HP Route Analytics Management System 5.20 / Traffic Analysis Add-On 5.20

Release Notes

May 2007

This document provides important information about the Route Analytics Management System (RAMS) Appliance version 5.20 and the Traffic Analysis Add-On version 5.20. The information here may not be available elsewhere.

In This Version
Installation Notes
Known Problems, Limitations, and Workarounds
Bug Fixes and Enhancements
Documentation Errata
Support
Legal Notices

In This Version

Route Analytics Management System 5.20

RAMS 5.20 includes the following new and enhanced features:

• Distributed RAMS: RAMS now supports a distributed architecture that increases network management availability and continuity. Distribution provides increased flexibility in deployment and supports network environments where GRE tunneling is not available. RAMS is still available as a single, integrated appliance.
  • Distributed RAMS is a version of RAMS that is deployed as a two-tier hierarchy, consisting of two new types of appliances:
    • Route Recorders monitor, record, and alert on routing events from geographically separate network regions.
    • A Modeling Engine is a centralized appliance that synthesizes topology views from Route Recorders and/or full RAMS units. It provides interactive, network-wide route monitoring, analysis, and modeling.
  • With RAMS 5.2, you can monitor and record network events in different parts of the network with multiple Route Recorder units. The distributed Route Recorders collect routing data locally from the area where they are installed instead of remotely through generic routing encapsulation (GRE) tunnels.

    A centralized Modeling Engine retrieves the recorded data from each recorder and stores a local replicate of the data. Users can then monitor network-wide routing information from the Modeling Engine. Users can also archive network-wide data from this central location and obtain reports from every Route Recorder in the configuration when they access the Modeling Engine.

    Each Route Recorder can record one or more complete protocol domains or the different areas in a protocol domain, such as OSPF. The recordings may be on separate Route Recorders as dictated by the geographical requirements.

