IP Group Management


 

The IP groups feature lets you monitor departmental, intranet or application traffic exclusively. You can create IP groups based on IP addresses and/or a combination of port and protocol. You can even choose to monitor traffic from specific interfaces across different routers. After creating an IP group, you can view the top applications, top protocols, top hosts, and top conversations in this IP group alone.

This section will help you understand IP Groups and walk you through the steps needed to create and later delete an IP group if needed.

Understanding IP Groups

To further understand how the IP grouping feature can help in understanding exclusive bandwidth usage, consider the following two scenarios:

 

Enterprise Network Scenario

A typical enterprise setup where the main servers and databases are located at a central office, and all branch offices are given appropriate access privileges to these servers.

Problem: You need to track bandwidth used by each branch office while accessing an ERP/CRM application

Solution: Create an IP group for each branch office, along with the port and protocol of the ERP/CRM application running in the central office.

 

The traffic reports for each IP group will then show details on bandwidth used by the branch office while working with the ERP/CRM application. This information is very useful during traffic accounting and usage-based billing.

 

End Note: If the IP addresses in the branch offices are NATed (network address translated) by the web server, you can view overall bandwidth usage for the branch office, but not that of individual hosts within the IP group.

Campus Network Scenario

A typical campus network with several departments. Here IP addresses are usually not NATed by the web server.

Problem: You need to analyze bandwidth used by each department

Solution: Create an IP group for each department (IP address or address ranges), without specifying any port/protocol values.

 

The traffic reports for each IP group will then show bandwidth usage by that department along with information on top talkers, and top conversations within that department.

Defining IP Groups

IP groups can be defined based on IP address and/or port-protocol combinations. In addition, you can filter IP group traffic based on interfaces. The following matrix shows the different combinations possible, along with a typical example usage for each combination.

 

Combination IP Address Port/Protocol Interfaces DSCP
IP Address View bandwidth details for a range of IP addresses. View Web (80/TCP, 80/UDP) traffic details for a range of IP addresses. View bandwidth details across multiple interfaces, for a range of IP addresses. View bandwidth details of the applications using a particular DSCP name
Port/Protocol View Web (80/TCP, 80/UDP) traffic details for a range of IP addresses. View Web (80/TCP, 80/UDP) traffic generated across the network View Web (80/TCP, 80/UDP) traffic generated across multiple interfaces. View web traffic using the particular DSCP name
Interfaces View bandwidth details across multiple interfaces, for a range of IP addresses. View Web (80/TCP, 80/UDP) traffic generated across multiple interfaces. [ Not possible ]
View the traffic traversing through the multiple interfaces with the particular DSCP name
DSCP View bandwidth details of the applications using a particular DSCP name View web traffic using the particular DSCP name View the traffic traversing through the multiple interfaces with the particular DSCP name [ Not possible ]

Creating an IP Group

The IP Group Management link in the Admin Operations box lets you create, modify, and delete IP groups. Click this link, and then click Create to create a new IP group. Fill in the following information and click Add to add the new IP group to the current list of IP groups.

 

Field Description
IP Group Name Enter a unique name to identify this IP group
IP Group Description

Enter descriptive information for this IP group to help other operators understand why it was created.

IP Group Based on Select whether you want to define this IP group based on IP address, DSCP names or port-protocol or the combination of any of the three.
Specify IP/IP Range/Network Select the IP address, address range, or network that this IP group is based on. Use the Add More option to add additional specifications.
Include/Exclude/ Between sites

Include option includes the particular the IP address, address range, or network.

Exclude option excludes the particular the IP address, address range, or network.

Between sites option allows you to group the traffic between sites, which can be defined by two networks or IP addresses.

Filter based on DSCP names Allows you to set filters based on the DSCP names of the applications.
Associated Interfaces If you need to filter this IP group further, based on devices or different interface combinations, click the "Select Devices" link and select the different devices and interfaces whose traffic needs to be included in this IP group.
IP Group Speed Enter the interface speed (in bits per second) for calculating percentage of traffic for this IP group.

 

Note If you add a new combination of ports and protocol, a popup opens stating that this combination of ports and protocol has not been mapped to any application. Add the combination as a new application in the same popup, and click Update to update the Application Mapping list with the new application.

Managing IP Groups

Click the IP Group Management link in the Admin Operations box to view the list of IP groups created so far. The current status of the IP Group is also shown as Enabled or Disabled. Select the IP group that you want to modify, and click the Modify button to edit its settings. Once you are done, click Add to save and activate the new changes. To change a IP group's status from Enabled to Disabled or vice-versa click on the current status of the IP Group. It is possible to Enable or Disable all the IP Groups at once by using the "Enable All" and "Disable All" buttons.

 

To delete an IP group, select the IP group and click the Delete button. Deleting an IP group removes the IP group from the list of IP groups managed. All users assigned to this IP group will not see this IP group listed on their Dashboard.

 

Note Unmanaging an IP group will lead to bill generation for the particular IP group, IF that IP group has been selected for billing.

 

Bulk loading IP Groups

NetFlow Analyzer allows bulk loading of IP group using the XML file(ipGroup.xml) contained in the location: AdventNet\ME\NetFlow\troubleshooting. using this file it is possible to define multiple IP groups at once. A sample configuration code looks like:

 

<IPGroups ip_group_name="Engineering" ip_group_desc="description in detail" ip_group_speed="1000000">
<GrpIPAddress addr_id="12.12.12.12" flag="include"/>
<GrpIPNetwork netmask_addr_id="255.255.255.0" network_addr_id="12.12.13.0" flag="include"/>
<GrpIPRange netmask_addr_id="255.255.255.0" start_addr_id="12.12.14.1" end_addr_id="12.12.14.100" flag="exclude"/>
<ApplicationNames port="80" protocol="TCP"/>
<Selected_Devices>
<Router Router_Name="192.168.111.113">
<Interface interface_name="IfIndex1" />
<Interface interface_name="IfIndex3" />
</Router>
</Selected_Devices>
</IPGroups>

 

 

Within this configuration it is possible to have any number of GrpIPAddress or GrpIPNetwork or GrpIPRange or ApplicationNames with Inteface selection.

It is also possible to add specific criteria/exceptions to the group definition such as: