HP OpenView Route Analytics Management System 4.0 / Traffic Analysis Add-On 1.0

Release Notes

June 2006

This document provides important information about the (RAMS) Appliance version 4.0 and the Traffic Analysis 1.0 The information here may not be available elsewhere.

In This Version
Installation Notes
Note For Support Personnel
Known Problems, Limitations, and Workarounds
Bug Fixes
Documentation Errata
Support
Legal Notices

In This Version

Traffic Analysis Add-On 1.0

This release introduces HP OpenView's new Traffic Analysis Add-On product. Traffic Analysis works with RAMS to provide detailed traffic flow analysis. Traffic data is collected, using NetFlow from routers near the sources of significant traffic, and is combined with RAMS's knowledge of the network topology to project the traffic flows across the network.

For each flow identified in the NetFlow data, Traffic Analysis can show the path of that flow across the network. For each link in the network, Traffic Analysis can list all the flows crossing that link. It also lists the total data rate imposed by those flows without requiring a direct measurement of the data rate on the link itself. Because all the traffic and routing data is recorded continuously, Traffic Analysis provides a historical view of the traffic load on the network; for example, as a graph of link utilization versus time for any selected link.

See http://www.openview.hp.com/products/ovrams for a detailed description of Traffic Analysis Add-On. Its features include:

• Traffic Reports. Traffic Analysis displays the full traffic matrix with the volume of the sampled traffic between every source/destination pair in the network at a selected time in history. You can examine the traffic in detail, using lists of flows or link utilizations. You can also analyze transit of that traffic through BGP peers according to neighbor AS, transit AS, destination AS, or exit router.
• Interactive Routing and Traffic Analysis. Perform before and after comparisons of traffic levels to correlate traffic changes with routing events. This is done with Traffic Analysis's comprehensive routing base and complete event history to help you rapidly establish the cause of the problem.
• Planning Support. Traffic Analysis's Design Mode builds on the enhanced what-if analysis features in RAMS 4.0. You can see how changes in routing or traffic injection points will affect utilization of network links. This helps you optimize performance and minimize unnecessary transit fees or bandwidth costs.
• Chargeback Labels. You can group IP prefixes by name to track traffic flows going from one part of the network to another.
• Alerting for Traffic. Traffic Analysis adds traffic-based alerts to the routing-based alerts sent by RAMS. These alerts are communicated through SNMP traps or syslog messages:
  • Traffic Link Utilization is sent when the utilization of a link exceeds a user-specified threshold.
  • Traffic Route Correlation is sent when a change in traffic flow on a link exceeds a user-specified threshold and that change is associated with a routing event.

  RAMS with Traffic Analysis is a distributed system comprised of a Route Analytics Management System, one or more Flow Recorders, a Flow Analyzer, and a Modeling Engine.  License keys are assigned per machine and need to be applied on each of the machines participating in RAMS with Traffic Analysis system.

  Traffic Analysis is supported on the same hardware platform as RAMS.

  Route Analytics Management System 4.0

  Version 4.0 of RAMS includes the following new and enhanced features in the user interface:

  • Design Mode. The what-if analysis feature of RAMS now allows the addition of new elements. You can also take down existing elements to see how your routing topology responds to specific failures or upgrades. For example:

    • Add nodes, peerings, and prefixes (OSPF/BGP/ISIS/EIGRP).
    • Bring down nodes, peerings, and prefixes (OSPF/BGP/ISIS/EIGRP).
    • Change BGP prefixes and path attributes.
    • Change link metric costs.

    You can import and export these simulated changes, allowing you to manage multiple routing scenarios. You can also create large sets of changes using external editors or scripts.

