NetMRI gathers a wide range of data from network devices over time, then analyzes and summarizes the data for network health monitoring. When you need to troubleshoot a problem, you can drill down to examine device and interface details.
The Network Analysis page prominently features the Network Scorecard, a metric which, at a glance, provides an overall assessment of the current state of the network, and enables convenient monitoring of many aspects of the overall health of the network. Information is organized in five tabs within the Network Analysis page:
- The Issues tab summarizes network status. See Viewing Issues in the Network and Issues and the Network Scorecard for more information.
- The Changes tab summarizes changes made to the network. It is a window into the various changes in configuration for the devices in the network. See Viewing Changes in the Network for more information.
- The Policy Compliance tab summarizes policy compliance for device groups and devices. See Introducing Policy Compliance for more information.
- The Performance tab summarizes device operations in charts and tables. See Viewing the Performance of Network Devices for more information.
About the Network Sc orecard
Note: The Scorecard appears both on the Dashboard and on the Issues page under Network Analysis.
NetMRI analyzes the network's stability and correctness and calculates a normalized Scorecard value based on all the issues generated for that day. The Network Scorecard provides the high-level performance metric for the managed network. The Network Scorecard (Network Analysis –> Issues) shows the Overall Score value for the current day, the constituent stability and correctness values, and the historical trend over the selected time period.
Stability and correctness are measured across a variety of functional areas across the network. The stability and correctness penalties associated with each issue depend on the type and severity of the issue.
Nine clickable issue categories—Configuration, Devices, Interfaces, Routing, Security, Subnets, VLANs, VoIP and Wireless—display the list of issues appearing throughout the network for that category. If the bottom pane shows nothing for the category, that indicates no issues for that category currently exist in the network.
- Stability issues are caused by events like excessive spanning tree topology changes, unstable links, congestion or excessive CPU/memory utilization.
- Correctness issues are derived from configuration or design errors such as duplicate VLAN ID/name pairs or inconsistent routing protocol timers.
The Network Scorecard table summarizes the correctness and stability by component area (hover over the colored rectangles to see the specific values). The stability and correctness penalties for all components are combined to create the overall scorecard value, the Overall Score number in the Network Scorecard.
The exact value of the Network Scorecard value itself is not very important. Rather, it is the relative change in the scorecard value over time that's important. Consequently, the scorecard value is plotted in the Scorecard History chart to make historical comparisons easy. The scorecard value will vary from day to day, but the desired trend over time should be rising, not falling. After two or three weeks of operation, the variability of your network's scorecard value should become evident.
The table at the bottom of the Index tab lists the issues used to generate the Network Scorecard and Network History.
Viewing Issues in the Netw ork
Note: Also see Evaluating Issues in NetMRI for more-detailed information on issues, their significance and how to manage notifications, issue triggering thresholds, create custom issues and other features.
The Issues tab (Network Analysis –> Issues) provides an overview of network status that includes the Network Scorecard, Network History chart and the issues data driving them. The Issue page defaults to showing the Scorecard with the table of cumulative Issues appearing across the network.
Select any device group to refresh the chart with any data set. You can reformat the Issue page by choosing one of four options:
Issues By Type with Scorecard – shows the Scorecard with its nine categories and the Issues table in the lower pane;
Issues by Type –The Issues table by each reported Issue type, with sorting and filtering options;
Issues by Device with Historic Chart – Lists issues by device, including each device's cumulative Severity level, its IP address and network view, and its cumulative Issue statistics. Click the IP address to view the Issues page for each device; doing so allows drilling down to more-specific issue information on the device.
Issues by Device –The Issues table, listing cumulative issues status by each device.
To determine the current scope, date and period: The Scope represents the part of the managed network where issues are currently being reported. To check the scope, look at the header just above the Issues pane. For example, if the current scope is Entire Network, the header will read All Devices.
To change the scope: Select an item in the Select Device Groups panel (to the right of the Network History).
To change the date or period covered in the analysis: Click the selector icon next to the scope, choose Date or Period, and select the required options.
To view issues by device: Click the Issues by Device tab below the data table. (Access multiple pages using the controls below the right side of the table.)
To view issues by issue type: Click the Issues by Type tab below the issues data table. (Access multiple pages using the controls below the right side of the table.)
Note: Click any device hyperlink to open the Device Viewer for that device. Right-click any device hyperlink to open a menu of actions you can perform for that device. Also, click any issue hyperlink to open the Issue Viewer for that issue.
To filter the issues table by activity type, do the following:
- Open the Display menu (above the column headers).
- In the drop-down menu, click the activity type you want to see in the table. Choices are:
- All displays all instances of all issues during the selected time period. For example, if a device goes down, then comes back up, then fails again, All shows both Device Down instances (Current, on the other hand, would only show a single Device Down instance).
