows. They are enterprise-grade packages, so even the 30-day free trial demands considerable resources on your system.
For production use in all but the smallest shops, SolarWinds recommends three servers:
- A Windows Server Orion app server (also called the main poller) hosts the web console and does data collection.
- A SQL Server Orion Database Server stores collected performance, log, and configuration data.
- A SQL Server Flow Storage Database stores the flow data.
SolarWinds specifies system requirements and best practices for good performance and best results. Recommendations for OS version, CPU speed and number of cores, amount of RAM, NIC speed, and disk-array configuration vary depending on the number of network elements being monitored (from less than 1,000 up to greater than 6,000). However, NTA itself is sufficiently demanding that an NTA install should always be treated as a large installation.
For larger networks still, you can scale up further by adding more servers as additional polling engines.
Installation of the NetFlow Traffic Analyzer is straightforward – once you have the prerequisites in place. As mentioned above, for a production environment the recommendation is for three semi-dedicated servers with adequate hardware and certain system software pre-installed.
Since NTA is a module of NPM, you must install NPM first. Once unzipped, the installer checks for prerequisites, installs missing system software and then launches the configuration wizard. The wizard will guide you through providing the needed information, and then performs auto-discovery of the devices on your network.
Discovery will be most useful if the devices you want to monitor have already been configured to answer queries for metrics and periodically export flow data. So you should enable SNMP and WMI on the network devices and hosts of interest. And you’ll want to enable the flow protocols supported by the devices of interest so they send flow data to NTA.
On NPM (and NTA), once discovery is complete, you need to select which of the now-known devices you want to import into the Orion database and begin monitoring. SolarWinds recommends you start with a limited number of key devices and servers, and then expand as indicated. (You can always see the list of known devices via navigating to My Dashboards > Network > Network Summary.)
Once NPM is installed, you install NTA on the Orion app server following the same pattern. There is a manual step to move the flow storage database to its own server.
The key configuration task is populating NPM and NTA with the list of devices to be monitored, which takes place during installation, described above.
For best performance and results from monitoring, SolarWinds provides guidelines for best practices about where on your network you should be capturing flow data and how to configure storage and retention.
Daily use of NPM and NTA involves detecting and troubleshooting network problems and identifying patterns and trends in network traffic. This is done via web console views, alerts, and reports. (SolarWinds provides a live demo of NTA to try out the interface.)
In the web console, the initial view includes a list of tabs. The Home and Network tab are contributed by NPM; other tabs come from installed modules, such as NetFlow from NTA. Each tab lists multiple views – pages you can visit – which use graphs, tables, and text to show details and statistics about the monitored elements of your network.
In the various views, network elements are color coded. A red or partially red element needs attention; a yellow one has a warning. Also, the various Top 10 lists (Network Top 10, Top 10 Interfaces by Percent Utilization, Top 10 Errors and Discards Today, etc) quickly highlight elements in your network that have health issues. The Top Talkers lists are particularly useful for spotting incipient bandwidth problems.
The default view for NTA contains multiple sections like Top 5 Applications, Top 5 Endpoints, Top 5 Conversations, Top 10 Sources by % Utilization, etc.
Graphics are interactive. Hovering over an element produces a popup with details about it. You can quickly filter out clutter to focus on relevant types of data and time ranges of interest. Such customized views can be saved for reuse.
Alerts – both predefined and custom ones you have added – are triggered when a problem is detected. A node going down is a predefined alert; alerts can also include things like an interface going down or becoming overloaded.
Triggered alerts show up in the Active Alerts section of the initial view. They can also be sent to you by email or SMS text or other means, based on your alert configurations. You can specify that an alert message should include relevant network status information and links to relevant views in the web console.
For bandwidth, the ability to tailor alerts is particularly useful. You can adjust the thresholds for receive and transmit percent utilization to be notified of problems such as bandwidth hogs.
When investigating an element or alert, you can drill down into it in the view to get more detailed status and metrics. These help determine if this is a momentary problem or a persistent issue and help identify the root cause.
When a particular interface becomes a concern you can examine its details. You can also use Flow Navigator filters to create a custom view that focuses on devices, applications, and time periods of interest.
NTA makes it easy to identify the users, applications, and protocols consuming the most bandwidth. You can sort by ports, source, destination, and protocols, and view traffic patterns over minutes, days or months.
There’s an array of predefined reports, and facilities to create custom reports, that process flow data into charts and tables showing how the network is being used and how that’s changing over time. You can schedule reports to be automatically run and delivered. Predefined reports such as “Average and Peak Traffic Rates – WAN Interfaces Last 7 Days” show what useful information can be obtained to help bandwidth capacity planning.
Rival network monitoring software
The main competitors to the SolarWinds NetFlow Traffic Analyzer are the WhatsUp Gold Network Traffic Analysis add-on and the Paessler PRTG network monitor. Here is a short review that compares the attributes of these three packages.
The configuration of WhatsUp Gold’s network monitoring software is much closer to that of the SolarWinds deal. In both cases, you buy a network performance monitor first and that monitors your network devices. ON top of that, you buy a traffic analysis module. In both cases the two modules are written on a common platform and so integrate seamlessly. In the case of PRTG, you get a combined network, server and applications monitor, which includes bandwidth analysis straight out of the box. The Paessler system can be tailored because it is charged on the number of sensor that you activate. If you are not interested in server and application monitoring, you just don’t turn those sensors on and so then you end up with a combined network performance monitor with bandwidth analysis.
Take a look at the table below to see the network device messaging systems with which each of these rival tools can interact:
Paessler also has a custom packet sniffer sensor, which will aide you in bandwidth monitoring tasks.
All three of these network monitoring software packages include traffic testing measures such as Ping and Traceroute. The three packages also include quality of service and traffic shaping methodologies, which are shown in the table below:
Methodology SolarWinds (FREE TRIAL) WhatsUp Gold (FREE TRIAL) Paessler (FREE TRIAL) Quality of Service (QoS) Yes Yes Yes Class-Based QoS (CBQoS) Yes Yes Yes NBAR No Yes No NBAR2 Yes No No Wireless LAN Controller (WLC) Yes Yes Yes IP SLA Yes Yes Yes
All of these packages are able to monitor VLAN traffic and queue prioritization algorithms. They are all also capable of extending monitoring and bandwidth tracking over the internet to include Cloud service and remote sites in the monitor’s view.
All three of these network monitoring software packages include analysis function and delivery stack visualizations to help you isolate the source of performance problems.
NetFlow Traffic Analyzer is powerful though not self-contained
The SolarWinds NetFlow Traffic Analyzer is a very capable tool.
The key factor to consider is that NTA is not self-contained, but rather a module of a larger system which it presumes and leverages. If you already have a non-SolarWinds network management infrastructure in place, you can’t simply add NTA to it; choosing NPM and NTA is a commitment to SolarWinds Orion.
NTA integrates well into that larger system. The rich toolsuite offers a lot of ability to add other tools as needed, as well as the scalability to grow with your network. If you have – or expect to grow into – a large and sophisticated network environment, NPM and NTA make a lot of sense.
Networking Earth by Geralt, licensed under Creative Commons CC0.
Orion architecture diagram from NetFlow Traffic Analyzer Getting Started Guide.