  • Topology Legends. Context-sensitive legends are provided for map and BGP Root Cause Analysis.
  • Colors and Fonts. It is now possible to set individual preferences to color topologies and to set sizes for anti-aliased fonts.
  • Automatic Labels. A new Automatic option is provided for node labels on the map. In Automatic mode, RAMS shows the name for a node, if one is known, but shows the address or system ID (for ISIS) otherwise.
  • Recorder Status LED Icon. The indications of the recorder status icon on the topology map have changed. The LED is now gray rather than red for databases that are not configured for recording. The LED is yellow when the recorders are all running but some or all of the peerings are down. Red indicates that one or more recorders have stopped.
  • Zoom Out. The topology map allows zooming out past a 1:1 (full window) representation. This provides additional open space to work in when you manually adjust the layout of nodes on a map.
  • BGP Root Cause Analysis Improvements. The BGP RCA function has several improvements. More specific causes for an event can be deduced, and the start time and end time of an event are shown, if available.
  • BGP History Playback. Moving the virtual time in History Mode for a topology including BGP is much quicker.
  • Routing Administrative Distance. Path finding correctly prioritizes the choice among multiple routing protocols at a node. This is according to the Cisco IOS default values for administrative distance.
  • Administration Web Pages. The administration web pages for RAMS and Traffic Analysis are redesigned to facilitate easier navigation. A left-side navigation bar displays all of the administration functions and makes them available with one click.
  • Home Page. A new home page explains the basic navigation of the web admin interface for the benefit of new users. The page shows a warning message when a license has expired.
  • BGP Configuration. Multiple BGP peers can be added at once rather than one at a time, and you can stop BGP recording more quickly. The list of BGP peer routers on the Web UI is now sorted by IP address. This is useful for deployments with a large number of peers.
  • BGP Peer Status Information. The BGP recorder configuration page includes detailed information on the peerings between the RAMS and its BGP peers.
  • Daily Report. RAMS can be configured to automatically generate a report summarizing network status and system health on a daily basis and send that report in email to RAMS administrators.
  • SMB Support. Backup/restore of topology databases and system configuration can now access the backup file on a remote server using SMB protocol.
  • Transferring Saved Layouts. Layouts saved in a backup file can be restored without restoring the associated topology databases if the same topology databases already exist on the target system. This may be the case when changing out the hardware platform.
  • Alerts. Several alerts provide additional information about the event that triggered the alert. Alerts are now rate limited to protect both RAMS and the system receiving the alerts. SNMP traps now contain a Protocol Information varbind.
  • HP Proliant DL360G4p Support. HP Proliant DL360G4p is now supported by RAMS 4.0.

  Installation Notes

  For RAMS or Traffic Analysis Add-on:

  • The appliance defaults to DHCP to obtain its administrative interface address, but we recommend configuring a static address. It is important that the address not change after the appliance is configured.

  For Traffic Analysis Add-on:

  • A RAMS with Traffic Analysis Add-on system is comprised of multiple units. License keys MUST be applied individually to each unit.
  • The NetFlow sampling ratio should be set appropriately for the traffic level. For a small ISP, a ratio of 4 to 16 may be enough. For a larger tier-1 ISP, a sampling ratio of 1024 to 2048 is fine. We recommend that you do not set the ratio higher than 8096 to avoid introducing too much inaccuracy. The aggregate rate of NetFlow records delivered to a single Flow Recorder should not exceed 8000 per second.
  • Make sure that the NetFlow sampling ratio specified in the Flow Recorder configuration matches the sampling ratio that is configured on the exporting routers. The value must be the same on all the exporting routers. If these settings don't match, Traffic Analysis will over-report or under-report the traffic levels. Traffic Analysis does not currently have any means to detect a mismatch on its own.
  • We recommend that the NetFlow active flow timeout to detect long-lived flows be set to no more than 15 minutes and preferably to 1 minute. If the aggregation cache is used, its active timeout must also be similarly set. Exceeding these times can cause NetFlow data to be delivered to the Flow Recorder after too long a delay to be accepted for aggregation. In this case, it will be dropped.

