monitoring your netscaler traffic with appflow
DESCRIPTION
Monitoring your NetScaler Traffic with AppFlow. Dale McCoon. Senior Technical Support Engineer SUM308 – Monitoring your NetScaler Traffic with AppFlow. May 8 th , 2012. Tweet about this session with hashtag #SUM308 and #CitrixSummit. Agenda. - PowerPoint PPT PresentationTRANSCRIPT
Monitoring your NetScaler Traffic with AppFlow
Dale McCoon
Senior Technical Support EngineerSUM308 – Monitoring your NetScaler Traffic with AppFlow
May 8th, 2012
#CitrixSummit
Tweet about this session with hashtag #SUM308 and #CitrixSummit
• Why Open Source Application visibility is important
• How AppFlow works
• Configuring Appflow on the NetScaler
• Interpreting the collected data
Agenda
#CitrixSummit
Why Open Source Application visibility is important
• Decentralized infrastructure makes monitoring difficult
• Multiple vendors offering different non-interoperable solutions
• Proprietary technologies decrease flexibility
• Bulky Agent software increases management overhead
• Network taps are expensive and impractical in the Cloud Era
Common Monitoring Issues Faced by Administrators
#CitrixSummit
• More and more applications are moving to the Cloud
• Open Source Standard allows for homogeneous infrastructure
• Vendor lock in is no longer a concern
• Agent-less allows for the right tool for the job
• IETF standard defined in RFC 5101
• Allows for a “Full Picture” Solution
The AppFlow Solution
#CitrixSummit
How AppFlow works
• Using UDP as the transport protocol Appflow transmits the collected data called “flow records” to one or more IPv4 collectors
• Provides visibility for HTTP, SSL, TCP and SSL_TCP flows
• Various 3rd party collectors aggregate the collected traffic in real time (Splunk, SolarWinds)
• Feature introduced for AppFlow in NetScaler 9.3nc
• Available in NetScaler Standard, Enterprise, and Platinum
• Supported both on the MPX, VPX, and SDX
• AppFlow support in NetScaler 10 for DataStream and EdgeSight
How AppFlow Works
#CitrixSummit
Data Flows that can be reported on
Client to VIP SNIP/MIP to Server
Server to SNIP/MIPVIP to Client
#CitrixSummit
• Records transmitted in IPFIX format via the NSIP of the NetScaler
• IPFIX based off of Cisco’s NetFlow
• Each flow records contains a sequence number, so that the collector can see if there is a missed flow record
• No retransmission of missed flow records (function of UDP)
• Collector may be able to report on missed records
AppFlow Records
#CitrixSummit
Appflow Records sent to Collector Via NetScaler
Appflow Collector
Client to VIPSNIP/MIP to Server
NSIP to Appflow Collector
#CitrixSummit
Configuring AppFlow on the NetScaler
• Enable the AppFlow Feature (enable feature AppFlow from the CLI or System-Settings-Configure advanced features and check the “AppFlow” box in the GUI)
• Add a Collector (default port is 4739)
• Add a AppFlow Action specifying a Collector
• Add a AppFlow Policy, define an expression
• Bind the Action to the Policy
Configuring AppFlow on the NetScaler
#CitrixSummit
Configuring AppFlow on the NetScaler
#CitrixSummit
• Bind AppFlow Policy either to the VServer or Globally
• Ensure AppFlow Logging is checked on the VServer or Service
Configuring AppFlow on the NetScaler (cont.)
#CitrixSummit
Setting AppFlow Parameters
•Control what is sent to the Collector
•Tailor information sent to the collector to fit your environment
•Client Traffic only collects only client side traffic
•Multiple records in each UDP packet
#CitrixSummit
Configuring the NetScaler to send Syslog info via Appflow
#CitrixSummit
DataStream Support in NetScaler 10
#CitrixSummit
EdgeSight Monitoring for AppFlow
#CitrixSummit
Basic Troubleshooting
•Check if policy is being hit
•Nstcpdump.sh filtering UDP
•Network trace from Collector
•“Show run | grep appflow” to verify config from CLI
#CitrixSummit
Verify HTTP (or other) data exists within the packet being transmitted to the Collector
Basic Troubleshooting
#CitrixSummit
AppFlow Counters
• SNMP can be used to monitor AppFlow for ignored packets
• These values also translate into counters for the nsconmsg tool
• Information such as flow records transmitted, IPFIX records ignored, and IPFIX records not sent
• Can be useful for proactive monitoring of AppFlow itself
#CitrixSummit
Interpreting the Collected Data
#CitrixSummit
What exactly is traversing my Network?
• Allows for analysis on all aspects of data passing through the NetScaler
• HTTP, TCP, Application Firewall, VPN, and UI among other statistics can be logged
• Grants a top down view of data that can be graphed and exported
• This allows for statistics to be logged, trends to be noticed quicker, easier, and action to be taken
• Quicker Time to Resolution when troubleshooting issues.
Interpreting the Collected Data
#CitrixSummit
General Overview of Data via AppFlow
#CitrixSummit
More Specific break down of Total Bytes Sent/Received
#CitrixSummit
General Overview of Data via AppFlow
#CitrixSummit
General Overview of Data via AppFlow
#CitrixSummit
HTTP Visibility
#CitrixSummit
HTTP Visibility
#CitrixSummit
HTTP Visibility
#CitrixSummit
HTTP Visibility
#CitrixSummit
Application Firewall Visibility
#CitrixSummit
Application Firewall Visibility
#CitrixSummit
VPN Visibility
#CitrixSummit
SSL VPN Visibility
#CitrixSummit
SSL VPN Visibility
#CitrixSummit
SSL VPN Visibility
#CitrixSummit
In Depth Traffic Visibility
#CitrixSummit
• www.splunk.com
• www.citrix.com/technologies/appflow
• AppFlow Configuration Guide - http://support.citrix.com/article/CTX130334
• How to Install and Configure Splunk for NetScaler for Application Firewall
Reporting - http://support.citrix.com/article/CTX132533
• NetScaler AppFlow Counters http://support.citrix.com/article/CTX132769
Resources
#CitrixSummit
Q&A
• Monitoring your Network traffic with AppFlow allows for:
• Visibility – What is my Network doing
• Accountability – Who is using my Network
• Seamless Integration – No Agents, No vendor lock in
AppFlow Overview
#CitrixSummit
#CitrixSummit
We value your feedback!Take a survey of this session now in the mobile app
• Click 'Sessions' button
• Click on today's tab
• Find this session
• Click 'Surveys'
#CitrixSummit
Before you leave…
• Conference surveys are available online at www.citrixsummit.com starting
Thursday, May 10○ Provide your feedback and pick up a complimentary gift at the registration desk
• Download presentations starting Monday, May 21, from your My Organizer tool located in your My Account