• Enhanced BGP Peering Management: BGP peerings can now be added, edited, or deleted without stopping recording on RAMS.
• New XML-RPC API Calls: Four new XML-RPC API calls have been implemented. These calls allow queries that are defined as follows:
  • An improved path list returns the complete set of equal cost paths from source to destination, along with the total metric.
  • A list of the current status of memory, disk usage, CPU usage, and other system statistics on the appliance can be returned.
  • A list of the health of all RAMS units in the system, including the recording and writing status of various recording processes, can be returned.
  • The list of VPN routes can now be retrieved in chunks rather than complete in one query.
• Web Interface Changes: The Daily Report has been split into two separate reports:
  • The Health Report summarizes the health of each unit in the network. This includes the status of the various recording processes and their databases, database replication (if applicable), SQL, and RAID (if applicable). The Health Report also displays a hierarchical view of the networks monitored by each unit as well as the license information present on each unit. This is available on all RAMS units.
  • The Routing Report presents a variety of IGP reports (topology counters, flapping links, flapping prefixes, active routers, and withdrawn watch list prefixes) for each IGP domain that is actively recording. The Routing Report also provides a variety of BGP reports (topology counters, BGP route flaps, prefix redundancy divergence, and AS reachability divergence) for each BGP domain that is actively recording. This is only available on Master and Route Recorder units, including stand-alone units.
• X/VNC GUI Changes:
  • Extra zooming functionality is to the History Navigator. This includes a zoom in, zoom out, and reset zoom button in the controller area.
  • The progress register that pops up when switching to online mode displays a more descriptive message. It also presents the option of canceling the analysis of events that took place since the last time the GUI was in online mode.
  • A "Go To Time" button is present in the status bar of the Traffic Reports window.
  • Online events can be accessed from the main GUI menu by clicking Tools -> Online Events. [7987]
  • An option to color links by metric is provided in the GUI. [7942]
  • The Tools -> Router Name Repository feature provides the ability to customize router names as displayed in the GUI and entered in filters. Router names entered in the router name repository, from an IGP that carries names, are available when displaying the map showing other protocols on those same routers. [7702, 8375]
  • The Tools -> AS Name Repository feature provides the ability to customize AS names as displayed in the GUI, including names for private AS numbers. [8303]
• Root Cause Analysis and RIB Visualization Improvements:
  • Zoom and scrolling support are added.
  • The animation control panel is dockable and can be moved to the top, bottom, left, or right side of the display. The control panel is moved to the right side by default.
• A new Network Summary panel is displayed in a corner of the routing topology map. This panel provides up-to-date statistical information, such as the number of nodes and links, both up and down, for all the protocol topologies being viewed. In History Mode, this summary reflects the state of the network at the selected point in time. In Design Mode, changes to the topology, such as addition of routers or links, are also reflected. [7693]
• When requesting path highlighting from a source router to a destination router, the user can request highlighting of the reverse path at the same time. The forward path is highlighted in yellow, and the reverse path is highlighted in green. Details for all hops on both paths are listed in the List/Find Paths table. As before, selecting any hop will flash the corresponding link on the map. [8071]
• As part of the Recorder Configuration, all IGP protocols provide a checkbox to specify that the raw protocol packets captured by the recorder be stored for later retrieval and packet-level analysis. The captured packets are stored in tcpdump packet capture format in separate files for each 15 minutes of recording. The files are stored in the FTP area of the disk and are kept for one week. As before, raw BGP protocol events can also be stored. These are in a modified MRTG format. [8213]
• In addition to FTP service, RAMS now supports an SFTP Server to upload or download files to/from the FTP area. This facility is useful to save and restore database backups as well as retrieve the stored raw routing protocol packet capture files mentioned in the previous item. Authentication for SFTP access is based on user accounts configured from the admin web pages. [8212]
• In the three alerts for adjacency change (Adjacency Lost Alert, Adjacency Established Alert, and Adjacency Flap Alert), the source and destination router IDs (usually IP addresses) are now provided in addition to the interface addresses of the adjacency. [8622]
• RAMS now supports OSI IS-IS networks in a manner similar to that for IP networks. This includes features such as finding paths across the OSI network using the GUI, generating reports and configuring alerts using the admin web interface, and querying network information using the XML RPC API. In some places, the OSI information is input or output separately from IP information when a combined format is not practical. An example is that ES Neighbors and Prefix Neighbors are listed in a separate table accessed from the Tools menu. In other places, such as the Find Router dialog, either an IP or an OSI identifier can be entered as appropriate. [6592, 8324, 8325, 8480, 8539]
• Licenses that are copied/pasted into the update field of the RAMS license page are now checked for valid syntax before being accepted. In particular, if multiple licenses are entered into the update field, every license must be free of syntax errors before the entire set is accepted. [8702]
• RAMS 5.2 supports the HP Proliant DL360 G5 and DL380 G5 platforms plus the NC340T four-port PCI-X option card and the NC360T two-port PCI-Express option card. [8723, 8661, 8664]
• The tools which were previously available for analysis of BGP routing are now extended to MPLS/BGP VPN topologies as well. These tools include the RIB Browser, before-and-after RIB comparison, event analysis, RIB visualization, and root-cause analysis.

Traffic Analysis Add-On 5.20

RAMS Traffic Analysis Add-On 5.20 includes the following new and enhanced features:

• Traffic Groups: RAMS Traffic 5.20 increases visibility into the traffic flowing through the network core by classifying traffic into user defined groups. It now supports network-wide and per-link traffic analysis based on these user-defined traffic groups.

  The network administrator can create groups in a flexible manner. The rules of the group can be a combination of the following fields:

  • Source or destination prefix, including /32 host prefixes
  • Protocol (TCP, UDP)
  • Source or destination port number
  • DSCP or TOS marking

  The traffic group then matches a subset of network traffic from or to specific locations per application(s) and/or class(es) of service. If a traffic class is specified, it matches a subset of traffic associated with a particular class of service defined by TOS or DSCP bits in the IP header. A RAMS Traffic deployment can only have TOS or DSCP at any given time, not both.

  Once the appropriate groups are defined, network administrators can do the following:

