In today’s networks, bandwidth consumption seems to expand to use up any available bandwidth. Demand can be driven by business use of cloud services, VOIP and Video, online applications, and centralized services. But, it can also be consumed by users with their own devices like iPads, Android Phones, and laptops; or for personal use of social media, video and photo sharing sites, and peer-to-peer networks.

Often, the solution is to throw more bandwidth at the problem – but that’s an expensive approach that doesn’t address the real issue. In time, critical applications are once again starved of needed bandwidth, and eventually slow down or stop working.

But there is a better way!

The ManageEngine NetFlow Analyzer helps by identifying exactly what types of traffic travel over the network. This allows administrators to take action that could save bandwidth, and delay or reduce the need for costly upgrades.

The NetFlow Analyzer is installed on a server, and then network devices configured to send data to the Analyzer. Administrators access the Analyzer via an easy-to-use web console. ManageEngine supports “Flow” data from a large number of hardware vendors, so it can collect NetFlow, J-Flow, and sFlow, data.

Graphing and Reporting

NetFlow Analyzer has a wide array of charts and graphs to help identify exactly what traffic is flowing on your network. Graphs are sorted by network devices, application types, or other custom groupings. It shows who the “top talkers” are on the network, and what kind of traffic they are generating.

Helpful dashboards, like the one below, show your network at a glance. The “Top Applications” graph shows what kind of applications use the most traffic – and NetFlow Analyzer can identify most common application types so there’s little guesswork involved. “Top Conversations” shows which data flows and devices are generating the most traffic overall.

NetFlow Analyzer Dashboard

Identify Bandwidth Hogs

Device grouping allows administrators to create logical groups of devices or network subnets. This enables NetFlow Analyzer to generate charts and reports sorted by those custom groups. So for example, administrators could create groups sorted for different branches to determine what kind of data needs a specific workgroup has. This could be useful for troubleshooting or move planning. Or, it could be easily used to monitor traffic for a group of application servers helping to show the network impact of new services.

NetFlow Analyzer Logical Groups

Drill down to an IP group to see more detail, including Total traffic, and in/out utilization.

Group Detail Reporting

Next you could click on the “Capacity Planning” link to jump to a detailed usage report for that group. The report includes some of the information already covered, as well as a very useful Application Report. The Application Report shows top applications used by volume and by percentage of total traffic.

NetFlow Analyzer Application Reports

Data for the group can be displayed in several ways: by application, source, destination, or conversation to name a few. The screenshot below shows a conversation view.

Traffic by Top Conversation

Reports can be exported for use with other applications. NetFlow Analyzer includes native support for emailing reports, exporting to PDF, or exporting to CSV to make it easier to mine through data in Excel.

Alerting

Another useful feature is the ability to set Alerts. An alert can be created to trigger when specific IP addresses, subnets, applications, or port/protocol combinations exceed a threshold. Thresholds can be based on utilization, volume limits, speeds or packet rates.

If an alert is triggered, an email will alert administrators to the situation. Alerts can also be configured to only alert during business hours, though this appears to be a global setting and not configurable for individual alerts.

Security Analysis

NetFlow Analyzer can also help administrators to monitor network security with the add-on “Advanced Security Analytics Module.” Obviously this isn’t the same as running a dedicated security appliance, but rather it adds another layer of monitoring which is never a bad thing – and in fact might be just the right tool to complement existing security.

The Security Analytics module monitors all network flows for anomalies. If an unusual traffic flow is detected, it logs it and attempts to classify the behavior. This can be very helpful for detecting traffic generated by worms or DOS attacks.

Security Analytics Identify Threats

Reporting

The reporting module is where administrators can configure reports that are accessed regularly. A small range of application, conversation, source/destination, and other reports are available.

On the plus side, reports can be scheduled to run and be emailed on a regular schedule. But on the downside, the scheduling module doesn’t seem to talk to the report profiles – so setting up a schedule means that reports must be configured from scratch again. It would be great if the reporting module felt more integrated with the other great reporting capabilities of the tool.

The reporting UI can be a little frustrating to use. For instance when expanding a profile to select a report to view, after selecting the report the selection tree would disappear. So if you clicked on the wrong report, you need to expand the tree again to find another report.

But other than those few minor complaints, reporting works well and provides a wealth of information.

NetFlow Reporting Module

Pricing

Pricing for all of this capability is surprisingly affordable. Prices for the “Professional” version start at $795 USD to monitor 10 network interfaces – which would be enough for most medium businesses to monitor their internet access and other key network devices. More information is available by requesting a quote from their website.