  Software and Hardware Requirements

  Before installing RAMS or Traffic Analysis, make sure that your system meets the following minimum requirements:

  • Supported Hardware Platform
    • DL 360 G3, DL 360 G4, DL 360 G4p or DL 380 G4
    • We recommend that :
      • For Flow Collector, use two disks with stripping (RAID 0) to improve the disk capacity and write rate.
      • For Flow Analyzer, use dual-CPU machine configuration.
  • OS Platform
    • The RAMS operating system comes with an installation CD.

  NOTE: If you are planning to deploy the NNM/RAMS Integration Module with RAMS 4.0, please make sure that NNM/RAMS Integration Module 4.0 is used.  NNM/RAMS Integration Module 3.5 is NOT supported with RAMS 4.0.

  Upgrading From HP OpenView RAMS 3.x to HP OpenView RAMS 4.0

  • When updating a RAMS system to 4.0.92-R from a 3.x software release, the databases will be automatically renamed with a 'PreDarwin' prefix because the database table structure has changed. Older databases can still be viewed, but recording to them is not allowed.
  • NOTE: After you update from 3.x to 4.0, if you revert to the alternate software and OS, this will force a reset to factory defaults.
  • NOTE: RAMS 4.0 uses a newer licensing version and thus previous of RAMS (2.x & 3.x) license keys will need to be migrated (via http://webware.hp.com) for use in RAMS 4.0.

     

  Notes for Support Personnel  

  • The URL that identifies a software update has been shortened to ease manual entry when required. Previously the URL included both an OS version number and an application version number. Now only the application version number is needed.
  • For user interface troubleshooting, additional tech support information can be displayed by pressing <Ctrl-P> in the About box that is launched from the user interface.
  • An additional account named toor has been added in parallel with the root account. The toor account runs as the root user, but its home directory is in the writable partition. This allows logging in as toor with ssh X forwarding enabled so you can run the user interface.
  • The doUpdate script is enhanced to make it easier to update software from an ssh connection. If no parameters are supplied, usage instructions are printed. Only two parameters are required: URL and KEY. Since this command is used on a system running old software to update to new software, note that the enhanced script is only available on systems running 4.0.3 or newer.

  Known Problems, Limitations, and Workarounds

  • Backward Incompatibility
    • In the XML RPC API, the api_prefix_events and api_router_events queries have been changed so the event structure is named prefix_event rather than prefix and router_event rather than router.
  • When recording of traffic or routing for any domain is restarted or network connectivity between the Flow Analyzer and any of the recorders is lost, the Flow Analyzer must be restarted. If it is not restarted, traffic reports may be incorrect or the Flow Analyzer may stop. In a future release, the Flow Analyzer will automatically resynchronize with the recorders.
  • After a software update or a reboot of a client unit, you may need to wait 10 minutes for the client unit up/down status on the master's units page to accurately update. If the client's version number does not update correctly, click the Refresh Status button.
  • If the unit that will be designated as the master has multiple network interfaces configured, all of the configured interfaces are listed as possible selections for the master address. You must select the address that has been designated as Allow Admin on the network configuration page.
  • The Test SNMP Trap will be sent to only the first destination when multiple trap destinations have been configured.
  • The Flow Analyzer is not stopped by the Stop All Recording button. From the recorder configuration hierarchy, view the Flow Analyzer configuration and stop it using the Stop button at that location.
  • The RAMS user interface may crash under two scenarios:
    • In Design Mode, when you add a node, peering and flow from that node, then restore the edits, then add them again.
    • When moving time in the Reachability Over Time graph on the VPN Explorer. The workaround is to restart the user interface.
  • After restoring a backup on RAMS 4.0 or after manually running rex-db-import, multiple entries may be written into the GlobalMetaDataDB metadata table for same EIGRP AS.  This problem will not arise just from updating to RAMS 4.0 nor from stopping and restarting recording while running RAMS 4.0. This problem affects only EIGRP.