- Current (default) displays all issues open for today, or all issues open at the end of a given time period if before today.
- New displays all issues having new instances during the selected time period.
- Cleared displays all issues that have cleared instances during the selected time period.
- Suppressed displays all issues that have suppressed instances during the selected time period.
Viewing Changes in the Netw ork
The Changes tab (Network Analysis –> Changes) summarizes changes made to the network. The main Changes table shows more specific information about each detected change. Two charts appear in the bottom half of the Changes page.
- The Detected Changes history chart displays the number of authorized and unauthorized changes made to the device group. You can choose the change types that are displayed by clicking the ChangeType menu below the chart: choose from Admin, All, External, Hardware, or Software.
- The Most Changed Devices/Most Active Change Makers chart lists the top ten changed devices or network admins acting as the most frequent change makers (selectable below the chart). To view the most active Change Makers or most frequently changed devices, select Changed Devices or Change Makers from the View list under the chart.
Taking Actions in Change Management
Action icons in the table provide access to change traces and the configuration difference viewer. Each listing in the table represents a change incident on a device; a single device can have more than one Change listed here. Each table row provides an Action icon, from which you can view detailed comparisons of before-and-after versions of configuration changes.
Note: Each table row in the Network Analysis –> Changes table represents a change to a device's configuration, not the device itself. A single device may have several individual changes listed in the table. Related data presentation that makes this clear is seen in the Most Changed Devices chart.
To change the date and period: See the section Setting the Date and Period.
To filter by device group: Click the desired hyperlink in the Select Device Groups panel to the right.
To view change traces: In the Actions column for the desired device, click the icon and choose View Change Details. A Change Details dialog appears, listing the date and time for each related change (Trace Time), and the change Type.
To view a device's Running Configuration changes: In the Actions column for the desired device, click the icon and choose View Running Configuration Difference. A separate Configuration Difference window appears, titled Comparing Configuration Files. This window shows the device's
running-configuration file, and the changes to the config file associated with the current change instance. It is quite possible that the changes you see in the instance you've selected may already have been fully committed to the system by being saved to the
startup-configuration for the device.
To view a device's Startup Configuration changes: In the Actions column for the desired device, click the icon and choose View Saved Configuration Difference. These are the changes to a device's
startup-configuration shown in this particular change instance, after the admin has performed a
wr mem or a
copy running-config startup-config command (in Cisco syntax; other devices may differ in syntax but not in principle).
Custom fields can be defined for additions to tables. These custom fields are not shown in the Changes table by default. The custom fields must be defined in NetMRI before using them in other data tables. See the Defining and Using Custom Fields topic for more information.
To display custom field columns in the Network Analysis –> Changes table, do the following:
- Hover over any column heading in the table, then click the down arrow at the right end of the column heading.
- In the drop-down menu, hover over Columns.
- In the Columns submenu, check the custom field column(s) you want to appear in the table.
To enter or revise custom field data for a change:
- In the Actions column for the desired device, click the icon and choose Custom Fields.
- In the Custom Fields dialog, fill in data as needed, then click the Save button.
Introducing Policy Compliance
The Policy Compliance tab (Network Analysis –> Policy
A basic example involves the idea that you should never allow a device with the default admin/admin login tuple to be placed in the production enterprise network. Thus, you use a Policy Rule mandating this. Policy Compliance also goes much deeper. NetMRI provides Policies based on IAVA and DISA guidelines (and others) to normalize and harden devices against intrusion and unauthorized usage. The guidelines and precepts governing Policies are extensive enough to be beyond the scope of this Admin Guide; the best way to get acquainted with the details of Policy Compliance is to read the descriptions of Rules within individual Policies (go to Network Analysis –> Policy Compliance –> Policies, select a Policy and open the tree of Rules in the right panel).
NetMRI's standard model is to deploy policies across an entire Device Group. You can use the standard Policies built into NetMRI; we recommend using the built-in Policies to develop new ones customized for your network's requirements.
When a Policy Rule is violated, the Rule violation is detected by NetMRI and an Issue message displays in the Network Analysis –> Issues page. In most circumstances, an Error message (the highest Issue severity) is thrown by a Policy violation.
To view a summary for a policy as applied to a device group: Hover over the status icon.
To view policy compliance by device group: Click All Devices in the Select Device Groups panel to the right of the table. The table will show a summary of policy compliance for each device group.
- To view policy compliance details for a group: Click a status icon for the group. The resulting table lists devices in the group and shows status for each rule run against them.
- To view policy compliance details for one rule against one device: Click the status icon. A pop-up window will display information about the rule as it applies to that device.
- To return to the policy compliance by device table for the selected group: Click the Return to Policy View hyperlink in the upper right corner.
To view policy compliance for individual devices: Click a device group in the Select Device Groups panel, or — when the table lists the entire network— click a name in the Device Group column. The table will show per-device policy compliance for devices in the selected group.