Summary

A NetFlow monitor is a crucial piece of network management software that every administrator should have. With ManageEngine’s NetFlow Analyzer it’s easy for an administrator to identify users who are sucking back excessive bandwidth for Peer-to-Peer file transfers, or even find machines infected with worms that could be generating malicious traffic. Or, departments and workgroups can be grouped together for reporting, helping a business to fine-tune bandwidth needs when parts of the office move to new locations.

On the other hand, it has a few small faults. For one, it would be nice to see the UI updated to be a little more intuitive and menu-like. Clicking on various parts of the tab-style layout often doesn’t seem to produce the desired result – the application felt as if it jumped around from module to module in an unexpected way. With time I began to understand the logic behind the UI and became more comfortable with it. But, it would be nice to see the UI get the great treatment that ManageEngine recently gave to their updated OpManager console. (You can read our review of the updated version here.)

But those are small complaints on a great tool overall. The NetFlow Analyzer does a great job of monitoring the network and helping to present that information in an understandable, useful manner. If you’re still struggling to understand what traffic is flowing over your network, then we recommend downloading the free 30-day trial of the NetFlow Analyzer, or checking out the Live Demo. You might be surprised to find out what users are really doing on your network!

Are you winning the battle to tame your network? Or are you constantly are surprised by servers running out of disk space and bandwidth shortages? Does the ring of your cell phone make you shudder and wonder what just broke? If you answered yes, then you need better network management software!

ManageEngine’s OpManager can help you take control of the network. OpManager is a powerful network management system that includes features like network monitoring, alarm notification, health reporting, and more.

Features

OpManager has a long list of features that make network monitoring simple and efficient, including some great new features over earlier versions. Some of the new features include:

• Hyper-V support – OpManager now provides Hyper-V tracking, monitoring, and inventory features.
• New Improved UI – Menus have been reworked for easier navigation and more intuitive use.
• REST API – New APIs provide a way to fetch data from OpManager from other 3^rd party service desk applications.

How well does it all work? Let’s jump right into the product, starting with:

Easy Installation and Configuration

Installation was fast and simple.  A small number of options presented themselves: whether to install as a service, which web port to use, and whether to use the built-in MySQL or a standalone MSSQL server to name a few.

Configuration is the next step, and OpManager presents a helpful list of recommended tasks on startup.  First on the list is network discovery – enter your SNMP strings and IP ranges, and away you go. In general, configuration is very easy. It’s simple to add devices or to discover new networks.

OpManager allows admins to create Templates that can be assigned to devices, making it easy to set a large number of devices to be treated the same way. Templates specify settings like polling intervals, and parameters that will be monitored on each device. For example, all file servers could be placed into a template that would activate disk utilization, memory, and CPU monitoring.

IT Workflow Automation

One of the new features in OpManager 9 is something they call “IT Workflow Automation.” What is it?

IT Workflow automation allows administrators to automate routine maintenance, as well as troubleshooting tasks that they would perform when a network fault occurs.

For example, suppose that whenever a website fails, your first tasks would be to ping the server, and attempt to re-start the web-service if the server is up. IT Workflow automation can do that for you – minimizing downtime and giving you time to find the real cause of the problem.

Script Monitoring

Closely related to Workflow Automation is Script Monitoring. If you’re like most admins, you have a many scripts that you use to retrieve data and perform tasks on your servers.

OpManager allows you to bring all of those scripts together into a single management console – making it easy to share common scripts among all of your servers.

It also supports setting thresholds and alerts on script results – which could then kick off automated tasks to repair problems. All in all, a very cool set of features!

Dashboards

One of the first things you’ll see in OpManager is the Dashboard, an at-a-glance summary of your network.  Several different dashboard views are available, and all can be customized to suit your particular needs.  Widgets can be added, removed or customized to show data you find useful.

The dashboard is a great help for troubleshooting. For instance, you could add a real-time chart to monitor key variables – memory, CPU, interface traffic, and much more.  Then, you can see instantly if your internet connection is saturated, or if your server is out of disk space.

Device Monitoring

Device monitoring is at the heart of any network management software.

OpManger does a great job of monitoring devices for potential problems.  It can use standard SNMP as a monitoring method, but it can also use WMI to monitor Windows servers and Active Directory.  And, it can use SSH/Telnet to monitor statistics for Linux servers.

