Page tree

Contents

NetMRI gathers a wide range of data from network devices over time, then analyzes and summarizes the data for network health monitoring. When you need to troubleshoot a problem, you can drill down to examine device and interface details.

The Network Analysis tab features the Network Scorecard, a metric which, at a glance, provides an overall assessment of the current state of the network, and enables convenient monitoring of many aspects of the overall health of the network. Information is organized in the following tabs under the Network Analysis tab:

About the Network Scorecard

The Scorecard appears both on the Dashboard tab and on the Network Analysis tab -> Issues.

NetMRI analyzes the network's stability and correctness and calculates a normalized Scorecard value based on all the issues generated for that day. The Network Scorecard provides the high-level performance metric for the managed network. The Network Scorecard shows the Overall Score value for the current day, the constituent stability and correctness values, and the historical trend over the selected time period.

Stability and correctness are measured across a variety of functional areas across the network. The stability and correctness penalties associated with each issue depend on the type and severity of the issue.
Nine clickable issue categories — Configuration, Devices, Interfaces, Routing, Security, Subnets, VLANs, VoIP, and Wireless — display the list of issues appearing throughout the network for that category. If the bottom pane shows nothing for the category, that indicates no issues for that category currently exist in the network.

  • Stability issues are caused by events like excessive spanning tree topology changes, unstable links, congestion, or excessive CPU/memory utilization.
  • Correctness issues are derived from configuration or design errors, such as duplicate VLAN ID/name pairs or inconsistent routing protocol timers.

The Network Scorecard table summarizes the correctness and stability by component area. You can hover over the colored rectangles to see the specific values. The stability and correctness penalties for all components are combined to create the overall scorecard value, the Overall Score number in the Network Scorecard.

The exact value of the Network Scorecard value itself is not very important. Rather, it is the relative change in the scorecard value over time that is important. Consequently, the scorecard value is plotted in the Scorecard History chart to make historical comparisons easy. The scorecard value will vary from day to day, but the desired trend over time should be rising, not falling. After two or three weeks of operation, the variability of your network's scorecard value should become evident.

The table at the bottom of the Index tab lists the issues used to generate the Network Scorecard and Network History.

Viewing Issues in the Network

The Network Analysis -> Issues tab provides an overview of network status that includes the Network Scorecard, Network History chart, and the issues data driving them. The Issue page defaults to showing the Scorecard with the table of cumulative Issues appearing across the network.

Select any device group to refresh the chart with any data set. You can reformat the Issue page by choosing one of the following four options:

  • Issues By Type with Scorecard: Shows the Scorecard with its nine categories and the Issues table in the lower panel.
  • Issues by Type: The Issues table by each reported Issue type, with sorting and filtering options.
  • Issues by Device with Historic Chart: Lists issues by device, including each device's cumulative Severity level, its IP address and network view, and its cumulative Issue statistics. Click the IP address to view the Issues page for each device. Doing so allows drilling down to more-specific issue information on the device.
  • Issues by Device: The Issues table, listing cumulative issues status by each device.

You can also perform the following: 

  • To determine the current scope, date, and period, the Scope represents the part of the managed network where issues are currently being reported. To check the scope, look at the header just above the Issues panel. For example, if the current scope is Entire Network, the header will read All Devices.
  • To change the scope, select an item in the Select Device Groups pane on the right.

    Note

    The Select Device Group pane on the Network Analysis tab displays only extended device groups, i.e. groups that allow for calculations.

  • To change the date or period covered in the analysis, click the selector icon next to the scope, choose Date or Period, and select the required options.
  • To view issues by device, click the Issues by Device tab below the data table. Access multiple pages using the controls below the right side of the table.
  • To view issues by issue type, click the Issues by Type tab below the issues data table. Access multiple pages using the controls under the table.

Note

Click any device hyperlink to open the Device Viewer for that device. Right-click any device hyperlink to open a menu of actions you can perform for that device. Also, click any Issue hyperlink to open the Issue Viewer for that issue.

