Making Site to Site traffic monitoring easier!
What is Site to site traffic monitoring?
The Site to Site traffic monitoring option in IP Groups lets you monitor traffic between two specific sites, which are created based on IP Address or IP Network. This feature helps you understand the network traffic behaviour between any two user defined sites. You can get the following details:
How is it done?
To explain how to use site to site traffic monitoring and how to interpret the data shown in the reports pertaining to the IP Group, we will make use of a simple example.
Consider a network where you have a central office whose router is being monitored with NetFlow Analyzer. There are multiple branches, A, B and C, all of which communicate with one another through the main office router. Your requirement is to monitor traffic specifically between Site A (126.96.36.199) and Site B (10.15.8.47).
In such a circumstance, you can make use of the Site to Site traffic monitoring option under IP Groups.
For this, create an IP Group and select the Between Sites option. Here, add the Site A (192.168.1.82) under the 'From' field and Site B (10.15.8.47) under the 'To' field. You can add additional filter options like Port/Protocol and/or DSCP fields to this IP Group which would further filter the results based on the added criteria.
In 'Site to Site' IP Groups, for traffic classification purposes, the IP Address under the 'From' field is the primary IP and so all reports will be shown in relation to this IP Address or network. In our scenario, the IP Address 188.8.131.52, ie. Site A, is the primary IP Address.
Traffic IN and OUT:
Traffic is shown based on volume, speed, utilization and number of packets for the IP Group and is classified on an IN and OUT basis.
Traffic IN refers to the traffic that came into the IP Group. Since site A is considered as the primary IP Address, any traffic that comes to Site A is classified as the IN traffic for the IP Group. The OUT traffic refers to the traffic that went out of the IP Group, that is, traffic leaving Site A is accounted as the OUT traffic.
Application IN and OUT shows the applications that came in or went out of the IP Group and is classified the same way as Traffic IN and OUT. Applications which formed the traffic to Site A is shown under Application IN. Those applications which constituted the traffic from Site A is Application OUT as Site A is considered the primary IP Address.
The Source tab for the IP Group will show the source of traffic originating from the IP Group. When traffic flows from Site A to Site B, the source of the traffic is 184.108.40.206 and the destination of the traffic is 10.15.8.47. Since the IP under 'From' field is the primary IP Address, 220.127.116.11 will form the addresses shown the source tab.
The Destination tab for the IP Group will show the destination of network traffic reaching the IP Group. When Site A receives traffic from Site B, the source of the traffic is 10.15.8.47 and the destination of the traffic is 18.104.22.168. Since Site A is the primary IP Address, the IP Address 22.214.171.124 forms the destination address for the IP Group.
For both Source and Destination, you can click on the IP Address and drill down to find the related conversations. Source Address drill down will show the IP Address to which traffic was sent and Destination Address drill down shows the IP Addresses from where traffic originated for the IP Group.
Conversation IN and OUT:
The Conversation IN and OUT is the same as for Traffic IN and OUT. All conversations which came into the IP Group will be classified as Conversation IN and conversations which went out of the IP Group is Conversation OUT. So, Site B to Site A forms the Conversation IN and Site A to Site B forms the Conversation OUT for the IP Group.
Hope this gives you a better understanding on how to interpret the data in Site to Site IP Groups!
- Girish Kumar
Cisco Network Team Member in Elizabeth Board of Education