Device snapshots display current statistics for monitored systems.  The snapshot page contains information on response time, availability, and various other key metrics depending on the type of system being monitored.

You’ll also find detailed information on interfaces, as well as trend data through links at the bottom of the snapshot window.

Mapping

The newest version of OpManager adds some nifty new automatic mapping features. Administrators simply chose a “seed device,” and the system dynamically maps the other devices connected to it. Devices are shown with a status icon, enabling an instant view of any trouble spots on the network.

URL monitoring

Have you ever been caught when a website failed, even though the server was up and running? Say goodbye to that problem thanks to the URL monitor. The URL Monitor can perform synthetic transactions, testing to verify that login pages and other web-applications are always working.

Another feature is called “Content Match.” This useful tool allows administrators to monitor a page for specific text. If that text ever goes missing for any reason – maybe an accidental delete or worse, a malicious attack – then an alert is triggered allowing a fast response.

Reporting

OpManager has a fantastic reporting engine that can generate many different types of reports.

We can’t cover them all, but here are a few examples of the kinds of reports available.

Service level reporting provides a helpful overview of the network’s availability – great for showing the boss what an excellent job you’re doing of keeping the network running.

At a glance reports provide a summary of key metrics for a device, providing a fast way to identify potential performance problems and bottlenecks.

Health reporting dives a little deeper, and contains statistics for key performance metrics for specific devices.  This type of report helps to identify problem devices or circuits in relation to the rest of the network.

Finally, custom reporting allows administrators to query variables for specific devices and date ranges. The only downside to custom reporting is that it is not run from the Reporting module – it is accessed by clicking on a device, then by opening up one of the graphs shown on the device’s detail pages.

Overall, the reporting module is improved over previous versions of OpManager. It is more fully-featured and easier to use, and allows creating of custom reporting as well as filtered report views based on “business views” which are like lists of devices. On the other hand, I’d still love to see a simple query engine that would allow an admin to generate trend reports on the fly, for any monitored SNMP variable on any device. But we’re getting into wish-list territory, and the default reporting is generally excellent.

The User Experience

Overall, OpManager provides a great user experience and version 9 brings several improvements that make it much easier to use. The menu system has been reworked, and is now much more user friendly and intuitive.

The system allows for creation of multiple users with various levels of access.  The UI also supports rebranding – changing the overall look-and-feel to use your own corporate colors and logos.

Additionally, the entire console is administered and accessed almost entirely via the web-console. This makes management a breeze.

Alarms

What network management software would be complete without alarms and notifications? OpManager doesn’t disappoint here either, with the ability to set threshold alarms to trigger a range of notification methods.  All the usual suspects are here: email, SMS text, run scripts, etc.

Two useful features help to make the alarms well rounded.  A downtime scheduler allows admins to set outage windows in the system – perfect for reducing needless notifications during planned maintenance. And, dependencies can be set so that an outage to a key device doesn’t flood admins with alerts for all of the systems behind that device.

Clicking on an alarm provides a drill-down view of the alarm and event history for the device in trouble. The detailed view is a great troubleshooting tool, helping to identify chronic problems.

Also under the Alarms module: a useful “Devices to Watch” dashboard, which shows all devices that have triggered various types of alarms. The dashboard shows the device name, status, and key performance stats on CPU and Memory usage.

The only complaint I can find is that OpManager still doesn’t have the ability to set multiple threshold alarms – yet.  The good news: ManageEngine tells us this feature is coming in a very near future release of the product.

Having multiple thresholds allows an administrator to specify that warnings will be triggered at a certain threshold, and a critical alarm at another level. This would be useful for monitoring things like temperature or disk utilization that might creep up gradually – and allow administrators to monitor the situation before a critical state is reached. It will be a welcome addition once it’s available.

Plugins

ManageEngine offers several plugins as separate products that integrate smoothly with OpManager. There are too many to cover here, but examples include their VOIP monitor, and a useful tool called “Compliance Manager.” Compliance Manager scans devices and identifies if a specified policy is not met.

For example, in the screenshot below Compliance Manager has identified several critical violations on a Cisco device.

Other available plugins include:

• WAN RTT (Round-Trip-Time) Monitor, using Cisco IP SLA Technology

Monitor WAN links for latency, bandwidth utilization, Round–Trip–Time and other key performance indicators.

