The IP groups feature lets you monitor departmental, intranet
or application traffic exclusively. You can create
IP groups based on IP addresses and/or a combination of port and
protocol. You can even choose to monitor traffic from specific
interfaces across different routers. After creating
an IP group, you can view the top applications, top protocols, top
hosts, and top conversations in this IP group alone.
This section will help you understand IP Groups and walk you through
the steps needed to create and later delete an IP group if needed.
To further understand how the IP grouping feature can help in understanding exclusive bandwidth usage, consider the following two scenarios:
Enterprise Network Scenario
A typical enterprise setup where the main servers and databases are located at a central office, and all branch offices are given appropriate access privileges to these servers.
Problem: You need to track bandwidth used by each branch office while accessing an ERP/CRM application
Solution: Create an IP group for each branch office, along with the port and protocol of the ERP/CRM application running in the central office.
The traffic reports for each IP group will then show details on bandwidth used by the branch office while working with the ERP/CRM application. This information is very useful during traffic accounting and usage-based billing.
End Note: If the IP addresses in the branch offices are NATed (network address translated) by the web server, you can view overall bandwidth usage for the branch office, but not that of individual hosts within the IP group.
Campus Network Scenario
A typical campus network with several departments. Here IP addresses are usually not NATed by the web server.
Problem: You need to analyze bandwidth used by each department
Solution: Create an IP group for each department (IP address or address ranges), without specifying any port/protocol values.
The traffic reports for each IP group will then show bandwidth usage by that department along with information on top talkers, and top conversations within that department.
IP groups can be defined based on IP address and/or port-protocol combinations. In addition, you can filter IP group traffic based on interfaces. The following matrix shows the different combinations possible, along with a typical example usage for each combination.
Combination | IP Address | Port/Protocol | Interfaces |
---|---|---|---|
IP Address | View bandwidth details for a range of IP addresses. | View Web (80/TCP, 80/UDP) traffic details for a range of IP addresses. | View bandwidth details across multiple interfaces, for a range of IP addresses. |
Port/Protocol | View Web (80/TCP, 80/UDP) traffic details for a range of IP addresses. | View Web (80/TCP, 80/UDP) traffic generated across the network | View Web (80/TCP, 80/UDP) traffic generated across multiple interfaces. |
Interfaces | View bandwidth details across multiple interfaces, for a range of IP addresses. | View Web (80/TCP, 80/UDP) traffic generated across multiple interfaces. | [ Not possible ] |
Field | Description |
---|---|
IP Group Name | Enter a unique name to identify this IP group |
IP Group Description |
Enter descriptive information for this IP group to help other operators understand why it was created. |
IP Group Based on | Select whether you want to define this IP group based on IP address or port-protocol combination. If you want to define the IP group based on both IP address and port-protocol, select both options. |
Specify IP/IP Range/Network | Select the IP address, address range, or network that this IP group is based on. Use the Add More option to add additional specifications. |
Include/Exclude |
Include option includes the particular the IP address, address range, or network. Exclude option excludes the particular the IP address, address range, or network. |
Associated Interfaces | If you need to filter this IP group further, based on devices or different interface combinations, click the "Select Devices" link and select the different devices and interfaces whose traffic needs to be included in this IP group. |
IP Group Speed | Enter the interface speed (in bits per second) for calculating percentage of traffic for this IP group. |
![]() |
If you add a new combination of ports and protocol, a popup opens stating that this combination of ports and protocol has not been mapped to any application. Add the combination as a new application in the same popup, and click Update to update the Application Mapping list with the new application. |
Click the IP
Group Management link in the Admin
Operations box to view the list of IP groups created so far.
The current status of the IP Group is also shown as or
. Select the IP group that you want
to modify, and click the Modify button to edit its
settings. Once you are done, click Add to save and
activate the new changes. To change a IP group's status from Enabled to
Disabled or vice-versa click on the current status of the IP Group. It
is possible to Enable or
Disable all the IP Groups at once by using the
"Enable All" and "Disable All" buttons.
To delete an IP group, select the IP group and click the Delete
button. Deleting an IP group removes the IP group from the list of IP
groups managed. All users assigned to this IP group will not see this
IP group listed on their Dashboard.
![]() |
Unmanaging an IP group will lead to bill generation for the particular IP group, IF that IP group has been selected for billing. |
NetFlow Analyzer allows bulk loading of IP group using the XML file(ipGroup.xml) contained in the location: AdventNet\ME\NetFlow\troubleshooting. using this file it is possible to define multiple IP groups at once. A sample configuration code looks like:
<IPGroups
ip_group_name="Engineering" ip_group_desc="description in detail"
ip_group_speed="1000000"> <GrpIPAddress addr_id="12.12.12.12" flag="include"/> <GrpIPNetwork netmask_addr_id="255.255.255.0" network_addr_id="12.12.13.0" flag="include"/> <GrpIPRange netmask_addr_id="255.255.255.0" start_addr_id="12.12.14.1" end_addr_id="12.12.14.100" flag="exclude"/> <ApplicationNames port="80" protocol="TCP"/> <Selected_Devices> <Router Router_Name="192.168.111.113"> <Interface interface_name="IfIndex1" /> <Interface interface_name="IfIndex3" /> </Router> </Selected_Devices> </IPGroups> |
Within this configuration it is possible to have any number of GrpIPAddress or GrpIPNetwork or GrpIPRange or ApplicationNames with Inteface selection.
It is also possible to add specific criteria/exceptions to the group definition such as:
The user has to ensure that an IP group with the same name does not already exist and that the IP group name does not exceed 50 characters.
If all the IP groups are loaded succesfully, you can see the message "All ipgroups are succesfully loaded" in the User Interface. If you try to load the same IP groups twice, you can see the message "Error in loading. IPGroup with name ':grp1' Already exists." in the User Interface. If there is no such file in the directory, you can see the message "NETFLOW_HOME\troubleshooting\ipGroup.xml is not found." in the User Interface.After adding the IP group(s) it is possible to selectively include/exclude a IP Network/ IP Address/ IP Range from the user interface of the product.