IP Group Management


A set of 4 IP groups have already been defined and have been named as

 

Users can also add/ remove other sites that they feel can under these predefined IP groups.

 

 

The IP groups feature lets you monitor departmental, intranet or application traffic exclusively. You can create IP groups based on IP addresses and/or a combination of port and protocol. You can even choose to monitor traffic from specific interfaces across different routers. After creating an IP group, you can view the top applications, top protocols, top hosts, and top conversations in this IP group alone.

This section will help you understand IP Groups and walk you through the steps needed to create and later delete an IP group if needed.

Understanding IP Groups

To further understand how the IP grouping feature can help in understanding exclusive bandwidth usage, consider the following two scenarios:

 

Enterprise Network Scenario

A typical enterprise setup where the main servers and databases are located at a central office, and all branch offices are given appropriate access privileges to these servers.

Problem: You need to track bandwidth used by each branch office while accessing an ERP/CRM application

Solution: Create an IP group for each branch office, along with the port and protocol of the ERP/CRM application running in the central office.

 

The traffic reports for each IP group will then show details on bandwidth used by the branch office while working with the ERP/CRM application. This information is very useful during traffic accounting and usage-based billing.

 

End Note: If the IP addresses in the branch offices are NATed (network address translated) by the web server, you can view overall bandwidth usage for the branch office, but not that of individual hosts within the IP group.

Campus Network Scenario

A typical campus network with several departments. Here IP addresses are usually not NATed by the web server.

Problem: You need to analyze bandwidth used by each department

Solution: Create an IP group for each department (IP address or address ranges), without specifying any port/protocol values.

 

The traffic reports for each IP group will then show bandwidth usage by that department along with information on top talkers, and top conversations within that department.

Defining IP Groups

IP groups can be defined based on IP address and/or port-protocol combinations. In addition, you can filter IP group traffic based on interfaces. The following matrix shows the different combinations possible, along with a typical example usage for each combination.

 

Combination IP Address Port/Protocol Interfaces DSCP
IP Address View bandwidth details for a range of IP addresses. View Web (80/TCP, 80/UDP) traffic details for a range of IP addresses. View bandwidth details across multiple interfaces, for a range of IP addresses. View bandwidth details of the applications using a particular DSCP name
Port/Protocol View Web (80/TCP, 80/UDP) traffic details for a range of IP addresses. View Web (80/TCP, 80/UDP) traffic generated across the network View Web (80/TCP, 80/UDP) traffic generated across multiple interfaces. View web traffic using the particular DSCP name
Interfaces View bandwidth details across multiple interfaces, for a range of IP addresses. View Web (80/TCP, 80/UDP) traffic generated across multiple interfaces. [ Not possible ]
View the traffic traversing through the multiple interfaces with the particular DSCP name
DSCP View bandwidth details of the applications using a particular DSCP name View web traffic using the particular DSCP name View the traffic traversing through the multiple interfaces with the particular DSCP name [ Not possible ]

Creating an IP Group

The IP Group Management link in the Admin Operations box lets you create, modify, and delete IP groups. Click this link, and then click Create to create a new IP group. Fill in the following information and click Add to add the new IP group to the current list of IP groups.

 

Field Description
IP Group Name Enter a unique name to identify this IP group
IP Group Description

Enter descriptive information for this IP group to help other operators understand why it was created.

IP Group Based on Select whether you want to define this IP group based on IP address, DSCP names or port-protocol or the combination of any of the three.
Specify IP/IP Range/Network Select the IP address, address range, or network that this IP group is based on. Use the Add More option to add additional specifications.
Include/Exclude/ Between sites

Include option includes the particular the IP address, address range, or network.

Exclude option excludes the particular the IP address, address range, or network.

Between sites option allows you to group the traffic between sites, which can be defined by two networks or IP addresses.