• NetFlow Traffic Analysis

The NetFlow plugin provides detailed graphs and reports that show not just how much traffic, but also what kind of traffic is flowing over the network. We recently reviewed the stand-alone NetFlow Analyzer from Opmanager, and recommend it for anyone struggling to understand why they never have enough bandwidth.

• Network Change Configuration

Detect changes to your network devices when they happen, and automate backups.

Pricing and Editions

OpManager’s pricing varies depending on how many devices you need to monitor – but the pricing scale has affordable options for everyone from small business to large enterprises. For example, a 50-device license would cost as little as $1,995. In addition, different plug-in software can be purchased that add extends functionality.

OpManager has several editions, including an Enterprise edition which is scalable up to 50,000 interfaces. It also has options for high-availability thanks to hot-standby servers and probes.

Given the range of pricing available, we recommend contacting ManageEngine for a price quote. More information can be found on their website.

And, trial versions of OpManager are free for 30 days!

Summary

OpManager was good before – now it’s great! It is an extremely versatile, feature-rich system, made better by new features like Mapping, Hyper-V support, and the improved UI. Alerting is comprehensive and full of information sure to help administrators fix problems faster. The reporting module provides data that will be useful for everyone from administrators to service managers. And, features like URL monitoring provide assurance that websites critical to the business are online.

On the downside, it still doesn’t have multiple-threshold alarms, but that feature is on the roadmap and no doubt will appear soon.

In our opinion, the new and improved OpManager is well worth your time to test out. Try out OpManager’s 30-day free trial download and see what you think.

Have you ever received complaints from your remote sites about poor network performance?  Do you have service level agreements with your service provider with no way to verify their performance?  This document will describe how you can address these issues using IP SLA technology.

IP SLA is a feature included in the Cisco IOS software that allows users to verify service guarantees, increase network reliability by validating network performance, proactively identify network issues, and increase Return on Investment (ROI) by easing the deployment of new IP services. IP SLA uses active synthetic traffic-monitoring technology to monitor continuous traffic on the network.  This is a reliable method in measuring overhead network performance. Cisco routers provide IP SLA Responders that give accuracy of measured data across a network.

A source router injects various types of traffic onto the network with an operation to perform (go to point A and report the latency back to me).  It is analogous to sending a test car into traffic on a highway and measuring latency (how much time does it take to go from point A to point B), availability (does it even arrive?), and jitter (does the space between the cars remain constant?).

By combining a network performance monitoring product, such as SolarWinds Network Performance Monitor (NPM), and an IP SLA product, such as SolarWinds IP SLA Manager, network engineers can test a number of different WAN performance scenarios.

Monitoring WAN Performance

By executing an IP SLA operation every 60 seconds between routers, you can determine the availability of the connection, the packet transmit time (latency), packet loss and jitter.

Further examination of these statistics will allow you to determine where you may have a WAN issue that allows you to take further action.

Monitor End-to-End Network Quality

In this scenario, you create 4 different IP SLA operations in your network.  First you check the overall response time from one end-point to another end point (852 ms).

Next, you create additional operations that break the end-to-end response time into a series of smaller segments.

By examining each independent segment as it relates to the overall performance, you can again identify potential problem areas.

Verify Service Level Agreements

By using IP SLA operations, you can measure your site-to-site WAN performance and compare that to what your service provider is telling you.  If you have charge-back, refund or credit rights then you may be able to recover some money if your SLAs are not being met.

Assessing VoIP Infrastructure

With IP SLA you can monitor jitter across various part of your network to determine if your infrastructure can handle deployment of voice over IP.

Hopefully you can see from the four use cases above just how powerful IP SLA can be for monitoring the overall performance of your network.

Learn more and download a fully functional free 30-day trial of both SolarWinds’ Network Performance Monitor and SolarWinds IP SLA Manager.

A good TFTP server should be part of every admin’s toolkit. We’ve rounded up some of the best free TFTP server applications we could find and compared them all below. But first some basics:

What is TFTP?

TFTP, or Trivial File Transfer Protocol, is a very basic file transfer protocol. It is very simple, doesn’t have any security authentication, and usually used for transferring small files.  It uses UDP, which doesn’t have error checking like TCP does. And, it’s best suited for transferring smaller files over a LAN, rather than an larger network like the Internet.

For a network administrator, TFTP is an essential way of backing up router and switch configuration files. It could also be used to providing PXE boot files to thin-clients or network-based workstation installation systems.

