General
What is Network Performance Management (NPM)?
NPM leverages flow technologies such as sFlow, NetFlow v5/9, and IPFIX to gain insights into network performance, offering end-to-end visibility. This enables Network Administrators to proactively address network performance issues and identify top consumers of network devices and interfaces.
What is a Flow Exporter?
A flow exporter is a network device, typically a router or firewall, that collects and exports flow information to a flow collector.
What is a Flow Collector?
A flow collector is a device or server that receives, and processes flow information exported from flow exporters.
What flow technologies are supported by NPM?
NPM supports protocols such as sFlow, NetFlow v5, NetFlow v9, and IPFIX.
License Information
Is NPM available for evaluation?
Since NPM is compute and storage-intensive, it will be enabled based on customer requests. Please contact OpsRamp support to request this feature.
Installation
What are the prerequisites for installing NPM?
- Ensure that your network devices support one or more of the following protocols:
- sFlow
- NetFlow v5
- NetFlow v9
- IPFIX
- This feature is compatible with NextGen Gateway version 17.2.0 and above.
- SNMP Discovery needs to be configured to make network devices and their interface details available for selection.
- The gateway must be accessible by whitelisted network devices to receive the flow data.
- Whitelisted network devices should be configured to send or push flow data to the Collector.
How do I install the NPM Collector?
Refer to the NPM Collector installation documentation for more details.
What port numbers and whitelisted network devices are required for NPM?
To receive flows from whitelisted network devices, you need to configure the appropriate port numbers and ensure the devices are whitelisted.
Note
You can set the port range between 30100 and 32000. If this range is not feasible, update the node port range in K3s or contact the support team for assistance.Network Devices Monitoring
How can I view flow records generated by network devices?
You can view flow records by accessing the Network Performance Management dashboard and navigating to Infrastructure > Netflows. This section offers a visual representation of flow records, showcasing top conversations, applications, source endpoints, destination endpoints, and protocols.
What filters can I apply to flow records?
The Network Performance Management dashboard supports OpsQL, enabling users to analyze network data in detail and create customized dashboards.
What widgets are available in the monitoring dashboard?
- Top Conversations: Shows utilization between source endpoints and destination endpoints.
- Top Applications: Highlights utilization associated with predefined applications based on port numbers.
- Top Source Endpoints: Displays utilization metrics for source endpoints.
- Top Destination Endpoints: Provides utilization information for destination endpoints.
- Top Protocols: Offers utilization data related to different protocols based on protocol names.
- Unique IP Count: Counts the number of distinct IP addresses involved.
- Unique Port Pair Count: Counts the number of unique port pairs used.
- Total Bytes: Shows the total amount of data transferred.
How can I configure the retention period and size limit for flow records?
From the settings, you can configure the retention period by choosing the number of days from the drop-down list and setting a size or count limit for storing flow records.
Warnings and critical notifications will be triggered as the storage size nears the specified limits.
Note
By default, customers are allocated a 100GB quota, with a maximum supported retention period of 30 days.How many records can 100GB store?
A 100GB storage capacity can accommodate up to 800 million records, depending on the size of each individual record.
If records are inserted at a rate of 1,000 per second, how long will it take to fill 100GB?
If records are inserted at a rate of 1,000 per second, it will take approximately 222 hours (or 9.2 days) to fill 100GB.
How can I find out the total data usage, collector status, and current flow rate?
You can refer to the NPM data usage/health overview dashboard, which presents these metrics.
Technical Information
How do I configure NetFlow/sFlow on network devices?
Configuring sFlow on an Arista Device:
- Enter global configuration mode.
- Configure the sFlow agent.
- Specify the collector’s IP address and port.
- Define the sampling rate and enable sFlow on the desired interfaces.
- Save the configuration.
Example Configuration:
enable
configure terminal
sflow agent ip 10.0.0.1
sflow collector 10.0.0.2 6343
sflow polling-interval 30
sflow sample 1000
interface Ethernet1
sflow enable
write memory
How can I determine the number of flows my network device is generating?
The number of flows your network device generates depends on the configured polling interval. Additionally, the NPM Data Usage/Health Stats dashboard displays the flow rate metric. You can also set alerts to notify you whenever the flow rate exceeds 24,000 flows per second.
What metrics are available in NPM Health Stats?
NPM Health Stats provides the following metrics:
- NPM Collector Status: Indicates the status of the NPM collector.
- Flows Dropped Count: Represents the number of flows received from non-whitelisted IP addresses.
These metrics collectively provide visibility into network flow performance, collector status, and potential issues such as dropped flows from unauthorized sources.
Pricing
What is the cost of NPM ingestion size?
The pricing for NPM ingestion size is based on the same model as Logs pricing, with costs determined by event entitlement (storage cost per GB). For more details, please contact support team.
Sizing
What are the Gateway configurations?
Next Gen Gateway Default Recommendations:
Default Configuration: 4 Cores, 8GB RAM (gateway-capacity-parameters)
Can we use an existing NextGen gateway with version 17.2.0 and above?
A dedicated NextGen Gateway is recommended due to the compute and storage-intensive nature of NPM. However, you can use an existing Gateway running version 17.2.0 and above, provided you account for the traffic and load. Be aware that increased flows may impact existing monitoring performance.
What is the flow processing capacity of a single NPM collector?
A single NPM collector can handle up to 24,000 flows per second. If additional capacity is needed, it is advisable to deploy a new gateway with an additional collector. To process 24,000 flows per second, the NPM collector requires the following resources:
- CPU Usage: 2 CPUs
- Memory Usage: 2GB RAM
How are flows transmitted to the cloud?
- The gayeway collector transmits all received flows to the cloud using gRPC (HTTP 2.0) requests.
- Ensure that the firewall allows outbound gRPC traffic to the OpsRamp cloud.
- No additional external outbound or inbound ports need to be opened.
- The data is sent using the customer’s private branding URL (if configured) or the POD API URL.
What happens if the gateway (collector) to cloud communication link is broken?
Currently, the GW (Collector) does not retain offline data. If the communication link is disrupted, the flow data will not be stored. Offline data storage is being planned for future implementation.
I want to configure NPM. What are the next steps?
To configure NPM, follow these steps:
- Determine the Number of Network Devices: Identify how many network devices need to be configured for flow collection.
- Estimate Flow Generation: Find out the number of flows generated by each network device.
- Verify Gateway Requirements: Ensure that the Gateway meets the necessary requirements based on the above information.
- Contact Support: Reach out to support team with the collected details to enable the feature.
What is the maximum delay before the collected flows are visible in the UI?
The collected flows will appear on the dashboard within a maximum of 5 minutes.
Do we support setting up alerts based on filter criteria?
This feature is currently on the roadmap and planned for future development and implementation.
How can I determine if a selected whitelisted network device is not sending flows?
This feature is in the planning stage for implementation. In the meantime, you can use the NPM overview dashboard to monitor the number of flows per second being ingested by the collector.
What happens if the communication link between the gateway (collector) and the cloud is disrupted?
At present, the collector does not retain offline data.