- To view policy compliance details for a device: Click a status icon. A pop-up window will display extensive information about the policy as it applies to that device.
- To view policy compliance for individual policies: Open the Policies list (above the right side of the table), then click the policy you want to see.
- To view compliance for all policies: Open the Policies list (above the right side of the table), then click All, or click the Return to Policy View hyperlink.
Viewing the Performance of Network Devices
NetMRI provides a set of handy tools under Network Analysis for checking the h
Choose any Performance menu item from the Performance tab (Network Analysis –> Performance) and then choose from the Select Device Groups menu on the right. The Performance section summarizes network device performance in a set of charts and tables, including the following:
The Performance section covers CPU utilization, free memory, uptimes and interface performance states, for all monitored devices.
The History section provides historical information about the number of devices on the network, HSRPs/VRRPs, issues, reboots, routes, subnets and VLANs.
The Environment section lists devices that monitor environmental conditions.
All charts provide the ability to set minimum (Min) and maximum (Max) displayed values to isolate value ranges.
Viewing CPU Utilization Levels
Go to Network Analysis –> Performance –> Performance –> CPUs to view the distribution of CPU utilization over the reporting period for all devices on the network, or for a any device group, for which that data is accessible via SNMP. Viewing CPU performance levels enables you to determine whether particular devices or groups of devices are being stressed by excessive workloads. Each level of CPU usage on the X axis of the chart represents a level of used CPU cycles, from lowest values to highest values left to right. The maximum, of course, is 100%. All devices from the selected device group falling into specific levels of CPU utilization are grouped into those values on the X axis.
- Сlick Graph or Table at the bottom of this page for alternate views of the information. Modify the graph using the Metric, Min Utilization and Max Utilization lists in the upper right corner.
Viewing Memory Utilization Levels
Go to Network Analysis –> Performance –> Performance –> Free Memory to view the distribution of free memory on devices in operation over the current reporting period, for all devices on the network or for a chosen device group, for which that data is accessible via SNMP. Each level of memory usage on the X axis of the chart represents a level of free memory, from lowest values to highest values left to right. All devices falling into specific levels of free memory are grouped into those values on the X axis.
Devices with low free memory levels can indicate an inefficient or poorly matched configuration such as a router whose routing table or routing information base (RIB) is too large, or possible memory leaks.
- Click Graph or Table at the bottom of this page for alternate views of the information. Modify the graph using the Metric, Min and Max lists in the upper right corner. Example: If Metric is set to Minimum, the distribution shows the lowest free memory value reached for each device during the selected time period.
Viewing Uptime Performance
Go to Network Analysis –> Performance –> Performance –> Uptimes to view the distribution of uptimes as of the given date for all routers and switches on the network or for a chosen device group for which that data is accessible via SNMP. Uptimes enables you to evaluate device reliability.
- Click Graph or Table at the bottom of this page for alternate views of the information. Modify the graph using the Min Days and Max Days lists in the upper right corner.
Note: Set Max Days to 720 to see the number of most-reliable devices on the network.
Viewing Interface Utilization Levels
Go to Network Analysis –> Performance –> Performance –> Interfaces to view the distribution of interface utilization on the specified day, for the entire network or for a chosen device group for which that data is accessible via SNMP (interfaces having zero throughput are excluded). This process can help identify interfaces having excessive utilization or errors, or that are being under-utilized, and can be used for other troubleshooting purposes.
- Click Graph or Table at the bottom of this page for alternate views of the information. Modify the graph using the Metric, Min and Max lists in the upper right corner.
Viewing Network Device Summaries and Histories
Go to Network Analysis –> Performance –> History to begin viewing aspects of the historical behavior of all network devices on the managed network.
To work effectively with the charts on this page, choose any menu option on the left (History –> Routes, for example) and then choose a device group from the menu on the right. The data set that is shown in any Performance, History, or Environment page will change to show the data specific to the chosen device group.
- The Devices page summarizes the total number of devices found on the network for the reporting period, and those found for each of the last 30 days. Data sets can be shown for individual device groups. The summaries come in the form of bar charts and in data tables listing the basic data sets comprising the device types and the states the devices were in when discovered.
See the Device History Summaries topic for more information on this feature set.
- HSRPs/VRRPs: Shows the number of distinct HSRP and VRRP groups found on the network during the 30 days before the selected date.
See the HSRP/VRRP Summaries topic for more information on this feature set.
- Issues: Summarizes the number of issues by severity and difference type. See the Viewing Issue Summaries topic for more information on this feature set.
Note: Most networks have at least a couple of issues generated each day. If the trend stays relatively constant, or decreases over time, things are normal.
- Reboots: Shows the number of reboots detected for router and switch devices for the 30 days before the selected date. Frequent reboots, or large numbers of reboots, could indicate a problem.
