Re: How can I see traffic throughput

Greg Maaaag · ‎01-18-2013

Hello!

We have 15 small branches with cisco 881w in every office, they use VPN site-to-site to vpn-concentrator on Vyatta.

I launched cacti monitoring of cisco 881's CPUs Errors, Traffics, NOn-unicast, Unicast.

I see that on 10.00 pm in one brunch when nobody works there, CPU load reaches 50% and traffic rizes up to 9mb\s

How can I see what's going on there? Is there any session monitor or some service for this?

Phillip Remaker · ‎01-18-2013

Netflow is probably the best tool to use for analyzing the traffic.

Greg Maaaag · ‎01-18-2013

thanks for your answer!

is netflow load cpu very much?

g.agarwal1612 · ‎01-18-2013

HI ,

Please try and use netflow ip top-talkers to see the ip protocols utilization :

http://www.cisco.com/en/US/docs/ios-xml/ios/netflow/configuration/12-4t/cfg-nflow-top-talk.html#GUID-824723EE-2551-4D64-9E0B-F5DF065C83B9

1. enable

2. configure terminal

3. ip flow-top-talkers

4. top number

5. sort-by [bytes | packets

6. cache-timeout milliseconds

7. end

Regards,

G

g.agarwal1612 · ‎01-18-2013

See the output

using

SH ip flow-top-talkers command

Greg Maaaag · ‎01-19-2013

Thanks!

I started top-talkers, it shows statistics.

Is it possible to see what packets did go through cisco, for example, at 6.00 pm on 19.01.2013?

I turned on ip flow, i launched ManageEngine Netflow but it shows average statistics:(

g.agarwal1612 · ‎01-21-2013

Hi ,

Please sne me the outpout of following when you see high CPU

show ip traffic

show proc cpu sorted

show proc cpu history

show ip cef switching statistics feature

show run

sh ver

show log

And let me know if you see this issue on a specific time of a day or is it random? do you have any bacth updates going on in you netwrok.

On netflow analyzer there should be an option to fetch data quickly and show instantaneou flows instead of average .

G

Greg Maaaag · ‎01-26-2013

thank you for your answer!

the issue goes at random time, vpn tunnels go down, and clients loose internet connection but ip sla show that it's ok with echo icmp pakets to our vpn concentrator, our AD and next-hop....

Can you please suugest and good netflow analyzers? Is there any popular or "best practice" software?

Jernej Vodopivec · ‎01-26-2013

There are plenty of them.
For example: Scrutinizer (limited free edition also, Plixer), NetFlow Traffic analyzer (Solarwinds), WhatsUp Gold NetFlow Monitor...
ntop is good open source solution (GPL license).

Greg Maaaag · ‎01-26-2013

i've tried for a few days ManageEngine Netflow Analyzer, yes, it can draw nice graphs for directors but, for example, i have a call that lost connectivity in one our branch with 1941 in the edge, i see that snmp can monitor it, cpu up to 20-30%, taffic about 30mb\s of ISP's 50mb\s channel, ip sla echo icmp on cisco to next-hop, to our vpn-concentrator and to google dns shows no errors and I can't get it, why tunnels go down and thin clients turn off and all voip telephony which uses external asterisk server.

I go to ManageEngine Netflow analyzer but it just shows statiscis and i can't see in it sessions at the moment of this problem and I dont actually know what to do...

Don Jacob · ‎01-30-2013

NetFlow data can give you only bandwidth information on a per interface basis. I believe you need to monitor each VPN sessions when the CPU goes high as well as the bandwidth and try to drill down to the root cause. My suggestion will be adding an SNMP based monitor like ManageEngine OpManager to your NetFlow Analyzer or use SolarWinds NPM and NetFlow. Here is some info I found, though it talks about Cisco ASA.

http://thwack.solarwinds.com/thread/24990

Regards,

Don Thomas Jacob

www.netflowanalyzer.com

NOTE: Please rate posts and close questions if you have got the answer.

Regards, Don Thomas Jacob http://www.solarwinds.com/netflow-traffic-analyzer.aspx Head Geek @ SolarWinds NOTE: Please rate and close questions if you found any of the answers helpful.