monitoring your netscaler traffic with appflow n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Monitoring your NetScaler Traffic with AppFlow PowerPoint Presentation
Download Presentation
Monitoring your NetScaler Traffic with AppFlow

Loading in 2 Seconds...

play fullscreen
1 / 46

Monitoring your NetScaler Traffic with AppFlow - PowerPoint PPT Presentation


  • 392 Views
  • Uploaded on

Monitoring your NetScaler Traffic with AppFlow. Dale McCoon. Senior Technical Support Engineer SUM308 – Monitoring your NetScaler Traffic with AppFlow. May 8 th , 2012. Tweet about this session with hashtag #SUM308 and #CitrixSummit. Agenda.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Monitoring your NetScaler Traffic with AppFlow' - len-lynn


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
monitoring your netscaler traffic with appflow
Monitoring your NetScaler Traffic with AppFlow

Dale McCoon

Senior Technical Support Engineer

SUM308 – Monitoring your NetScaler Traffic with AppFlow

May 8th, 2012

agenda
Agenda
  • Why Open Source Application visibility is important
  • How AppFlow works
  • Configuring Appflow on the NetScaler
  • Interpreting the collected data

#CitrixSummit

common monitoring issues faced by administrators
Common Monitoring Issues Faced by Administrators
  • Decentralized infrastructure makes monitoring difficult
  • Multiple vendors offering different non-interoperable solutions
  • Proprietary technologies decrease flexibility
  • Bulky Agent software increases management overhead
  • Network taps are expensive and impractical in the Cloud Era

#CitrixSummit

the appflow solution
The AppFlow Solution
  • More and more applications are moving to the Cloud
  • Open Source Standard allows for homogeneous infrastructure
  • Vendor lock in is no longer a concern
  • Agent-less allows for the right tool for the job
  • IETF standard defined in RFC 5101
  • Allows for a “Full Picture” Solution

#CitrixSummit

how appflow works1
How AppFlow Works
  • Using UDP as the transport protocol Appflow transmits the collected data called “flow records” to one or more IPv4 collectors
  • Provides visibility for HTTP, SSL, TCP and SSL_TCP flows
  • Various 3rd party collectors aggregate the collected traffic in real time (Splunk, SolarWinds)
  • Feature introduced for AppFlow in NetScaler 9.3nc
  • Available in NetScaler Standard, Enterprise, and Platinum
  • Supported both on the MPX, VPX, and SDX
  • AppFlow support in NetScaler 10 for DataStream and EdgeSight

#CitrixSummit

data flows that can be reported on
Data Flows that can be reported on

SNIP/MIP to Server

Client to VIP

Server to SNIP/MIP

VIP to Client

#CitrixSummit

appflow records
AppFlow Records
  • Records transmitted in IPFIX format via the NSIP of the NetScaler
  • IPFIX based off of Cisco’s NetFlow
  • Each flow records contains a sequence number, so that the collector can see if there is a missed flow record
  • No retransmission of missed flow records (function of UDP)
  • Collector may be able to report on missed records

#CitrixSummit

appflow records sent to collector via netscaler
Appflow Records sent to Collector Via NetScaler

SNIP/MIP to Server

Client to VIP

NSIP to Appflow Collector

Appflow Collector

#CitrixSummit

configuring appflow on the netscaler1
Configuring AppFlow on the NetScaler
  • Enable the AppFlow Feature (enable feature AppFlow from the CLI or System-Settings-Configure advanced features and check the “AppFlow” box in the GUI)
  • Add a Collector (default port is 4739)
  • Add a AppFlow Action specifying a Collector
  • Add a AppFlow Policy, define an expression
  • Bind the Action to the Policy

#CitrixSummit

configuring appflow on the netscaler cont
Configuring AppFlow on the NetScaler (cont.)
  • Bind AppFlow Policy either to the VServer or Globally
  • Ensure AppFlow Logging is checked on the VServer or Service

#CitrixSummit

setting appflow parameters
Setting AppFlow Parameters
  • Control what is sent to the Collector
  • Tailor information sent to the collector to fit your environment
  • Client Traffic only collects only client side traffic
  • Multiple records in each UDP packet

#CitrixSummit

basic troubleshooting
Basic Troubleshooting
  • Check if policy is being hit
  • Nstcpdump.sh filtering UDP
  • Network trace from Collector
  • “Show run | grep appflow” to verify config from CLI

#CitrixSummit

basic troubleshooting1
Basic Troubleshooting

Verify HTTP (or other) data exists within the packet being transmitted to the Collector

#CitrixSummit

appflow counters
AppFlow Counters
  • SNMP can be used to monitor AppFlow for ignored packets
  • These values also translate into counters for the nsconmsg tool
  • Information such as flow records transmitted, IPFIX records ignored, and IPFIX records not sent
  • Can be useful for proactive monitoring of AppFlow itself

#CitrixSummit

interpreting the collected data1
Interpreting the Collected Data
  • Allows for analysis on all aspects of data passing through the NetScaler
  • HTTP, TCP, Application Firewall, VPN, and UI among other statistics can be logged
  • Grants a top down view of data that can be graphed and exported
  • This allows for statistics to be logged, trends to be noticed quicker, easier, and action to be taken
  • Quicker Time to Resolution when troubleshooting issues.

#CitrixSummit

http visibility
HTTPVisibility

#CitrixSummit

http visibility1
HTTPVisibility

#CitrixSummit

http visibility2
HTTP Visibility

#CitrixSummit

http visibility3
HTTP Visibility

#CitrixSummit

vpn visibility
VPN Visibility

#CitrixSummit

ssl vpn visibility
SSL VPN Visibility

#CitrixSummit

ssl vpn visibility1
SSL VPN Visibility

#CitrixSummit

ssl vpn visibility2
SSL VPN Visibility

#CitrixSummit

resources
Resources
  • www.splunk.com
  • www.citrix.com/technologies/appflow
  • AppFlow Configuration Guide - http://support.citrix.com/article/CTX130334
  • How to Install and Configure Splunk for NetScaler for Application Firewall Reporting - http://support.citrix.com/article/CTX132533
  • NetScaler AppFlow Counters http://support.citrix.com/article/CTX132769

#CitrixSummit

appflow overview
AppFlow Overview
  • Monitoring your Network traffic with AppFlow allows for:
    • Visibility – What is my Network doing
    • Accountability – Who is using my Network
    • Seamless Integration – No Agents, No vendor lock in

#CitrixSummit

we value your feedback
We value your feedback!

Take a survey of this session now in the mobile app

Click 'Sessions' button

Click on today's tab

Find this session

Click 'Surveys'

before you leave
Before you leave…
  • Conference surveys are available online at www.citrixsummit.com starting Thursday, May 10
    • Provide your feedback and pick up a complimentary gift at the registration desk
  • Download presentations starting Monday, May 21, from your My Organizer tool located in your My Account