Policy Pages Reference : Networking Policy Settings : Flow Statistics
  
Flow Statistics
You enable flow statistics settings in the Flow Statistics page. You can also enable flow export to an external collector and to a CascadeFlow collector. CascadeFlow collectors can aggregate information about QoS configuration and other application statistics to send to a SteelCentral NetProfiler. The Enterprise NetProfiler summarizes and displays the QoS configuration statistics.
By default, flow export is disabled.
External collectors use information about network data flows to report trends, such as the top users, peak usage times, traffic accounting, security, and traffic routing. You can export preoptimization and postoptimization data to an external collector.
The Top Talkers feature enables a report that details the hosts, applications, and host and application pairs that are either sending or receiving the most data on the network. Top Talkers does not use a NetFlow Collector.
For details about flow statistics deployments, see the SteelHead Management Console User’s Guide.
Flow Statistics Settings
Complete the configuration as described in this table.
Control
Description
Enable Application Visibility
Continuously collects detailed application-level statistics for both passthrough and optimized traffic. The Application Visibility and Application Statistics reports display these statistics. This statistic collection is disabled by default.
Enable WAN Throughput Statistics
Continuously collects WAN throughput statistics. This statistic collection is enabled by default; however, you can disable the collection to save processing power.
Enable Top Talkers
Continuously collects statistics for the most active traffic flows. A traffic flow consists of data sent and received from a single source IP address and port number to a single destination IP address and port number over the same protocol.
The most active, heaviest users of WAN bandwidth are called the Top Talkers. A flow collector identifies the top consumers of the available WAN capacity (the top 50 by default) and displays them in the Top Talkers report. Collecting statistics on the Top Talkers provides visibility into WAN traffic without applying an in-path rule to enable a WAN visibility mode.
You can analyze the Top Talkers for accounting, security, troubleshooting, and capacity planning purposes. You can also export the complete list in CSV format.
The collector gathers statistics on the Top Talkers based on the proportion of WAN bandwidth consumed by the top hosts, applications, and host and application pair conversations. The statistics track pass-through or optimized traffic, or both. Data includes TCP or UDP traffic, or both (configurable in the Top Talkers report page).
A NetFlow collector is not required for this feature.
You can set the Active Flow Timeout even if the option is enabled.
Optionally, select a time period to adjust the collection interval:
•  24-hour Report Period - For a five-minute granularity (the default setting).
•  48-hour Report Period - For a ten-minute granularity.
The system also uses the time period to collect SNMP top talker statistics. For top talkers displayed in the Top Talker report and SNMP top talker statistics, the system updates the top talker data ranks either every 300 seconds (for a 24- hour reporting period), or 600 seconds (for a 48-hour reporting period).
The system saves a maximum of 300 top talker data snapshots, and aggregates these to calculate the top talkers for the 24- or 48-hour reporting period.
The system never clears top talker data at the time of polling; however, every 300 or 600 seconds, it replaces the oldest top talker data snapshot of the 300 with the new data snapshot.
After you change the reporting period, it takes the system one day to update the top talker rankings to reflect the new reporting period. In the interim, the data used to calculate the top talkers still includes data snapshots from the original reporting period. This delay applies to Top Talker report queries and SNMP top talker statistics.
Flow Export Settings
Complete the configuration as described in this table.
Control
Description
Enable Flow Export
Enables the SteelHead to export network statistics about the individual flows that it sees as they traverse the network. By default, this setting is disabled.
Export QoS and Application Statistics to CascadeFlow Collectors
Sends application-level statistics from all sites to a CascadeFlow collector on a Cascade appliance. Cascade appliances provide central reporting capabilities. The collector aggregates QoS and application statistics to provide visibility using detailed records specific to flows traversing the SteelHead.
The SteelHead sends the SteelCentral an enhanced version of NetFlow called CascadeFlow. CascadeFlow includes:
•  NetFlow v9 extensions for round-trip time measurements that enable you to understand volumes of traffic across your WAN and end-to-end response time.
•  Extensions that enable a SteelCentral NetExpress to properly measure and report on the benefits of optimization.
After the statistics are aggregated on a Cascade appliance, you can use its central reporting capabilities to:
•  Analyze overall WAN use, such as traffic generated by application, most active sites, and so on.