To filter the issues table by activity type, complete the following:

  1. Open the Display menu (above the column headers).
  2. In the drop-down menu, click the activity type you want to see in the table. Choose from the following types:
    • All: Displays all instances of all issues during the selected time period. For example, if a device goes down, then comes back up, then fails again, All shows both Device Down instances (Current, on the other hand, would only show a single Device Down instance).
    • Current (default): Displays all issues open for today, or all issues open at the end of a given time period if before today.
    • New: Displays all issues having new instances during the selected time period.
    • Cleared: Displays all issues that have cleared instances during the selected time period.
    • Suppressed: Displays all issues that have suppressed instances during the selected time period.

Also see Evaluating Issues in NetMRI for more detailed information on issues, their significance and how to manage notifications, issue triggering thresholds, how to create custom issues, and other features.

Viewing Changes in the Network

The Changes tab (Network Analysis –> Changes) summarizes changes made to the network. The main Changes table shows more specific information about each detected change. The two following charts appear in the bottom half of the Changes page:

  • Detected Changes: The history chart displays the number of authorized and unauthorized changes made to the device group. You can choose the change types that are displayed by clicking the Change Type menu below the chart. Choose from Admin, All, External, Hardware, or Software.
  • Most Changed Devices/Most Active Change Makers: This chart lists the top ten changed devices or network admins acting as the most frequent change makers (selectable below the chart). To view the most active Change Makers or most frequently changed devices, select Changed Devices or Change Makers from the View list under the chart.

Taking Actions in Change Management

Action icons in the table provide access to change traces and the configuration difference viewer. Each listing in the table represents a change incident on a device. A single device can have more than one Change listed here. Each table row provides an Action icon, from which you can view detailed comparisons of before-and-after versions of configuration changes.

Note

Each table row in the Network Analysis –> Changes table represents a change to a device's configuration, not the device itself. A single device may have several individual changes listed in the table. Related data presentation that makes this clear is seen in the Most Changed Devices chart.

You can also perform the following: 

  • To change the date and period, see Setting the Date and Period.
  • To filter by device group, click the desired hyperlink in the Select Device Groups panel to the right.
  • To view change traces, in the Actions column for the desired device, click the icon and choose View Change Details. A Change Details dialog appears, listing the date and time for each related change (Trace Time), and the change Type.
  • To view a device's Running Configuration changes, in the Actions column for the desired device, click the icon and choose View Running Configuration Difference. A separate Configuration Difference window appears, titled Comparing Configuration Files. This window shows the device's running-configuration file, and the changes to the config file associated with the current change instance. It is quite possible that the changes you see in the instance you have selected may already have been fully committed to the system by being saved to the startup-configuration for the device.
  • To view a device's Startup Configuration changes, in the Actions column for the desired device, click the icon and choose View Saved Configuration Difference. These are the changes to a device's startup-configuration shown in this particular change instance, after the admin has performed a wr mem or a copy running-config startup-config command (in Cisco syntax. Other devices may differ in syntax but not in principle).

Custom fields can be defined for additions to tables. These custom fields are not shown in the Changes table by default. The custom fields must be defined in NetMRI before using them in other data tables. See the Defining and Using Custom Fields topic for more information.

To display custom field columns in the Network Analysis –> Changes table, complete the following:

  1. Hover over any column heading in the table, then click the down arrow at the right end of the column heading.
  2. In the drop-down menu, hover over Columns.
  3. In the Columns submenu, check the custom field column(s) you want to appear in the table.

To enter or revise custom field data for a change, complete the following:

  1. In the Actions column for the desired device, click the icon and choose Custom Fields.
  2. In the Custom Fields dialog, fill in data as needed, and then click the Save button.

