Anda di halaman 1dari 46

Monitoring your NetScaler

Traffic with AppFlow

Dale McCoon

Senior Technical Support Engineer


SUM308 Monitoring your NetScaler Traffic with AppFlow

May 8th, 2012

Tweet about this session with


hashtag #SUM308 and
#CitrixSummit
#CitrixSummit

Agenda
Why Open Source Application visibility is important
How AppFlow works
Configuring Appflow on the NetScaler
Interpreting the collected data

#CitrixSummit

Why Open Source


Application visibility is
important

Common Monitoring Issues Faced by Administrators


Decentralized infrastructure makes monitoring difficult
Multiple vendors offering different non-interoperable solutions
Proprietary technologies decrease flexibility
Bulky Agent software increases management overhead
Network taps are expensive and impractical in the Cloud Era

#CitrixSummit

The AppFlow Solution


More and more applications are moving to the Cloud
Open Source Standard allows for homogeneous infrastructure
Vendor lock in is no longer a concern
Agent-less allows for the right tool for the job
IETF standard defined in RFC 5101
Allows for a Full Picture Solution

#CitrixSummit

How AppFlow works

How AppFlow Works


Using UDP as the transport protocol Appflow transmits the collected data called
flow records to one or more IPv4 collectors
Provides visibility for HTTP, SSL, TCP and SSL_TCP flows
Various 3rd party collectors aggregate the collected traffic in real time (Splunk,
SolarWinds)
Feature introduced for AppFlow in NetScaler 9.3nc
Available in NetScaler Standard, Enterprise, and Platinum
Supported both on the MPX, VPX, and SDX
AppFlow support in NetScaler 10 for DataStream and EdgeSight
#CitrixSummit

Data Flows that can be reported on


Client to VIP

SNIP/MIP to Server

Server to SNIP/MIP

VIP to Client

#CitrixSummit

AppFlow Records
Records transmitted in IPFIX format via the NSIP of the NetScaler
IPFIX based off of Ciscos NetFlow
Each flow records contains a sequence number, so that the collector can see if
there is a missed flow record
No retransmission of missed flow records (function of UDP)
Collector may be able to report on missed records

#CitrixSummit

Appflow Records sent to Collector Via NetScaler


SNIP/MIP to Server
Client to VIP

NSIP to Appflow
Collector

Appflow Collector
#CitrixSummit

Configuring AppFlow on the


NetScaler

Configuring AppFlow on the NetScaler


Enable the AppFlow Feature (enable feature AppFlow from the CLI or SystemSettings-Configure advanced features and check the AppFlow box in the GUI)
Add a Collector (default port is 4739)
Add a AppFlow Action specifying a Collector
Add a AppFlow Policy, define an expression
Bind the Action to the Policy

#CitrixSummit

Configuring AppFlow on the NetScaler

#CitrixSummit

Configuring AppFlow on the NetScaler (cont.)


Bind AppFlow Policy either to the VServer or Globally
Ensure AppFlow Logging is checked on the VServer or
Service

#CitrixSummit

Setting AppFlow Parameters

Control what is sent to the Collector


Tailor information sent to the collector to fit your environment
Client Traffic only collects only client side traffic
Multiple records in each UDP packet

#CitrixSummit

Configuring the NetScaler to send Syslog info via


Appflow

#CitrixSummit

DataStream Support in NetScaler 10

#CitrixSummit

EdgeSight Monitoring for AppFlow

#CitrixSummit

Basic Troubleshooting

Check if policy is being hit


Nstcpdump.sh filtering UDP
Network trace from Collector
Show run | grep appflow to verify config from CLI

#CitrixSummit

Basic Troubleshooting

Verify HTTP (or other)


data exists within the
packet being
transmitted to the
Collector
#CitrixSummit

AppFlow Counters
SNMP can be used to monitor AppFlow for ignored packets
These values also translate into counters for the nsconmsg
tool
Information such as flow records transmitted, IPFIX records
ignored, and IPFIX records not sent
Can be useful for proactive monitoring of AppFlow itself

#CitrixSummit

Interpreting the Collected


Data

What exactly
is traversing
my Network?

#CitrixSummit

Interpreting the Collected Data


Allows for analysis on all aspects of data passing through the NetScaler
HTTP, TCP, Application Firewall, VPN, and UI among other statistics can be
logged
Grants a top down view of data that can be graphed and exported
This allows for statistics to be logged, trends to be noticed quicker, easier, and
action to be taken
Quicker Time to Resolution when troubleshooting issues.

#CitrixSummit

General Overview of Data via AppFlow

#CitrixSummit

More Specific break down of Total Bytes


Sent/Received

#CitrixSummit

General Overview of Data via AppFlow

#CitrixSummit

General Overview of Data via AppFlow

#CitrixSummit

HTTP Visibility

#CitrixSummit

HTTP Visibility

#CitrixSummit

HTTP Visibility

#CitrixSummit

HTTP Visibility

#CitrixSummit

Application Firewall Visibility

#CitrixSummit

Application Firewall Visibility

#CitrixSummit

VPN Visibility

#CitrixSummit

SSL VPN Visibility

#CitrixSummit

SSL VPN Visibility

#CitrixSummit

SSL VPN Visibility

#CitrixSummit

In Depth Traffic Visibility

#CitrixSummit

Resources
www.splunk.com
www.citrix.com/technologies/appflow
AppFlow Configuration Guide - http://support.citrix.com/article/CTX130334
How to Install and Configure Splunk for NetScaler for Application Firewall
Reporting - http://support.citrix.com/article/CTX132533
NetScaler AppFlow Counters http://support.citrix.com/article/CTX132769

#CitrixSummit

Q&A

AppFlow Overview
Monitoring your Network traffic with AppFlow allows for:
Visibility What is my Network doing
Accountability Who is using my Network
Seamless Integration No Agents, No vendor lock in

#CitrixSummit

We value your feedback!


Take a survey of this session now in the mobile app
Click 'Sessions' button
Click on today's tab
Find this session
Click 'Surveys'

#CitrixSummit

Before you leave


Conference surveys are available online at www.citrixsummit.com starting
Thursday, May 10

Provide your feedback and pick up a complimentary gift at the registration desk

Download presentations starting Monday, May 21, from your My Organizer tool
located in your My Account

#CitrixSummit