LiveNX Best Practices
Web search, a daily ritual in our connected lives is highly effective due to tagging of information. Wouldn’t it be great if you had a similar capability to search and ask questions related to the network? LiveNX network semantics help you understand and troubleshoot their network better and faster. Using LiveNX’s big data analytics platform you can tag network devices and interfaces to enable search, reporting and dashboard capabilities. LiveNX provides a rich and flexible way to leverage network semantics. You have the capability to assign multiple tags to a device or interface to gain improved understanding of the network and extract relevant data faster via search, reports or dashboard. Network semantics can be leveraged to identify and create:
- Sites and Site IPs
- WAN Links
- Service Providers
- Device and Interface Tags
- Data Centers
A group represents a collection of network devices and are created to easily view the relevant information. When managing multiple network devices in LiveNX, it is recommended that you create groups. Groups help visually and logically organize devices and enable easy access to critical information related to the group. All network devices in a group are visualized on the topology as part of the group. In our case, we have created multiple groups based on location e.g. LA, London, Santa Clara etc. as shown in Figure 1.
Each group contains network devices managed by LiveNX and can be seen by expanding the group as shown in Figure 2. You can expand the group to see the network devices. Each network device can be further expanded to see the managed interfaces. For each managed entity, LiveNX provides detailed information about the device and interface.
Figure 2: Network Devices in Groups
LiveNX provides an intuitive and interactive topology as shown in Figure 3. Groups enable visualization and quick problem resolution on the topology map. Each square box on the topology corresponds to a group with network devices and third-party flow elements contained within each group.
You can zoom in or out of a group for visualizing network devices and interfaces. Grouping capability makes the topology scalable. Zooming in and out can automatically expand and collapse the groups which make it easier to view all flow info to and from groups. You can double-click on a group to expand a group. Zooming into a group shows network devices and third-party flow generating devices. Each bigger circle in a group represents a network device while interfaces with ingress and egress are denoted by arrows. Any issue on the device or interface is highlighted in red or yellow. Simply click on the element to get additional details.
Additionally, a search filter applied to a particular group shows flow data related to all the devices in the specified group only. This helps narrow traffic flow visualization and makes for easier troubleshooting. Figure 4 shows the flows related to group Santa Clara when a filter for group=Santa_Clara is applied.
Grouping devices are also important to help visualize the flows ingressing and egressing a collapsed group. The ingress and egress flow from a group can be to another device or another group (seen in Figure 5).
Collapsed groups also increase the performance of LiveNX by efficiently rendering the devices on the topology. You can simply zoom into a group to see the details (as seen in Figure 6).
Sites and Site IPs
The site is another label that can be assigned to a network device. Sites are not visually displayed on the topology. However, sites are a logical grouping of devices and used for searching, running reports and observing data on the dashboard. LiveNX recommends that you should assign network devices to a site and make the site name correspond to the group name (e.g. if you have created a group LA and assigned network devices to the group, assign site LA to those same network devices). Typically, a site corresponds to the geographic location of the branch/data center. Once sites are assigned to devices, site info can be used to run flow queries, reports and dashboard. Sites created in Figure 7 are the same as the groups created in LiveNX.
In addition to assigning a site to device(s), site also has a Site IP field as shown in Figure 7. Site IP field can contain multiple entries and can be either an IP range or IP addresses. Providing Site IP information enables LiveNX to display relevant flows to and from sites, helping identify site-to-site traffic.
When troubleshooting an issue between two sites, you can use site search queries to filter flows between applicable sites and relevant application(s) for quick visibility and faster troubleshooting. For example, if an admin wants to view all the flows originating from a site (Santa Clara), they can simply enter a query flow.ip.site.src=Santa_Clara with the result being shown in Figure 9a. In addition, the admin can further narrow down the query to show flow data only between two specific sites. In our case, we are interested in the source as Santa Clara and destination being Palo Alto. The query will be flow.ip.site.src=Santa_Clara &
flow.ip.site.dst=HQ-Palo_Alto with the result shown in Figure 9b.
Figure 9a: Flow Query Search Based on Origin Site
WAN and Service Provider
LiveNX recommends tagging all WAN links in the network. When filtering flows, you can use the WAN filter to see traffic related to WAN flows only. Filtering traffic for WAN shows the usage of WAN links and the major consumers of bandwidth. A WAN link can be identified by simply checking the WAN checkbox. In addition to the WAN checkbox, another label called Service Provider is available for further identification of the WAN link. You can use this field to either identify the name of the Service Provider or the type of link e.g. MPLS, Internet etc. Links depicted as WAN with the Service Provider label is displayed on the LiveNX topology and helps visualize WAN related info. In our example, the network admin has filtered the flows based on the site and WAN provider.
You can also assign a label to interface(s). Labels are an additional identifier that can be used to search and filter the information available. Simply assign a label to the interface by selecting a previous label or adding a new one.
Capacity field denotes the capacity of an interface. Often, the configured capacity/bandwidth of an interface can be different from the maximum bandwidth of the physical interface. Once you have configured the capacity, the capacity information is leveraged for capacity planning reports. It is important to configure the capacity of interfaces for accurate 99th and 95th utilization. Leveraging the percentile utilization helps in accurate capacity planning.
You can see interface details by simply zooming in on a network device on the topology. The topology shows the device with the bigger circle with all its interfaces within that circle. Each interface has an ingress and egress and the capacity shown is the bandwidth of that interface.
Device and Interface Tags
Tags can be assigned to network devices or interfaces. You can use tags to filter flows in their search queries. Tags assigned to network devices or interfaces do not show up visually on the topology, however, they are helpful in filtering flows. Figure 13 shows the ability to visualize and filter flows based on tags. In this case, we have applied a filter site=HQ&tag=firewall which shows only the flows related to the device(s) tagged as firewall.
LiveNX also provides the capability to leverage its extensive reporting capabilities with network semantics. Network instrumentation and flows generate a lot of data which has to be processed in a meaningful way for accurate decision making (e.g. a user can run site to site reports by simply running a Site report). If the sites are properly identified, the report represents the flow data between sites as shown in Figure 14.
You can further filter the data in the report by using search queries similar to the ones identified in the Sites section. In our case, we run a site-to-site report between Santa Clara and Palo Alto with Santa Clara as the source and Palo Alto as the destination. The report in Figure 15 shows the traffic between those two sites only with the query flow.ip.site.src=Santa_Clara & flow.ip.site.dst=HQ-Palo_Alto
LiveNX provides a rich variety of network semantics to filter relevant flow information and enable faster troubleshooting. Adding semantics is an evolutionary exercise as you get increasingly familiar with LiveNX and the power of semantics. As a starting point, we recommend that you:
- Create groups to organize and visualize network devices on the topology
- Assign sites to devices that correspond to the groups • Identify and check the WAN links and identify the Service Provider or the type of link
- Assign capacity to the WAN interfaces and critical network interfaces
- Labels and Tags can be part of an ongoing effort to effectively help in troubleshooting