KBI 310843 Hogs Training Document
Version
Argent for Topology all versions
Date
Tuesday, 25 Feb 2014
Summary
A training document on Argent for Topology
Technical Background
How can an administrator know who is consuming the bandwidth of the organization?
How can the specific user and machine be determined?
How can the consumption be classified into good and bad?
How can applications or devices that are consuming most of the bandwidth be determined?
Argent for Topology monitors and analyses network traffic by capturing NetFlow data from Cisco routers
The captured NetFlow data is analyzed and categorized to identify which users, applications, machines and departments are top consumers of bandwidth
Argent’s patented technology to pinpoint top users of bandwidth is a unique feature
Intelligent IP mapping, categorization of IPs from Very Good to Very Bad, country-wise traffic analysis and department-wise bandwidth utilization helps to solve network slowdowns proactively
(All strings “Very Good“, etc can be customized by the customer, as can Top X)
All data is presented using user-friendly charts in a slick, drag and drop, customizable Web User Interface (WUI)
Features of Argent for Topology
Live Bandwidth Analysis
Argent for Topology provides an option to analyze live bandwidth usage
An area graph displays the total bandwidth usage in the network for the past 15 minutes
The graph is plotted by usage in megabytes against time
Bandwidth Usage by User
Argent for Topology provides a facility for tracking bandwidth consumption by user
Top 5 users in the network using (stealing?) the bandwidth are then represented in Argent for Topology by a horizontal bar graph
The graph has users plotted against usage in megabytes
Smart Application Mapping
Argent for Topology provides a facility for tracking bandwidth consumption by application
Top 5 applications are then represented as a pie chart with each application in different colors and percentage of bandwidth consumption marked on each pie slice
Find Bandwidth Hogs
Argent for Topology provides a facility for tracking bandwidth consumption by hogs
The Top 10 Bandwidth Hogs shows just that and displays usernames, destinations, and usage in megabytes
Web Sites Consuming Most Bandwidth
Argent for Topology provides a facility for tracking bandwidth consumption by web site
Top 5 websites are then represented as a pie chart with each website in different colors and percentage of bandwidth consumption marked on each pie slice
Track Machines Eating Bandwidth
Argent for Topology provides a facility for tracking bandwidth consumption by IP address
Top 5 IP addresses are then represented as a bar graph of usage in megabytes against IP addresses
Find Devices Clogging Bandwidth
Argent for Topology provides a facility for tracking bandwidth consumption by device
Bandwidth consumption by device is tracked and the top 5 is listed along with packets in millions
Categorize Network Usage Intelligently
Argent for Topology provides a unique facility for tracking bandwidth consumption by category
Adding categories and assigning them to IP addresses is explained later in the document
Bandwidth consumption by category is tracked and the top 5 is represented as a pie chart with each category in a different color, and the percentage of bandwidth consumption marked on each pie slice
Bandwidth Analysis by Department
Argent for Topology provides facility for tracking bandwidth consumption by department
Adding departments and assigning them to IP addresses is explained later in the document
Department bandwidth consumption is tracked and the top 5 is represented as a pie chart with each department in a different color, and the percentage of bandwidth consumption marked on each pie slice
Differentiate Traffic To And From Various Countries
Argent for Topology provides facility for tracking bandwidth consumption by country
Adding Countries to IP addresses is explained later in the document
Bandwidth consumption by country is tracked and the top 5 is represented as a pie chart with each country in different color, and the percentage of bandwidth consumption marked on each pie slice
Configuration Tools
Argent for Topology provides a facility for tracking bandwidth consumption by country, conversation, device, web sites, user, department, IP address, application and category
These options are listed in the left column
Select the needed option from this list and add them one by one
A maximum of 6 options can be added at a time
The added options get listed in the second column
To delete any item from this list, select the item and click Remove
The added options get displayed in the Worldwide Dashboard screen
Remove any window by clicking the close button (X mark) on the top right corner of each window
Managing IP
IP details from traffic data are listed here; all columns in all admin screens can be sorted
Adding IP Addresses
To add an IP address, click the Add button
Specify the IP address, web site and country
Select the department and category from the respective combos
Click the Save button to save the details
Updating IP Addresses
To update any IP details, select the checkbox corresponding to that IP, and click Update
Make the necessary changes and save it
Updating Multiple IP Addresses
To update multiple IP details, select the checkboxes corresponding to those IP addresses, and click Update
Make the necessary changes and save it
Reverse DNS
In order to get the missing domain names, use the Reverse DNS facility
Click DNS Lookup button
The website and country details of the IP addresses will be listed
To add them to the database, click Add To Database
Managing Ports Details
Ports configured for different applications are listed here
Adding Ports
To add a port, click Add, and specify the port details and then save it
The added port gets listed in the above screen
Managing Departments
Departments configured are listed here
Entries specified here get listed in the Department combo of the Add IP Address screen