•  Troubleshoot a particular application by viewing how much bandwidth it received, checking for any retransmissions, interference from other applications, and so on.
•  Compare actual application use against your outbound QoS policy configuration to analyze whether your policies are effective. For example, if your QoS policy determines that Citrix should get a minimum of 10 percent of the link, and the application statistics reveal that Citrix performance is unreliable and always stuck at 10 percent, you may want to increase that minimum guarantee.
The CascadeFlow Collector collects read-only statistics on both pass-through and optimized traffic. When you use CascadeFlow, the SteelHead sends four flow records for each optimized TCP session: ingress and egress for the inner channel connection, and ingress and egress for the outer channel. A pass-through connection still sends four flow records even though there are no separate inner and outer channel connections. In either case, the SteelCentral NetExpress merges these flow records together with flow data collected for the same flow from other devices.
For details, see the SteelCentral Network Performance Management Deployment Guide.
Active Flow Timeout
Optionally, specify the amount of time, in seconds, the collector retains the list of active traffic flows. The default value is 1800 seconds.
Inactive Flow Timeout
Optionally, specify the amount of time, in seconds, the collector retains the list of inactive traffic flows. The default value is 15 seconds.
Apply
Applies your settings.
Enable Interfaces
Complete the configuration as described in this table.
Control
Description
lan/wanX_X
Specify the interfaces to include when adding new Flow collectors.
Apply
Applies your settings.
Flow Collectors
Complete the configuration as described in this table.
Control
Description
Add a New Flow Collector
Displays the controls to add a Flow collector.
Collector IP Address
Specify the IP address for the Flow collector.
Port
Specify the UDP port the Flow collector is listening on. The default value is 2055.
Version
Select one of these versions from the drop-down list:
•  CascadeFlow - Use with Cascade Profiler v8.4 or later.
•  CascadeFlow-compatible - Use with Cascade Profiler v8.3.2 or earlier, and select the LAN Address check box.
•  NetFlow v5 - Enables ingress flow records.
•  NetFlow v9 - Enables both ingress and egress flow records.
For details about using NetFlow records with Cascade, see the SteelCentral Network Performance Management Deployment Guide.
CascadeFlow and CascadeFlow-compatible are enhanced versions of flow statistics to the SteelCentral. These versions allow automatic discovery and interface grouping for SteelHeads in a SteelCentral NetProfiler or a SteelCentral Flow Gateway and support WAN and optimization reports in SteelCentral. For details, see the SteelCentral NetProfiler and NetExpress User’s Guide and the SteelCentral Flow Gateway User’s Guide.
Packet Source Interface
Select the interface to use as the source IP address of the flow packets (Primary, Aux, or MIP) from the drop-down list. NetFlow records sent from the SteelHead appear to be sent from the IP address of the selected interface.
LAN Address
Causes the TCP/IP addresses and ports reported for optimized flows to contain the original client and server IP addresses and not those of the SteelHead. The default setting displays the IP addresses of the original client and server without the IP address of the SteelHeads.
This setting is unavailable with NetFlow v9, because the optimized flows are always sent out with both the original client server IP addresses and the IP addresses used by the SteelHead.
Capture Interface/Type
Specify the traffic type to export to the flow collector. Select one of these types from the drop-down list:
•  All - Exports both optimized and nonoptimized traffic.
•  Optimized - Exports optimized traffic.
•  Optimized - Exports optimized LAN or WAN traffic when WCCP is enabled.
•  Passthrough - Exports pass-through traffic.
•  None - Disables traffic flow statistics.
The default is All for LAN and WAN interfaces, for all four collectors. The default for the other interfaces (Primary, rios_lan, and rios_wan) is None. You cannot select a MIP interface.
Enable Filter
(CascadeFlow and NetFlow v9 only) Filter flow reports by IP and subnets or IP:ports included in the Filter list. When disabled, reports include all IP addresses and subnets.
Filter
(CascadeFlow and NetFlow v9 only) Specify the IP and subnet or IP:port to include in the report, one entry per line, up to 25 filters maximum.
Add
Adds the collector to the Collector list.
Remove Selected
Select the check box next to the name and click Remove Selected.