Tags

,

I have done some netflow product evaluation specific to Cisco wireless LAN controller traffic. Cisco introduced this netflow feature on WLC 7.4.100.0 code with AVC (Application Visibility & Control).

Below shows one of our controller Application Statistics (Monitor -> Applications). As you can see we can view “aggregate” , “upstream” & “downstream” traffic statistics with individual application breakdown.Netflow-Review-01Netflow-Review-02Netflow-Review-03

By exporting these information to a Netflow collector I would expect reporting on these traffic statistics. That was my primary objective. As we did not have Cisco Prime with prime assurance module,  I have to rely on other (3rd party netflow tools). I tried this with Fluke NPA, Solarwinds NTA, Plixer Scrutinizer as Cisco document does not specify any limitation with 3rd parties in their document.  But later on realized Cisco does not clearly document compatibility with 3rd party NMS. Only Scrutinizer support this netflow export from WLC as at today.

Here is my independent view on this tool with respect to WLC netflow monitoring.

1. We can easily group multiple controllers & reporting based on that. This is extremely useful to get top level view of your wireless environment if you have multiple WLCs in multiple sites. Here is sample report based my wireless network.Netflow-Review-04

This has a drawback where I cannot differentiate upstream  downstream traffic by using this tool. Cisco is claiming Prime can do this, but I haven’t see it yet.

2. Scrutinizer gives you the flexibility to modify the reports as you need.  Below is one report showing the top 10 wireless users based on MAC address. By default this report is based on IP address & that will not uniquely identify a device (as in my environment 15 min is lease time & same IP can be taken by many users /devices during period of time)Netflow-Review-05

3. DSCP based reporting. This is really helpful to determine how good your wireless network from QoS perspective. You can determine required application get correctly classify within your wireless network. Below does not show the application name (but I think it is easy to convert application ID to name)Netflow-Review-06

4. You can have customized dashboard. Here is my dashboard looks like (I like the colours of these graphs)Netflow-Review-07

5. Lack of capability to generate a summary report. There are no way of me to generate customize report combining multiple graphs/tables. From management point of view, I should be able to see a summary report which gives high level overview of my wireless network utilization.

6.  Only top 10 will be shown as different colour, If I want to see other than this (top 20, top 50) in graphical view in different colour, it is not available yet. But I think this can be done.

So What is the conclusion ? In my personal view, we should wait & see for little more before deciding on a tool. Because cisco is changing their wireless design architecture to “Converged Access” which allow us to terminates all CAPWAP tunnels at access layer. Then there is no requirement to have special collector (like  today for WLC 7.4) as everything should be standard netwflow v9.0 & any of netflow collector tool should be able to use.

Related Posts

1. Day 0 with WLC 7.4 code
2. Who Really Support WLC Netflow ?
3. Configuring Netflow on WLC 7.4
4. Configuring mDNS in WLC 7.4
5.
6.