There’s a wide range of TFTP servers available, all with different features. Some are very basic, others include security and other have more advanced features. Take a look at the picks we’ve rounded up below – you’re sure to find one that meets your needs!

SolarWinds Free TFTP Server

SolarWinds offers a range of free tools that complement their Orion suite of network management products, which we’ve also reviewed in the past. Their Free TFTP server has been very popular with admins thanks to its flexibility and ease-of-use.

The server can run as a Windows service and includes the ability to transfer large 4 GB files. It also runs as a multi-threaded program, allowing uploads from multiple network devices simultaneously.

On the security side of things, you can authorize specific IP addresses or ranges of IP addresses for transfers – helping to place some control around what is otherwise an unsecured service.

Download it Here

WhatsUp Gold Free TFTP Server

WhatsUp Gold makes a wide range of great network management software. (We reviewed WhatsUp Gold Premium here.)  Their Free TFTP Server is just as good as any of their paid products.

Their TFTP server supports large file transfers up to 4 GB, and runs as a Windows service for anytime access. It also has some great security features – including the ability to restrict client permissions to the server and restrict TFTP server availability by subnet.

It also allows the server to be bound to either a single IP address, or all available addresses on the server – giving you an extra level of control over what ports you’re exposing.

Download it Here

TFTPD32 from Philippe Jounin

TFTPD32 has become the go-to TFTP server for many admins ever since Cisco stopped providing TFTP software years ago.

TFTPD32 is free open source, and includes a number of useful extra additional server features like Syslog, SNTP, DHCP, and DNS. And don’t let the name fool you – there’s a 64-bit version available for newer O/Ses too.

The TFTP server component is multithreaded to support multiple uploads at once, and has some security features, as well as interface filtering.

Download it Here

Windows Built-in TFTP Server

Have a Windows Server that isn’t used for anything else? Why not install the Windows TFTP Server add-on feature? It’s already included on your Windows Server media, although you’ll need to manually add it to your system.

By default it doesn’t run as a service, so for that you’ll probably need to use the Windows Resource Kit and the “install as service” tool. Don’t worry, it won’t be hard for a smart network admin like you – it just takes a few extra steps to get the software running.  You’ll find several helpful tutorials on the web – this page might be a good place to start.

On the other hand, the purpose-build TFTP tools we tested are easier to install and use – and have better interfaces. The Windows service is command-line based. It also doesn’t have some of the security features of other servers, like the ability to restrict uploads to specific subnets or interfaces.

In Summary

All of these tools should provide the basic functionality that most admins need in a TFTP server – they just go about it in different ways. Install your TFTP server today, and rest easy knowing that you have a way to back-up critical config files.

What is it?

System Shepherd is primarily geared toward network and system admins, technology executives and application owners who want to “see what the end user sees” when it comes to application and network performance, even simulating the network speeds experienced by users in different locations around the world.

How is it deployed?

The monitoring consoles are cloud-hosted by Absolute Performance.  Monitoring agents are pushed out over the network to the different app servers and devices being measured.  No dedicated admin server is required.  Billing is done on a quarterly basis, much like other cloud services providers.

How is it different from other solutions we’ve reviewed?

While System Shepherd and its different modules do handle network management tasks and alerting et al., the main value in the Absolute Performance approach is in tracking down proprietary application performance problems, identifying bottlenecks, and optimizing application service delivery.

Introduction

It’s a situation many companies find found themselves in: big bucks have been spent on a new proprietary application, but performance problems pop up after the rollout. Users find the application too slow. Or worse, the application crashes and freezes entirely. The help desk is constantly handling calls from end users complaining that they’re unable to do their jobs ‘when the system is so slow or crashing’.

The application guys blame the network admins; the network admins keep telling the application guys that it’s their app that isn’t performing.  Around and around the hot potato goes… Is it a network problem? Firewall? Database I/O? CPU? It’s impossible to tell without good application performance monitoring tools.

Absolute Performance designed System Shepherd to help sort this out. System Shepherd gives everyone involved the ability to see what the user sees, and move beyond error logs to troubleshoot performance issues.  This particular feature of System Shepherd is called Webwalk.

What is Webwalk?

WebWalk simulates end-user access to your websites using synthetic performance testing. So, for example, you could set up a test that measures response time for different parts of your online store. It can not only report whether or not the site is online, but more importantly, it can tell you which pages are loading quickly or slowly, and if transactions can be completed.