  • Track traffic to or from specific application servers (based on source/destination prefixes).
  • Track traffic for specific services (based on ToS and DSCP).
  • Per traffic flow, determine (via reports and GUI) the application or class of service (CoS) to which it belongs.
  • Traffic reports can be restricted to any subset of the defined traffic groups that are of interest for a particular problem.
  • Set up alerts (SNMP Trap) when the utilization (percent or bps) exceeds or falls below a specified threshold per traffic group.
• Traffic Classes: We support two kinds of Traffic Class modes:
  • Default DSCP classes: DSCP classes are a fixed list of industry standard predefined values. The user can assign names to these values.
  • Alternative TOS classes: For networks that implement classes of service using the original definition of the TOS bits in the IP header, RAMS Traffic supports creation of traffic classes as any combination of 7 bits in the TOS byte.
• Traffic Alerts: In previous releases, generated alerts were based on a set of global settings for utilization and rates. In this version, a finer granularity is provided for each traffic group. The default values for the alert threshold settings for all traffic groups is set to empty and displayed as disabled. When you enter a value for the % utilization or bit rate, you automatically enable the alerts functionality. All alerts can be disabled or enabled from the web page.
• Flow Collector: The Flow Collector configuration on the admin web interface is enhanced to allow the sampling rate to be set separately for each exporter and to support exporter IP aliasing. Aliasing is needed when a router/switch hybrid uses a different IP address as the source in its exported NetFlow packets than it uses as its router address (Router ID).
• When a 5-minute time range is selected, the traffic reports include a new "Current Traffic" column that shows the calculated traffic on a link or peering at the time currently selected for the topology. When you drill down to Traffic Groups of Flows, the composition of the total current traffic is displayed. [8330, 8668]
• Under Traffic Reports -> BGP Peering -> Neighbor, the value under the "Average Transit" column correctly accounts for traffic from the present AS that goes to a Neighbor AS. [8497]

Installation Notes

The following information is important for RAMS or the Traffic Analysis Add-on installation and deployment:

• With the 5.20 release, the appliance defaults to static addressing rather than DHCP on its administrative interface. The static address must be configured or DHCP-enabled. This is done on the serial console (see the Appliance Setup Guide for more information). It is recommended that you configure a static address because it is important that the address not change after the appliance is configured.
• A RAMS Traffic system or a distributed RAMS system is comprised of multiple units. One unit is designated as the master. All licenses MUST be applied on the master, which will then distribute the licenses to the client units.
• If you are planning to deploy the NNM/RAMS Integration Module with RAMS 5.20, make sure that NNM/RAMS Integration Module 5.20 is used. Previous versions of the NNM/RAMS Integration Module are NOT supported with RAMS 5.20.

The following information is for the Traffic Analysis Add-on only:

• When you record for the first time or you record for the first time after you rename the databases, it may be necessary to restart the Flow Analyzer after a few minutes. See the Known Issues section below.
• The NetFlow sampling ratio should be set appropriately for the traffic level. For a small ISP, a ratio of 4 to 16 may be enough. For a larger tier-1 ISP, a sampling ratio of 1024 to 2048 is fine. We recommend that the ratio is not set higher than 8096 to avoid introducing too much inaccuracy.
• Make sure that the NetFlow sampling ratio specified in the Flow Collector configuration matches the sampling ratio that is configured on each exporting router. The sampling rate may be set to different values for each exporter if needed. If these settings don't match, RAMS Traffic will over-report or under-report the traffic levels. RAMS Traffic does not currently have any means to detect a mismatch on its own.
• The NetFlow active flow timeout detects long-lived flows. We recommend you set the timeout to no more than 15 minutes and preferably to one minute. If the aggregation cache is used, its active timeout must be similarly set. If you set the timeout too high, the NetFlow data may be delivered to the Flow Collector too late to be accepted for aggregation. When data is delivered too late, it is dropped.

Hardware Requirements

Before installing RAMS or Traffic Analysis, make sure that your system meets the following minimum requirements:

• Supported Hardware Platform
• HP ProLiant DL 360 G3, DL 360 G4, DL 360 G4p or DL 380 G4, DL360/380 G5

Disk Configuration of RAMS appliance

IMPORTANT: Consider your disk space requirements and fault tolerance needs and ensure that all available physical drives are installed before powering up the ProLiant server for the first time.

RAMS will only utilize a single logical drive as configured on the ProLiant DL360/380 hardware. During the initial power-up of a new server, an auto-configuration process uses all of the physical drives on the HP Smart Array controller to set up a single logical drive. The default RAID (fault tolerance) level used for the logical drive depends on the number of physical drives as listed below:

• 1 drive = RAID 0
• 2 drives = RAID 1 +0 (Mirrored set, total disk space* is the size of smallest disk)
• 3 or more drives = RAID 5 (Striped set with 1 drive used for parity, parity drive is not included in total disk space*)

*The available disk space will be ~5% less than the disk's reported size. Every physical drive in an array will have the usable capacity of the smallest drive in the array.

NOTE: Multiple drives configured as a RAID 0 striped set will provide maximum disk space but will NOT provide any fault tolerance. If you install more than one drive intended for maximum disk space usage, i.e., not for fault tolerance, you MUST configure to use RAID 0 or the hardware will default to RAID 1 +0.