Adding Department
In order to add a department, click the Add button
Specify the department details and then save it
Newly added departments get listed in the above screen
Managing Categories
Categories are listed here
Entries specified here get listed in the Category combo of Add IP Address screen
Adding Category
To add a category, click Add
Mention the category details and then save it
Added categories get listed in the above screen
Default Reports Generated By Argent Reports
- Top N Applications
- Top N Conversation
- Top N Traffic Source By Country
- Top N Traffic Destination By Country
- Top N Traffic Destination By Domain
- Top N Protocols
- Top N Traffic Source By Department
- Top N Traffic Destination By Department
- Top N Traffic By Category
- Top N Receivers
- Top N Senders
- Individual Router Traffic Details
Installation And Architecture of Argent for Topology
ARGENT FOR TOPOLOGY consists of three components:
1 – Core Components
2 – Web User Interface (WUI)
3 – Thin HTTP Agent
A standard Argent Setup program enables Argent for Topology to be installed and operational in about 300 seconds
Configuration of the Cisco devices typically takes two hours
1 – Core Components
T34 Thin-Mother Service
The standard Argent T34 mother service spawns and monitors all NetFlow processes as its children
With no HTTP agent installed, Argent for Topology will list the IP addresses of the hogs such as IP Addresses
To see the specific users, an optional thin client – HTTP client – needs be installed on each Windows workstation
When the individual user logs in this thin client on the Windows workstation or desktop, it pipes the control information that enables Argent for Topology to map the IP address to the actual user and computer – this technology is unique to Argent
ARGSOFT_NETFLOW_COLLECTOR
This component captures NetFlow streams (version 9) from router and save it as disk files
It listens on a specific UDP port for NetFlow streams
The output files are the input for ARGSOFT_NETFLOW_PARSER
ARGSOFT_NETFLOW_PARSER
This component reads the above output files created by ARGSOFT_NETFLOW_COLLECTOR and translates and analyzes NetFlow streams
ARGSOFT_NETFLOW_COPIA_DB_WRITER
This component writes to the database using COPIA
2 – Web User Interface (WUI)
Users can see network bandwidth usage based on different categories such as IP address, user, country, application, top 10 conversations, top 5 websites etc
3 – Thin HTTP Agent
This unique facility enables the Argent for Topology to identify the user who is currently logged in the installed node
Each monitored node contains the agent
Agent will notify the current logged in user using HTTP
This is a patented technology from Argent, invented by Argent
This facility places Argent for Topology ahead of all competitors
System Requirements for Core Components and Web User Interface (WUI)
Hardware
| CPU | 3GHz or faster, dual processors with dual cores |
| RAM | 3GB or more |
| Hard Drive Space | 5GB or more, RAID 0, 1, 23, or 10; other RAID or SAN configurations are not recommended |
Software
| Operating System | Windows 2008 Server or Windows 2003 Server |
| Web Server | Microsoft IIS, version 6.0 and later |
| Web Console Browser | Microsoft Internet Explorer version 9, or Chrome, or Firefox 3.5.7 or later |
SQL Server Software Requirements
| Operating System | Windows 2008 Server or Windows 2003 Server |
| SQL Server | SQL Server 2005 SP1 Standard or Enterprise |
| SQL Server 2008 Standard or Enterprise |
System Requirements for Unique Thin HTTP Agent
Software
| Operating System | Windows 2000 Server, or Windows XP, or Windows 2003 Server, or Windows 2008 Server or Windows 7 |
Requirements for NetFlow Devices
All Cisco devices using NetFlow version 9 are supported, specifically:
- Cisco 2600 series
- Cisco 3600 series
- Cisco 3600 series
- Cisco 7100 series
- Cisco 7200 series
- Cisco 7300 series
- Cisco 7400 series
- Cisco 7500 series
- Cisco 12000 series
Some of the major vendors supporting NetFlow include:
- Alcatel
- Enterasys Networks
- Foundry Networks
Enabling NetFlow in Cisco Routers
Cisco Router Configuration
Step 1: Logon to Cisco Router using Telnet
Router: enable
Router: configure terminal
Router(config)# ip flow-export version 9
Router(config)# ip flow-export destination <IP Address> <Port>
Router(config)# ip flow-cache timeout active 1
Step 2: Go To LAN Interface
Router(config) # interface gigabitEthernet 0/0
Router(config-if) # ip flow ingress
Router(config-if) # ip flow egress
Sample
Router: enable
Router: configure terminal
Router(config)# ip flow-export version 9
Router(config)# ip flow-export destination 192.168.1.123 3110
Router(config)# ip flow-cache timeout active 1
Here 192.168.1.123 is the node in which the core modules are installed
The listening port for the NetFlow data is 3110
Frequently Asked Questions
Can One Instance Of Argent For Topology Collect Data From Many Routers?
Yes
Argent for Topology’s unique design means one core module can collect data from multiple routers simultaneously
How Is A New Router Added To Argent For Topology?
Argent for Topology automatically discovers routers to monitor
Simply ensure the router(s) are sending NetFlow data to the specified port for Argent for Topology
The Router Has Been Set To Export Netflow Data, But Nothing Appears On The Dashboard
- Check if NetFlow is enabled on the device, and that it has started sending flows
- Ensure the router is exporting NetFlow data to the port on which Argent for Topology is listening
- Ensure the router is exporting NetFlow version 9 data
Which Versions Of Netflow Does Argent For Topology Support?
Argent for Topology supports all versions of NetFlow v9
How Can The Details Of Usage For Top Users Be Found?
Argent for Topology has a drill down feature for retrieving details of bandwidth usage by a specific user
Simply double-click on the chart for a particular user to see the detailed site wise usage of that user
Resolution
N/A