The System Shepherd portal can display charts like the one above, helpful for troubleshooting. It can also alert administrators on all sorts of trouble, like when WebWalk detects that a page loads too slowly; if a server becomes unreachable; on log errors; or almost any other event.

Because System Shepherd runs as a hosted service, there is no hardware to buy, and no monitoring stations to install. Just sign up for an account, load the monitoring agents on your servers, start collecting the data you want, and away you go.

System Shepherd Features

Log in to the web-console, and the first screen you’ll see is a dashboard like the one below.

The dashboard is a good place to get a simplified overview of application and host performance. A list of applications and servers is displayed, as well as a system load summary. The system load is calculated different ways for different hosts, but for servers is usually based on CPU, and for network devices it measures overall network utilization. Click on any of the hosts to drill down to a variety of metrics specific to that device – like CPU utilization, memory, disk space and more.

Systems can be monitored using a number of different methods. System Shepherd uses an agent which is installed on your servers to access information directly from the O\S. The agent uses pre-defined templates to collect information by running commands, scripts, parsing through logfiles, and more. SNMP monitoring is supported too, as is custom scripting to extract information that may not be included in a standard template. If the information is there, System Shepherd probably has a way to get it.

The Analytics section of System Shepherd, seen below, is where the real meat of the system lies. This is a series of customizable tabs that can display any combination of metrics that you need. Need to monitor a distributed app? No problem. Create a tab, and add graphs for your web-server, SQL server, and SAN to instantly see if problems arise. Troubleshooting a specific problem on one device? Create a tab for that, and add the components involved to see if a bottleneck exists.

On The Other Hand…

No product is perfect, but we had to look pretty hard to find the flaws with this one.

System Shepherd is very powerful, but also very complex. There is simply a huge amount of data available with this system. That could make initial configuration of the product challenging. Admins should expect to spend time deciding which data they really need. And then, they’ll need to spend more time to configure the system, setup templates properly, and display that data in a useful way. But, this is something that needs to be done with any monitoring system, and Absolute Performance provides 24/7 email support to help with any aspect of configuration.

The other downside to System Shepherd is limited reporting capabilities. As you’ve seen, graphing and charting are strengths for this product, but it doesn’t have a reporting module yet. The good news, is that Absolute Performance tells us this is on the roadmap for the very near future. In the meantime, System Shepherd’s web-services are standards-compliant, so you could use third-party reporting tools to extract data, or even have a custom dashboard created to meet your needs.

Our Opinion

System Shepherd is a very powerful tool that can meet the needs of nearly everyone. Admins with basic needs will love the dashboards and simple drill-down reports, while complex Enterprises will appreciate the depth of data available to them, and ability to monitor a global infrastructure.

It especially shines for its ability to monitor critical web applications with synthetic transactions that go beyond just ensuring that a web-server is responding. The ability to “walk” through a website and test response time on different parts of the site could be a lifesaver.

Pricing for System Shepherd varies depending on which components are required and how many devices are monitored. In addition, Absolute Performance offers other interesting services that could be bundled with monitoring, including Incident Management services where they can attempt to resolve problems that may have caused an alert.

Absolute Performance also co-authored a recent whitepaper with Microsoft that you should check out if you’re looking at managing in-house applications.  The whitepaper is available for download here.

If System Shepherd looks like it could herd your network into order, then we recommend contacting them today for more information, or check it out more closely via the 14-day trial.

Problem: Streaming media applications consume a lot of bandwidth, because they use multicast to deliver content.  In most cases, the applications that are using multicast to deliver their content are not business critical applications.  However, there are time s when streaming media IS the mission critical app and so needs to be prioritized.

Answer:  NetFlow Version 9 is the only version of NetFlow that accurately records multicast traffic for both ingress and egress directions.  Unfortunately, earlier versions of NetFlow do not support egress monitoring or account for the outbound traffic after replication.  NetFlow V9 enables you to add bandwidth or implement QOS policies to restrict bandwidth usage.

STEP 1: Enable INGRESS and EGRESS 

• Ingress flows have a destination interface of 0 or “null” and so only a single flow is exported
• Egress flows will show the destination interfaces and multiple flows are exported. Multicast traffic does NOT yield egress traffic.

STEP 2: Ensure Memory Capacity

HEAVY TRAFFIC can definitely put a load on your switch or router memory.  Before turning on NetFlow for multicast monitoring, ensure plenty of memory capacity.   For heavy traffic you should upgrade router memory.

STEP 3: Increase Global Flow Hash Table (For Heavy Traffic)