Introducing Policy Compliance

The Policy Compliance tab (Network Analysis –> Policy Compliance) summarizes policy compliance for device groups and devices. Policy Compliance provides a series of rule-based configuration standards to ensure devices conform to broad security requirements when they operate in the network. Note that the Compliance pie chart on the Dashboard page shows the percentage of devices that matched Policy Rules for the current day's time period.

A basic example involves the idea that you should never allow a device with the default admin/admin login tuple to be placed in the production enterprise network. Therefore, you use a Policy Rule mandating this. Policy Compliance also goes much deeper. NetMRI provides Policies based on IAVA and DISA guidelines (and others) to normalize and harden devices against intrusion and unauthorized usage. The guidelines and precepts governing Policies are extensive enough to be beyond the scope of this Admin Guide. The best way to get acquainted with the details of Policy Compliance is to read the descriptions of Rules within individual Policies. Go to Network Analysis –> Policy Compliance –> Policies, select a Policy, and open the tree of Rules in the right panel.

NetMRI's standard model is to deploy policies across an entire Device Group. You can use the standard Policies built into NetMRI. Infoblox recommends using the built-in Policies to develop new ones customized for your network's requirements.

When a Policy Rule is violated, the Rule violation is detected by NetMRI and an Issue message displays in the Network Analysis –> Issues page. In most circumstances, an Error message (the highest Issue severity) is thrown by a Policy violation.

To view a summary for a policy as applied to a device group, hover over the status icon.

To view policy compliance by device group, click All Devices in the Select Device Groups panel to the right of the table. The table will show a summary of policy compliance for each device group.

  • To view policy compliance details for a group, click a status icon for the group. The resulting table lists devices in the group and shows the status for each rule run against them.
  • To view policy compliance details for one rule against one device: Click the status icon. A pop-up window will display information about the rule as it applies to that device.
  • To return to the policy compliance by the device table for the selected group, click the Return to Policy View hyperlink in the upper right corner.

To view policy compliance for individual devices, click a device group in the Select Device Groups panel, or — when the table lists the entire network— click a name in the Device Group column. The table will show per-device policy compliance for devices in the selected group.

  • To view policy compliance details for a device, click a status icon. A pop-up window will display extensive information about the policy as it applies to that device.
  • To view policy compliance for individual policies, open the Policies list (above the right side of the table), and then click the policy you want to see.
  • To view compliance for all policies, open the Policies list (above the right side of the table), and then click All. You can also click the Return to Policy View hyperlink.

Viewing the Performance of Network Devices

NetMRI provides a set of handy tools under Network Analysis for checking the h ardware status of devices throughout the network.

Choose any Performance menu item from the Performance tab (Network Analysis –> Performance) and then choose from the Select Device Groups menu on the right. The Performance section summarizes network device performance in a set of charts and tables, including the following:

  • Performance: This section covers CPU utilization, free memory, uptimes, and interface performance states for all monitored devices.
  • History: This section provides historical information about the number of devices on the network, HSRPs/VRRPs, issues, reboots, routes, subnets, and VLANs.
  • Environment: This section lists devices that monitor environmental conditions.

All charts provide the ability to set a minimum (Min) and a maximum (Max) displayed values to isolate value ranges.

Viewing CPU Utilization Levels

Go to Network Analysis –> Performance –> Performance –> CPUs to view the distribution of CPU utilization over the reporting period for all devices on the network, or for any device group, for which that data is accessible via SNMP. Viewing CPU performance levels enables you to determine whether particular devices or groups of devices are being stressed by excessive workloads. Each level of CPU usage on the X-axis of the chart represents a level of used CPU cycles, from the lowest values to the highest values from left to right. The maximum is 100%. All devices from the selected device group falling into specific levels of CPU utilization are grouped into those values on the X-axis.

  • Сlick Graph or Table at the bottom of this page for alternate views of the information. Modify the graph using the Metric, Min Utilization, and Max Utilization lists in the upper right corner.