See the Troubleshooting Device Reboots topic for more information on this feature.
- Routes: Shows the number of routes discovered on the network during the 30 days before the selected date. See the Summarizing Routes topic for more information on this feature.
- Subnets: Shows the number of subnets found on the network during the 30 days before the selected date. See the Summarizing Subnetworks topic for more information on this feature.
- VLANs: Shows the number of distinct VLANs found on the network during the 30 days before the selected date. Investigate changes in the number of VLANs.
See the Summarizing VLANs topic for more information on this feature.
Device History Summaries
Device page summaries come in the form of bar charts and in data tables listing the basic data sets comprising the device types and the states the devices were in when discovered.
- The Device Types table shows the current number of devices (as of 1 minute after midnight on the selected date) and the difference from the previous day. The Device Type History chart shows the total number of devices found each day for the 30 days before the selected date.
- The Device States table shows the number of devices that are Down (seen before the previous day, but not on the previous day) and New (first seen the day before the selected date). The Device State History chart shows the relative number of Down, New and Old devices found each day for the 30 days before the selected date.
Note: A device may be listed as Down in NetMRI when it may be running but unreachable for some reason. Also, if NetMRI is down for an extended period, it will report all devices as Down because there is no record of reaching them during that time.
Devices running Cisco Hot Standby Routing Protocol (HSRP) and/or Virtual Router Redundancy Protocol (VRRP), primarily for purposes of VPN concentration, are summarized on the HSRP/VRRP page (Network Analysis tab –> Performance tab –> History section –> HSRPs/VRRPs). HSRP/VRRP groups are counted by the appliance and summarized by daily count in a bar chart. Any change in the number of HSRP or VRRP groups may indicate a configuration change.
Troubleshooting Device Re boots
Navigate to the Network Analysis tab –> Performance tab –> History section –> Reboots page to see which devices are experiencing reboots.
- Click the device hyperlink in the IP Address column. The Device Viewer opens for that device.
- In the Device Viewer. do the following:
- Examine Device –> Performance charts. The Reboots chart shows how many times the device has rebooted (click the date hyperlink to change the date). The CPU Statistics and Free Memory charts show the general state of the device before each reboot.
- A sawtoothed Free Memory chart that decreases to zero before every reboot indicates a memory leak. Consider upgrading the device's OS.
- If CPU utilization is above 90%, the device is struggling to keep up with the workload. That might be caused by a run-away process or too much network traffic.
The Routes page (Network Analysis tab –> Performance tab –> History section –> Routes) page provides a basic picture of the routing environment for the managed network, and for specific device groups. Click a device group in the Select Device Group pane to display information for the routing tables associated only with that device group.
- The Types table shows the number of routes as of 1 minute after midnight on the selected date, and the difference from the previous day (in the Diff column, which applies only in the current time period). Internal and External route designations are based on the CIDR list used during the discovery process. The Route Type History chart shows the number of routes over the 30 days before the selected date.
- The Protocols table shows the number of routes for each protocol type in the canonical network routing table discovered on the network. Discovered and tabulated route types include all the standard protocols, including BGP, Cisco IGRP, ICMP, IS-IS, Local, OSPF, Other, RIP and Static routes. The Route Protocol History chart shows the number of routes for each protocol during the 30 days before the selected date. You can scrutinize significant shifts over time by choosing different dates and time periods through the date picker.
Subnetworks are classified as two main types: Internal and External.
- The Subnet Types table shows the number of subnets as of 1 minute after midnight on the selected date, and the difference from the previous day.
- The Subnet Type History chart shows the number of subnets during the 30 days before the selected date. Clicking a device group shows a subset of the total. Any subnets associated with a switch-router device type are counted against the total number of subnets for the selected Routing device group.
The VLANs page (Network Analysis tab –> Performance tab –> History section –> VLANs) is a network-wide or device-group-specific view of the collection of distinct VLANs in the discovered network. The table shows the total of active VLAN networks in the L3-switched environment.
Also see Inspecting Ethernet Switches and VLANs for more-specific information on VLAN connectivity.
Viewing Device Environmental Data
The Environment Summary table (Network Analysis tab –> Performance tab –> Environment section –> Environment) provides a large collection of environmental data for all collected devices on the network, showing status for device components such as power supplies, system fans, and chassis temperature. Each device also lists its associated Network View; clicking the Network View name opens the Network View editor window. By default, this table is sorted by IP address; you can sort by any column by clicking a column header.
Also, clicking the right end of any column heading will show a Sort Ascending and Sort Descending option along with a Columns option. Hovering over Columns enables you to add or remove columns of data from the Environment Summary table.
The Environment Summary table lists power supply, fan and temperature data for devices that monitor these environmental conditions.
This page has no comments.