470 likes | 935 Views
Monitoring your NetScaler Traffic with AppFlow. Dale McCoon. Senior Technical Support Engineer SUM308 – Monitoring your NetScaler Traffic with AppFlow. May 8 th , 2012. Tweet about this session with hashtag #SUM308 and #CitrixSummit. Agenda.
E N D
Monitoring your NetScaler Traffic with AppFlow Dale McCoon Senior Technical Support Engineer SUM308 – Monitoring your NetScaler Traffic with AppFlow May 8th, 2012
Tweet about this session with hashtag #SUM308 and #CitrixSummit
Agenda • Why Open Source Application visibility is important • How AppFlow works • Configuring Appflow on the NetScaler • Interpreting the collected data #CitrixSummit
Common Monitoring Issues Faced by Administrators • Decentralized infrastructure makes monitoring difficult • Multiple vendors offering different non-interoperable solutions • Proprietary technologies decrease flexibility • Bulky Agent software increases management overhead • Network taps are expensive and impractical in the Cloud Era #CitrixSummit
The AppFlow Solution • More and more applications are moving to the Cloud • Open Source Standard allows for homogeneous infrastructure • Vendor lock in is no longer a concern • Agent-less allows for the right tool for the job • IETF standard defined in RFC 5101 • Allows for a “Full Picture” Solution #CitrixSummit
How AppFlow Works • Using UDP as the transport protocol Appflow transmits the collected data called “flow records” to one or more IPv4 collectors • Provides visibility for HTTP, SSL, TCP and SSL_TCP flows • Various 3rd party collectors aggregate the collected traffic in real time (Splunk, SolarWinds) • Feature introduced for AppFlow in NetScaler 9.3nc • Available in NetScaler Standard, Enterprise, and Platinum • Supported both on the MPX, VPX, and SDX • AppFlow support in NetScaler 10 for DataStream and EdgeSight #CitrixSummit
Data Flows that can be reported on SNIP/MIP to Server Client to VIP Server to SNIP/MIP VIP to Client #CitrixSummit
AppFlow Records • Records transmitted in IPFIX format via the NSIP of the NetScaler • IPFIX based off of Cisco’s NetFlow • Each flow records contains a sequence number, so that the collector can see if there is a missed flow record • No retransmission of missed flow records (function of UDP) • Collector may be able to report on missed records #CitrixSummit
Appflow Records sent to Collector Via NetScaler SNIP/MIP to Server Client to VIP NSIP to Appflow Collector Appflow Collector #CitrixSummit
Configuring AppFlow on the NetScaler • Enable the AppFlow Feature (enable feature AppFlow from the CLI or System-Settings-Configure advanced features and check the “AppFlow” box in the GUI) • Add a Collector (default port is 4739) • Add a AppFlow Action specifying a Collector • Add a AppFlow Policy, define an expression • Bind the Action to the Policy #CitrixSummit
Configuring AppFlow on the NetScaler #CitrixSummit
Configuring AppFlow on the NetScaler (cont.) • Bind AppFlow Policy either to the VServer or Globally • Ensure AppFlow Logging is checked on the VServer or Service #CitrixSummit
Setting AppFlow Parameters • Control what is sent to the Collector • Tailor information sent to the collector to fit your environment • Client Traffic only collects only client side traffic • Multiple records in each UDP packet #CitrixSummit
Configuring the NetScaler to send Syslog info via Appflow #CitrixSummit
DataStream Support in NetScaler 10 #CitrixSummit
EdgeSight Monitoring for AppFlow #CitrixSummit
Basic Troubleshooting • Check if policy is being hit • Nstcpdump.sh filtering UDP • Network trace from Collector • “Show run | grep appflow” to verify config from CLI #CitrixSummit
Basic Troubleshooting Verify HTTP (or other) data exists within the packet being transmitted to the Collector #CitrixSummit
AppFlow Counters • SNMP can be used to monitor AppFlow for ignored packets • These values also translate into counters for the nsconmsg tool • Information such as flow records transmitted, IPFIX records ignored, and IPFIX records not sent • Can be useful for proactive monitoring of AppFlow itself #CitrixSummit
Interpreting the Collected Data • Allows for analysis on all aspects of data passing through the NetScaler • HTTP, TCP, Application Firewall, VPN, and UI among other statistics can be logged • Grants a top down view of data that can be graphed and exported • This allows for statistics to be logged, trends to be noticed quicker, easier, and action to be taken • Quicker Time to Resolution when troubleshooting issues. #CitrixSummit
General Overview of Data via AppFlow #CitrixSummit
More Specific break down of Total Bytes Sent/Received #CitrixSummit
General Overview of Data via AppFlow #CitrixSummit
General Overview of Data via AppFlow #CitrixSummit
HTTPVisibility #CitrixSummit
HTTPVisibility #CitrixSummit
HTTP Visibility #CitrixSummit
HTTP Visibility #CitrixSummit
Application Firewall Visibility #CitrixSummit
Application Firewall Visibility #CitrixSummit
VPN Visibility #CitrixSummit
SSL VPN Visibility #CitrixSummit
SSL VPN Visibility #CitrixSummit
SSL VPN Visibility #CitrixSummit
In Depth Traffic Visibility #CitrixSummit
Resources • www.splunk.com • www.citrix.com/technologies/appflow • AppFlow Configuration Guide - http://support.citrix.com/article/CTX130334 • How to Install and Configure Splunk for NetScaler for Application Firewall Reporting - http://support.citrix.com/article/CTX132533 • NetScaler AppFlow Counters http://support.citrix.com/article/CTX132769 #CitrixSummit
AppFlow Overview • Monitoring your Network traffic with AppFlow allows for: • Visibility – What is my Network doing • Accountability – Who is using my Network • Seamless Integration – No Agents, No vendor lock in #CitrixSummit
We value your feedback! Take a survey of this session now in the mobile app Click 'Sessions' button Click on today's tab Find this session Click 'Surveys'
Before you leave… • Conference surveys are available online at www.citrixsummit.com starting Thursday, May 10 • Provide your feedback and pick up a complimentary gift at the registration desk • Download presentations starting Monday, May 21, from your My Organizer tool located in your My Account