Viewing Memory Utilization Levels

Go to Network Analysis –> Performance –> Performance –> Free Memory to view the distribution of free memory on devices in operation over the current reporting period, for all devices on the network or for a chosen device group, for which that data is accessible via SNMP. Each level of memory usage on the X-axis of the chart represents a level of free memory, from the lowest values to the highest values from left to right. All devices falling into specific levels of free memory are grouped into those values on the X-axis.

Devices with low free memory levels can indicate an inefficient or poorly matched configuration such as a router whose routing table or routing information base (RIB) is too large, or possible memory leaks.

  • Click Graph or Table at the bottom of this page for alternate views of the information. Modify the graph using the Metric, Min, and Max lists in the upper right corner. For example, if Metric is set to Minimum, the distribution shows the lowest free memory value reached for each device during the selected time period.

Viewing Uptime Performance

Go to Network Analysis –> Performance –> Performance –> Uptimes to view the distribution of uptimes as of the given date for all routers and switches on the network or for a chosen device group for which that data is accessible via SNMP. Uptimes enables you to evaluate device reliability.

  • Click Graph or Table at the bottom of this page for alternate views of the information. Modify the graph using the Min Days and Max Days lists in the upper right corner.

Note

Set Max Days to 720 to see the number of most-reliable devices on the network.


Viewing Interface Utilization Levels

Go to Network Analysis –> Performance –> Performance –> Interfaces to view the distribution of interface utilization on the specified day, for the entire network or for a chosen device group for which that data is accessible via SNMP (interfaces having zero throughput are excluded). This process can help identify interfaces having excessive utilization or errors, or that are being under-utilized, and can be used for other troubleshooting purposes.

  •  Click Graph or Table at the bottom of this page for alternate views of the information. Modify the graph using the Metric, Min, and Max lists in the upper right corner.

Viewing Network Device Summaries and Histories

Go to Network Analysis –> Performance –> History to begin viewing aspects of the historical behavior of all network devices on the managed network.

To work effectively with the charts on this page, choose any menu option on the left (History –> Routes, for example), and then choose a device group from the menu on the right. The data set that is shown in any Performance, History, or Environment page will change to show the data specific to the chosen device group.

  • Devices: This page summarizes the total number of devices found on the network for the reporting period, and those found for each of the last 30 days. Data sets can be shown for individual device groups. The summaries come in the form of bar charts and in data tables listing the basic data sets comprising the device types and the states the devices were in when discovered. For more information, see Device History Summaries.
  • HSRPs/VRRPs: Shows the number of distinct HSRP and VRRP groups found on the network during the 30 days before the selected date.
    For more information, see HSRP/VRRP Summaries.
  • Issues: Summarizes the number of issues by severity and difference type. For more information, see Viewing Issue Summaries.

Note

Most networks have at least a couple of issues generated each day. If the trend stays relatively constant or decreases over time, things are normal.

  • Reboots: Shows the number of reboots detected for router and switch devices for the 30 days before the selected date. Frequent reboots, or large numbers of reboots, could indicate a problem.
    See the Troubleshooting Device Reboots topic for more information on this feature.
  • Routes: Shows the number of routes discovered on the network during the 30 days before the selected date. For more information, see Summarizing Routes.
  • Subnets: Shows the number of subnets found on the network during the 30 days before the selected date. For more information, see Summarizing Subnetworks.
  • VLANs: Shows the number of distinct VLANs found on the network during the 30 days before the selected date. Investigate changes in the number of VLANs. For more information, see Summarizing VLANs.

Device History Summaries

Device page summaries come in the form of bar charts and in data tables, that list the basic data sets comprising the device types and the states the devices were in when discovered.

  • Device Types: This table shows the current number of devices (as of one minute after midnight on the selected date) and the difference from the previous day.
    • Device Type History: This chart shows the total number of devices found each day for the 30 days before the selected date.
  • Device States: This table shows the number of devices that are Down (seen before the previous day, but not on the previous day) and New (first seen the day before the selected date).
    • Device State History: This chart shows the relative number of Down, New, and Old devices found each day for the 30 days before the selected date.

