1 / 46

Monitoring your NetScaler Traffic with AppFlow

Monitoring your NetScaler Traffic with AppFlow. Dale McCoon. Senior Technical Support Engineer SUM308 – Monitoring your NetScaler Traffic with AppFlow. May 8 th , 2012. Tweet about this session with hashtag #SUM308 and #CitrixSummit. Agenda.

len-lynn
Download Presentation

Monitoring your NetScaler Traffic with AppFlow

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Monitoring your NetScaler Traffic with AppFlow Dale McCoon Senior Technical Support Engineer SUM308 – Monitoring your NetScaler Traffic with AppFlow May 8th, 2012

  2. Tweet about this session with hashtag #SUM308 and #CitrixSummit

  3. Agenda • Why Open Source Application visibility is important • How AppFlow works • Configuring Appflow on the NetScaler • Interpreting the collected data #CitrixSummit

  4. Why Open Source Application visibility is important

  5. Common Monitoring Issues Faced by Administrators • Decentralized infrastructure makes monitoring difficult • Multiple vendors offering different non-interoperable solutions • Proprietary technologies decrease flexibility • Bulky Agent software increases management overhead • Network taps are expensive and impractical in the Cloud Era #CitrixSummit

  6. The AppFlow Solution • More and more applications are moving to the Cloud • Open Source Standard allows for homogeneous infrastructure • Vendor lock in is no longer a concern • Agent-less allows for the right tool for the job • IETF standard defined in RFC 5101 • Allows for a “Full Picture” Solution #CitrixSummit

  7. How AppFlow works

  8. How AppFlow Works • Using UDP as the transport protocol Appflow transmits the collected data called “flow records” to one or more IPv4 collectors • Provides visibility for HTTP, SSL, TCP and SSL_TCP flows • Various 3rd party collectors aggregate the collected traffic in real time (Splunk, SolarWinds) • Feature introduced for AppFlow in NetScaler 9.3nc • Available in NetScaler Standard, Enterprise, and Platinum • Supported both on the MPX, VPX, and SDX • AppFlow support in NetScaler 10 for DataStream and EdgeSight #CitrixSummit

  9. Data Flows that can be reported on SNIP/MIP to Server Client to VIP Server to SNIP/MIP VIP to Client #CitrixSummit

  10. AppFlow Records • Records transmitted in IPFIX format via the NSIP of the NetScaler • IPFIX based off of Cisco’s NetFlow • Each flow records contains a sequence number, so that the collector can see if there is a missed flow record • No retransmission of missed flow records (function of UDP) • Collector may be able to report on missed records #CitrixSummit

  11. Appflow Records sent to Collector Via NetScaler SNIP/MIP to Server Client to VIP NSIP to Appflow Collector Appflow Collector #CitrixSummit

  12. Configuring AppFlow on the NetScaler

  13. Configuring AppFlow on the NetScaler • Enable the AppFlow Feature (enable feature AppFlow from the CLI or System-Settings-Configure advanced features and check the “AppFlow” box in the GUI) • Add a Collector (default port is 4739) • Add a AppFlow Action specifying a Collector • Add a AppFlow Policy, define an expression • Bind the Action to the Policy #CitrixSummit

  14. Configuring AppFlow on the NetScaler #CitrixSummit

  15. Configuring AppFlow on the NetScaler (cont.) • Bind AppFlow Policy either to the VServer or Globally • Ensure AppFlow Logging is checked on the VServer or Service #CitrixSummit

  16. Setting AppFlow Parameters • Control what is sent to the Collector • Tailor information sent to the collector to fit your environment • Client Traffic only collects only client side traffic • Multiple records in each UDP packet #CitrixSummit

  17. Configuring the NetScaler to send Syslog info via Appflow #CitrixSummit

  18. DataStream Support in NetScaler 10 #CitrixSummit

  19. EdgeSight Monitoring for AppFlow #CitrixSummit

  20. Basic Troubleshooting • Check if policy is being hit • Nstcpdump.sh filtering UDP • Network trace from Collector • “Show run | grep appflow” to verify config from CLI #CitrixSummit

  21. Basic Troubleshooting Verify HTTP (or other) data exists within the packet being transmitted to the Collector #CitrixSummit

  22. AppFlow Counters • SNMP can be used to monitor AppFlow for ignored packets • These values also translate into counters for the nsconmsg tool • Information such as flow records transmitted, IPFIX records ignored, and IPFIX records not sent • Can be useful for proactive monitoring of AppFlow itself #CitrixSummit

  23. Interpreting the Collected Data

  24. What exactly is traversing my Network?

  25. Interpreting the Collected Data • Allows for analysis on all aspects of data passing through the NetScaler • HTTP, TCP, Application Firewall, VPN, and UI among other statistics can be logged • Grants a top down view of data that can be graphed and exported • This allows for statistics to be logged, trends to be noticed quicker, easier, and action to be taken • Quicker Time to Resolution when troubleshooting issues. #CitrixSummit

  26. General Overview of Data via AppFlow #CitrixSummit

  27. More Specific break down of Total Bytes Sent/Received #CitrixSummit

  28. General Overview of Data via AppFlow #CitrixSummit

  29. General Overview of Data via AppFlow #CitrixSummit

  30. HTTPVisibility #CitrixSummit

  31. HTTPVisibility #CitrixSummit

  32. HTTP Visibility #CitrixSummit

  33. HTTP Visibility #CitrixSummit

  34. Application Firewall Visibility #CitrixSummit

  35. Application Firewall Visibility #CitrixSummit

  36. VPN Visibility #CitrixSummit

  37. SSL VPN Visibility #CitrixSummit

  38. SSL VPN Visibility #CitrixSummit

  39. SSL VPN Visibility #CitrixSummit

  40. In Depth Traffic Visibility #CitrixSummit

  41. Resources • www.splunk.com • www.citrix.com/technologies/appflow • AppFlow Configuration Guide - http://support.citrix.com/article/CTX130334 • How to Install and Configure Splunk for NetScaler for Application Firewall Reporting - http://support.citrix.com/article/CTX132533 • NetScaler AppFlow Counters http://support.citrix.com/article/CTX132769 #CitrixSummit

  42. Q&A

  43. AppFlow Overview • Monitoring your Network traffic with AppFlow allows for: • Visibility – What is my Network doing • Accountability – Who is using my Network • Seamless Integration – No Agents, No vendor lock in #CitrixSummit

  44. We value your feedback! Take a survey of this session now in the mobile app Click 'Sessions' button Click on today's tab Find this session Click 'Surveys'

  45. Before you leave… • Conference surveys are available online at www.citrixsummit.com starting Thursday, May 10 • Provide your feedback and pick up a complimentary gift at the registration desk • Download presentations starting Monday, May 21, from your My Organizer tool located in your My Account

More Related