    You may observe this problem as duplicate entries for the EIGRP AS in the GUI's Open Topology dialog and on the Topology Explorer hierarchy if both instances are included in the selection to load. One instance will have a gray status LED while the other has a status LED reflecting the state of the recorder. There will be two EIGRP tabs on node or link info panels because the topology is loaded twice. Deselecting the instance in the Open Topology dialog that is not green will avoid these problems. The duplicate entry is also visible on the Database Management page.

    Workaround on this problem is by deleting both entries in the databases table for any EIGRP databases with duplicate entries, but that will result in deletion of the recorded data for EIGRP. If remote access is available, the fix is to manually delete from the GlobalMetaDataDB metadata table any records for EIGRP databases that have a non-zero confedAS value.

  • Traffic Analysis Add-on save Layout dialog box only accepts ASCII characters.
  • Path tracing fails to follow a less-specific BGP route when there is a more-specific route not known in the local area but originated in some remote area connected only by BGP that is also being monitored by RAMS.

  Bug Fixes

  • Some relatively uncommon OSPF and ISIS events were not recorded to the database. For OSPF, these were AS external prefixes. For ISIS, we could miss a prefix that is both area-external and AS-external.
  • Several improvements have been made in parsing of CLI output as part of EIGRP topology exploration to accommodate newly discovered variations.
  • During EIGRP topology exploration, external static prefixes are queried separately from other external prefixes. This is done only for those routers that are advertising those static prefixes. This significantly reduces the number of queries required.
  • The filter on user interface tables for the EIGRP Prefix Type External works.
  • The Time/Date configuration can now be viewed without requiring that recording to be stopped.
  • Copy/Paste did not work well on some X servers. This is improved.
  • If the Flow Analyzer daemon or an IGP route recorder daemon crashes, it will be restarted automatically. This protection will be extended to the remaining daemons in a future release.
  • Several problems with the format and content of the email Daily Reports were fixed.
  • Some harmless but annoying error messages in the View Log about duplicate entry errors have been eliminated.
  • A bug that prevented path highlighting from following a static, default route (known on EIGRP networks only) has been fixed.
  • When a path is highlighted, the destination node is properly highlighted as well.
  • Customers with a permanent license plus a software update license will only be reminded to renew their update license 30 days before expiration.
  • Several bugs have been fixed for EIGRP to remove links and nodes from the map and tables when they have been down longer than the timeout value (12 hours by default).

  Documentation Errata

  There are currently no known documentation errors.

  Support

  Visit the HP OpenView web site at:
  http://www.managementsoftware.hp.com/

  This web site provides contact information and details about the products, services, and support that HP OpenView offers.

  You can also go directly to the support web site at:
  http://support.openview.hp.com/

  HP OpenView online software support provides customer self-solve capabilities. It provides a fast and efficient way to access interactive technical support tools needed to manage your business. As a valuable support customer, you can benefit by being able to:

  • Search for knowledge documents of interest
  • Submit and track progress on support cases
  • Manage a support contract
  • Look up HP support contacts
  • Review information about available services
  • Enter discussions with other software customers
  • Research and register for software training

  NOTE: Most of the support areas require that you register as an HP Passport user and log in. Many also require an active support contract. To find more information about support access levels, go to the following URL:
  http://support.openview.hp.com/access_level.jsp

  To register for an HP Passport ID, go to the following URL:
  https://passport2.hp.com/hpp/newuser.do

  To view release notes and other documentation, complete the following steps:

  1. Click using hp software-->product manuals.

     The product manuals search window opens. It is located at:
     http://ovweb.external.hp.com/lpe/doc_serv/

  2. In the select product list, click Route Analytics Management System
  3. In the select version list, click 4.0.
  4. To start the search, click Open or Download.

  NOTE: To view files in PDF format (*.pdf), Adobe Acrobat Reader must be installed on your system. To download Adobe Acrobat Reader, go to the following URL:
  http://www.adobe.com

  Legal Notices

  ©Copyright 2006 Hewlett-Packard Development Company, L.P.

  The information contained herein is subject to change without notice.

  The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.