Note

A device may be listed as Down in NetMRI when it may be running but unreachable for some reason. Also, if NetMRI is down for an extended period, it will report all devices as Down because there is no record of reaching them during that time.


HSRP/VRRP Summaries

Devices running Cisco Hot Standby Routing Protocol (HSRP) and/or Virtual Router Redundancy Protocol (VRRP), primarily for purposes of VPN concentration, are summarized on the HSRP/VRRP page (Network Analysis tab –> Performance tab –> History section –> HSRPs/VRRPs). HSRP/VRRP groups are counted by the appliance and summarized by daily count in a bar chart. Any change in the number of HSRP or VRRP groups may indicate a configuration change.

Troubleshooting Device Reboots

Navigate to the Network Analysis tab –> Performance tab –> History section –> Reboots page to see which devices are experiencing reboots.

  1. Click the device hyperlink in the IP Address column. The Device Viewer opens for that device.
  2. In the Device Viewer, perform the following:
    1. Examine Device –> Performance charts. The Reboots chart shows how many times the device has rebooted (click the date hyperlink to change the date). The CPU Statistics and Free Memory charts show the general state of the device before each reboot.
    2. A sawtoothed Free Memory chart that decreases to zero before every reboot, indicates a memory leak. Consider upgrading the device's OS.
    3. If CPU utilization is above 90%, the device is struggling to keep up with the workload. That might be caused by a run-away process or too much network traffic.

Summarizing Routes

The Routes page (Network Analysis tab –> Performance tab –> History section –> Routes) page provides a basic picture of the routing environment for the managed network, and for specific device groups. Click a device group in the Select Device Group panel to display information for the routing tables associated only with that device group.

  • Types: This table shows the number of routes as of 1 minute after midnight on the selected date, and the difference from the previous day (in the Diff column, which applies only in the current time period). Internal and External route designations are based on the CIDR list used during the discovery process.
    • Route Type History: This chart shows the number of routes over the 30 days before the selected date.
  • Protocols: This table shows the number of routes for each protocol type in the canonical network routing table discovered on the network. Discovered and tabulated route types include all the standard protocols, including BGP, Cisco IGRP, ICMP, IS-IS, Local, OSPF, Other, RIP, and Static routes.
    • Route Protocol History: This chart shows the number of routes for each protocol during the 30 days before the selected date. You can scrutinize significant shifts over time by choosing different dates and time periods through the date picker.

Summarizing Subnetworks

Subnetworks are classified as two main types, Internal and External.

  • Subnet Types: This table shows the number of subnets as of one minute after midnight on the selected date, and the difference from the previous day.
    • Subnet Type History: This chart shows the number of subnets during the 30 days before the selected date. Clicking a device group shows a subset of the total. Any subnets associated with a switch-router device type are counted against the total number of subnets for the selected Routing device group.

Summarizing VLANs

The VLANs page (Network Analysis tab –> Performance tab –> History section –> VLANs) is a network-wide or device-group-specific view of the collection of distinct VLANs in the discovered network. The table shows the total of active VLAN networks in the L3-switched environment. For more information, see Inspecting Ethernet Switches and VLANs.

Viewing Device Environmental Data

The Environment Summary table (Network Analysis tab –> Performance tab –> Environment section –> Environment) provides a large collection of environmental data for all collected devices on the network, showing the status for device components such as power supplies, system fans, and chassis temperature. Each device also lists its associated Network View. Clicking the Network View name opens the Network View editor window. By default, this table is sorted by IP address, which you can sort by column by clicking a respective column header.

Also, clicking the right end of any column heading will show a Sort Ascending and Sort Descending option along with a Columns option. Hovering over Columns enables you to add or remove columns of data from the Environment Summary table.

The Environment Summary table lists power supply, fan, and temperature data for devices that monitor these environmental conditions.

  • No labels

This page has no comments.