Filter based on DSCP names Allows you to set filters based on the DSCP names of the applications.
Associated Interfaces If you need to filter this IP group further, based on devices or different interface combinations, click the "Select Devices" link and select the different devices and interfaces whose traffic needs to be included in this IP group.
IP Group Speed Enter the interface speed (in bits per second) for calculating percentage of traffic for this IP group.

 

Note If you add a new combination of ports and protocol, a popup opens stating that this combination of ports and protocol has not been mapped to any application. Add the combination as a new application in the same popup, and click Update to update the Application Mapping list with the new application.

Managing IP Groups

Click the IP Group Management link in the Admin Operations box to view the list of IP groups created so far. The current status of the IP Group is also shown as Enabled or Disabled. Select the IP group that you want to modify, and click the Modify button to edit its settings. Once you are done, click Add to save and activate the new changes. To change a IP group's status from Enabled to Disabled or vice-versa click on the current status of the IP Group. It is possible to Enable or Disable all the IP Groups at once by using the "Enable All" and "Disable All" buttons.

 

To delete an IP group, select the IP group and click the Delete button. Deleting an IP group removes the IP group from the list of IP groups managed. All users assigned to this IP group will not see this IP group listed on their Dashboard.

 

Note Unmanaging an IP group will lead to bill generation for the particular IP group, IF that IP group has been selected for billing.

 

Bulk loading IP Groups

NetFlow Analyzer allows bulk loading of IP group using the XML file(ipGroup.xml) contained in the location: AdventNet\ME\NetFlow\troubleshooting. using this file it is possible to define multiple IP groups at once. A sample configuration code looks like:

 

<IPGroups ip_group_name="Engineering" ip_group_desc="description in detail" ip_group_speed="1000000">
<GrpIPAddress addr_id="12.12.12.12" flag="include"/>
<GrpIPNetwork netmask_addr_id="255.255.255.0" network_addr_id="12.12.13.0" flag="include"/>
<GrpIPRange netmask_addr_id="255.255.255.0" start_addr_id="12.12.14.1" end_addr_id="12.12.14.100" flag="exclude"/>
<ApplicationNames port="80" protocol="TCP"/>
<Selected_Devices>
<Router Router_Name="192.168.111.113">
<Interface interface_name="IfIndex1" />
<Interface interface_name="IfIndex3" />
</Router>
</Selected_Devices>
</IPGroups>

 

 

Within this configuration it is possible to have any number of GrpIPAddress or GrpIPNetwork or GrpIPRange or ApplicationNames with Inteface selection.

It is also possible to add specific criteria/exceptions to the group definition such as:


The user has to ensure that an IP group with the same name does not already exist and that the IP group name does not exceed 50 characters.

If all the IP groups are loaded succesfully, you can see the message "All ipgroups are succesfully loaded" in the User Interface. If you try to load the same IP groups twice, you can see the message "Error in loading. IPGroup with name ':grp1' Already exists." in the User Interface. If there is no such file in the directory, you can see the message "NETFLOW_HOME\troubleshooting\ipGroup.xml is not found." in the User Interface.

 

After adding the IP group(s) it is possible to selectively include/exclude a IP Network/ IP Address/ IP Range from the user interface of the product.

 

Enabling WAN using IP Group Management

IP Group Management lets you monitor departmental, intranet or application specific traffic exclusively. You can create IP groups based on IP addresses and/or a combination of port and protocol.Now, using IP Group Management you can also monitor wan round trip time for specific IP address or IP range and analyze the latency and quality of service between two locations.

 

In order to enable WAN RTT monitoring using IP Group Management you need to specify the individual IP address or IP range. You can also monitor range latency between two different sites under IP group option.The IP address under the specified IP group acts as the destination IP address while you have to specify the source IP address. Using the include and between sites option you can monitor WAN performance for individual and range of IP addresses but for for IP networks.The added monitor can be viewed under the traffic tab of IP groups along with the average WAN round trip time details. Click on the check box that reads "Also Enable WAN RTT" to enable WAN RTT monitoring under IP Group Management.

 

 

Copyright © 2012, ZOHO Corp. All Rights Reserved.
ManageEngine