During the initial hardware boot sequence, you have the opportunity to accept the default logical drive configuration as shown above, or you can create the logical drive based on your drive space and fault tolerance needs. Watch for the following message during the boot process:

Slot 0 HP Smart Array Controller

Press <F8> to run the Option ROM Configuration for Arrays Utility
Press <F7> to Accept the default configuration - 2 drives in RAID 1 +0

Refer to the HP Smart Array Controller Reference Guide for configuration options and details.

IMPORTANT: Make sure the logical drive is configured as needed before installing RAMS. Any changes to the logical drive configuration, e.g., adding drives or changing the RAID level, will require a reload of the RAMS software and a restore (from backup) of the RAMS configuration and databases.

Upgrading to RAMS 5.20

• RAMS 5.20 uses a newer licensing version. For this reason, previous versions of RAMS (3.x and 4.x) license keys must be migrated (http://webware.hp.com) for use in RAMS 5.20.
• When you update from a 4.x software release, the databases is automatically renamed with a "Pre50X" prefix because the database table structure is changed. The older databases can still be viewed, but recording to them is not allowed.
• After you update from 4.x to 5.20, if you ask to revert to the alternate software and OS, you will receive a warning that the appliance will be reset to factory defaults. If you choose to go ahead, all recording configuration, databases, user accounts, etc., are deleted.
• When updating to a new software release, update the master unit first, and let it finish coming up after the reboot before rebooting the client units.

Known Problems, Limitations, and Workarounds

Known Issues in this release (5.2.11-R):

• Before adding a client unit to the master unit using the admin web interface, make sure that both units are configured to run NTP and that time on the client unit is no more than a few seconds behind the time on the master. Otherwise, a warning is issued, and the client is not added. [7870]
• In systems where a RAMS is about to be made master, or if you relinquish master status on a RAMS, recording must be stopped because the databases will be renamed. Similarly, before adding a unit as a client, recording must be stopped. If recording is not stopped, a warning is issued, and the operation will not complete. [8437]
• On a RAMS Traffic system that has been running and recording data for some time, if a new routing area or a new Flow Collector is added, Flow Analyzer will detect that an additional database is present. Flow Analyzer will then exit and automatically restart at the next five-minute boundary. During those few minutes, the Flow Analyzer status is "stopped". You can manually restart the Flow Analyzer if you wish, or you can wait for it to restart automatically.
• Before you shut down or reboot a unit that is recording routing or traffic data, stop recording. To make sure recording has stopped, verify the status on the web page or use the status details available in the GUI. This action allows time for the recorder daemons to flush any data or reports that may have been in progress.
• If a client unit fails and must be replaced, before you add the replacement unit as a client of the master unit, you must stop replication on the master unit. After you add the client, start replication again. This renames the replicated database on the master and starts replicating anew from the database on the replacement client.
• The traffic reports feature allows you to drill down to per-flow reports for a 5-minute time range. At longer time ranges, the detailed reports are disabled. A 5-minute per-flow report may be incorrectly shown if you drill down, change the time range, and select a new entry from the upper-level report. [8708]
• When you create the Recorder Configuration hierarchy, do not create an administrative domain with any of the following names: "EIGRP," "ISIS," "OSPF," "Traffic," or "TrafficReports." These words are reserved. [8724]
• Design mode may not work for edits to a BGP topology; for example, if you try to add an eBGP peering session between two BGP nodes. An error message occurs upon completion of the dialog. Design mode works correctly for edits to IGP topologies. This will be fixed in a patch release. For environments where BGP edits work, changes in the routes of a topology do not cause a corresponding change in the statistics shown in the new Network Summary panel on the map. When you close and reopen the panel, the values update. [8745, 8748]
• The new feature to save raw packet traces for IGPs does not work for OSPF or IS-IS when authentication is enabled. This will be fixed in a patch release. [8731]
• In the PD-ROUTE-EXPLORER-MIB, the names and descriptions of the rexBgpVpnLostCustReachability and rexBgpVpnLostRtrReachability traps are misleading. These traps occur when reachability is established as well as lost. [8677]

