IP Group Management
The IP groups feature lets you monitor departmental, intranet or application
traffic exclusively. You can create IP groups
based on IP addresses and/or a combination of port and protocol. You can
even choose to monitor traffic from specific interfaces across different
routers. After creating an IP group, you can view
the top applications, top protocols, top hosts, and top conversations
in this IP group alone.
This section will help you understand IP Groups and walk you through the
steps needed to create and later delete an IP group if needed.
Understanding IP Groups
To further understand how the IP grouping feature can help in understanding
exclusive bandwidth usage, consider the following two scenarios:
Enterprise Network Scenario
A typical enterprise setup where the main servers and databases are
located at a central office, and all branch offices are given appropriate
access privileges to these servers.
Problem: You need to track bandwidth used by each
branch office while accessing an ERP/CRM application
Solution: Create an IP group
for each branch office, along with the port and protocol of the ERP/CRM
application running in the central office.
The traffic reports for each IP group will then show details on bandwidth
used by the branch office while working with the ERP/CRM application.
This information is very useful during traffic accounting and usage-based
billing.
End Note: If the IP addresses in the branch offices
are NATed (network address translated) by the web server, you can view
overall bandwidth usage for the branch office, but not that of individual
hosts within the IP group.
Campus Network Scenario
A typical campus network with several departments. Here IP addresses
are usually not NATed by the web server.
Problem: You need to analyze bandwidth used by each
department
Solution: Create an IP group
for each department (IP address or address ranges), without specifying
any port/protocol values.
The traffic reports for each IP group will then show bandwidth usage
by that department along with information on top talkers, and top conversations
within that department.
Defining IP Groups
IP groups can be defined based on IP address and/or port-protocol combinations.
In addition, you can filter IP group traffic based on interfaces. The
following matrix shows the different combinations possible, along with
a typical example usage for each combination.
| Combination |
IP Address |
Port/Protocol |
Interfaces |
| IP Address |
View bandwidth details for a range of IP addresses. |
View Web (80/TCP, 80/UDP) traffic details for a range of IP addresses. |
View bandwidth details across multiple interfaces, for a range of
IP addresses. |
| Port/Protocol |
View Web (80/TCP, 80/UDP) traffic details for a range of IP addresses. |
View Web (80/TCP, 80/UDP) traffic generated across the network |
View Web (80/TCP, 80/UDP) traffic generated across multiple interfaces. |
| Interfaces |
View bandwidth details across multiple interfaces, for a range of
IP addresses. |
View Web (80/TCP, 80/UDP) traffic generated across multiple interfaces. |
[ Not possible ] |
Creating an IP Group
The IP Group Management link in the Admin Operations
box lets you create, modify, and delete IP groups. Click this link, and
then click Create to create a new IP group. Fill in the
following information and click Add to add the new IP
group to the current list of IP groups.
| Field |
Description |
| IP Group Name |
Enter a unique name to identify this IP group |
| IP Group Description |
Enter descriptive information for this IP group to help other
operators understand why it was created. |
| IP Group Based on |
Select whether you want to define this IP group based on IP address
or port-protocol combination. If you want to define the IP group based
on both IP address and port-protocol, select both options. |
| Specify IP/IP Range/Network |
Select the IP address, address range, or network that this IP group
is based on. Use the Add More option to add additional specifications. |
| Include/Exclude |
Include option includes the particular the IP address, address range, or network.
Exclude option excludes the particular the IP address, address range, or network. |
| Associated Interfaces |
If you need to filter this IP group further, based on devices or different
interface combinations, click the "Select Devices" link and select the different devices and interfaces
whose traffic needs to be included in this IP group. |
| IP Group Speed |
Enter the interface speed (in bits per second) for calculating percentage
of traffic for this IP group. |
 |
If you add a new combination of ports and protocol,
a popup opens stating that this combination of ports and protocol
has not been mapped to any application. Add the combination as a new
application in the same popup, and click Update to
update the Application Mapping list
with the new application. |
Managing IP Groups
Click the IP Group Management link in the Admin
Operations box to view the list of IP groups created so far. The current status of the IP Group is also shown as  or  .
Select the IP group that you want to modify, and click the Modify
button to edit its settings. Once you are done, click Add to save and activate the new changes. To change a IP group's status from Enabled to Disabled or vice-versa click on the current status of the IP Group. It is possible to Enable or Disable all the IP Groups at once by using the "Enable All" and "Disable All" buttons.
To delete an IP group, select the IP group and click the Delete
button. Deleting an IP group removes the IP group from the list of IP
groups managed. All users assigned to this IP group will not see this
IP group listed on their Dashboard.
|
Unmanaging an IP group will lead to bill generation for the particular IP group, IF that IP group has been selected for billing. |
Bulk loading IP Groups
NetFlow Analyzer allows bulk loading of IP group using the XML file(ipGroup.xml) contained in the location: AdventNet\ME\NetFlow\troubleshooting. using this file it is possible to define multiple IP groups at once. A sample configuration code looks like:
<IPGroups ip_group_name="Engineering" ip_group_desc="description in detail" ip_group_speed="1000000">
<GrpIPAddress addr_id="12.12.12.12" flag="include"/>
<GrpIPNetwork netmask_addr_id="255.255.255.0" network_addr_id="12.12.13.0" flag="include"/>
<GrpIPRange netmask_addr_id="255.255.255.0" start_addr_id="12.12.14.1" end_addr_id="12.12.14.100" flag="exclude"/>
<ApplicationNames port="80" protocol="TCP"/>
<Selected_Devices>
<Router Router_Name="192.168.111.113">
<Interface interface_name="IfIndex1" />
<Interface interface_name="IfIndex3" />
</Router>
</Selected_Devices>
</IPGroups> |
Within this configuration it is possible to have any number of GrpIPAddress or GrpIPNetwork or GrpIPRange or ApplicationNames with Inteface selection.
It is also possible to add specific criteria/exceptions to the group definition such as:
- configuring an IP group with just one network
- configuring an IP group with just one address
- configuring an IP group with just one range
- configuring an IP group with just port and protocol
The user has to ensure that an IP group with the same name does not already exist and that the IP group name does not exceed 50 characters.
If all the IP groups are loaded succesfully, you can see the message "All ipgroups are succesfully loaded" in the User Interface. If you try to load the same IP groups twice, you can see the message "Error in loading. IPGroup with name ':grp1' Already exists." in the User Interface. If there is no such file in the directory, you can see the message "NETFLOW_HOME\troubleshooting\ipGroup.xml is not found." in the User Interface.
After adding the IP group(s) it is possible to selectively include/exclude a IP Network/ IP Address/ IP Range from the user interface of the product.
Copyright © 2004-2008 AdventNet,
Inc. All Rights Reserved. |
Download
|
Website
| 
Forums
| 
Live
Demo 