Bug Fixes and Enhancements

• This release includes updated system software to implement the revised schedule for Daylight Saving Time. Starting in 2007, the Daylight Saving time comes into effect on the second Sunday of March.
• Several memory leaks are fixed. [8096-8102, 8113, 8142-8149]
• RAMS can now handle tables that have more than 4 billion rows. [8008]
• Chargeback Labels have been removed since Traffic Groups provides greater capabilities. [8034]
• The averaging function for several Traffic Reports tables is improved with better handling of corner cases. [8116, 8119, 8133]
• Fixes are implemented to address Flow Analyzer aborts and core dumps. [8216, 8322]
• The Users page of the admin web interface has improved layout, terminology, and user account handling. [6772, 7452, 7967, 8037]
• Flow Analyzer is enhanced to automatically pick up new databases without the need to stop and restart. [7681]
• It is possible to group/ungroup and sort event lists in the GUI. [7787]
• The length limit for a new database name is 50. [8028]
• A fix is implemented to gracefully handle cases where the specified database name is more than 64 characters. An error message displays instead of aborting. [7976]
• The menu items on the admin web interface are displayed in alphabetical order. [7882]
• The Router Count License does not count the Route Recorder appliances in the tally. [7779]
• The Route Analyzer is divided into two components - one that works online to generate alerts and reports and the other to service XML RPC API queries. [6108]
• The popup menus on the elements of the topology hierarchy on the Recorder Configuration page now always appear on top of the underlying nodes and labels. [6509]
• The generation of IGP reports are optimized to reduce calculation time. Most of the IGP reports are now created by C++ code rather than Perl scripts.
• The lists of traffic exporters and flows in the GUI can now be filtered on either the exporter address or a combination of the exporter and the interface index. [7770, 7771]
• To be more clear, the ASBR information carried in OSPF type-4 summary LSAs is now reported in the event table as "Add/Change/Drop ASBR Reachability" rather than "Add/Change/Drop Neighbor." [7345]
• Several bugs were fixed in the preparation of traffic reports to improve accuracy under various conditions, such as the same exporter being recorded by two Flow Collectors. [8315, 8667, 8686, 8701]
• Some TCP and UDP ports used for communication among multiple units of a RAMS or RAMS Traffic system were not blocked as they should have been on interface other than the admin interface. [8493, 8569]
• Sorting is fixed on the Area column in the Set Interface Capacities table. [8580]
• The number of events each alert is allowed to queue in a 30-second interval has been increased to 120. [8605]
• In limited circumstances, BGP prefix announcements were associated with attributes from a VPN topology rather than the BGP topology. [8640]
• When a database backup was created on a client unit, a metadata database was deleted. That metadata database was usually empty but not always. It is no longer deleted. [8643]
• The Packet Design SMI and MIBs contained a number of compilation errors. These errors are fixed. [8703]
• RAMS now provides an option to "show RT communities only," that is, to not display BGP community values that are not in the form of route targets. [7300]
• On IS-IS adjacencies without TE enabled, the interface addresses are not known. If there is a single /30 or /31 prefix shared by the two routers, that prefix will be shown instead. [7508]
• An optimization in the memory allocator fixed a problem with slow response when you close and open some large VPN databases. [7543, 8251]
• The prefixes table now retains its sort order after a refresh operation. [8450]
• Various VPN API calls were returning incorrect vpnState. This is fixed. [8687]
• Portions of the BGP RIB Visualization graph may be disconnected from the graph at the root. You can see where the disconnected portions should be connected by looking for the same number (in dotted decimal versus decimal format) on the nodes. [8749]
• When you stop the Flow Collector, the web page may still show a Stop Recording button even though the status table shows the status as Down. Click the Stop Recording button again to update the state. [8752]

Documentation Errata

There are currently no known documentation errors.

Support

Visit the HP Software web site at:
www.hp.com/go/software

This web site provides contact information and details about the products, services, and support that HP OpenView offers.

You can also go directly to the HP Software Support web site at:
www.hp.com/go/hpsoftwaresupport 

HP Software Support Online provides customer self-solve capabilities. It provides a fast and efficient way to access interactive technical support tools needed to manage your business. As a valuable support customer, you can benefit by being able to:

• Search for knowledge documents of interest
• Submit and track progress on support cases
• Manage a support contract
• Look up HP support contacts
• Review information about available services
• Enter discussions with other software customers
• Research and register for software training

To view release notes and other documentation, complete the following steps:

1. Click Where do I find-->Product manuals.

   The product manuals search window opens. It is located at:
   http://ovweb.external.hp.com/lpe/doc_serv/

2. In the select product list, click Route Analytics Management.
3. In the select version list, click 5.20.
4. To start the search, click Open or Download.

Legal Notices

©Copyright 2007 Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without notice.

The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.