HP Route Analytics Management System 8.01 / Traffic Analysis
This document provides important information about the Route Analytics
Management System (RAMS) version 8.01 and the Traffic Analysis Add-On
version 8.01. The information here may not be available elsewhere.
NOTE: Starting with this release, the RAMS product
release version is aligned with HP Software Network Management Centre software
modules version. It will no longer correspond to the appliance software version. The
product version in this release is 8.01. The appliance software version is 6.1.
Problems, Limitations, and Workarounds
Fixes and Enhancements
Route Analytics Management System 8.01
RAMS 8.01 includes the following major, new features:
- The Traffic Analysis Add-On in RAMS 8.01 has added ability to monitor,
analyze, plan and report on traffic in the MPLS core of a BGP/MPLS VPN service
provider network. Traffic can be analyzed per customer, per CoS, per link
and per PE router, or any combination of these. The VPN feature is
expanded to display a per-customer VPN topology map. Drill-down to
individual flow records for investigating a traffic event is added in the new
Flow Record Browser. This major Traffic Analysis Add-On feature is
built on a much more scalable traffic measurement implementation in this
release, for all types of networks.
- The RAMS 8.01 topology map adds support for grouping of nodes into containers
which simplifies visualization of a large network. The containers can be
opened and closed to explore a given subset of interest in the network. The
underlying map graphics implementation is also new, providing improved icons and
anti-aliased lines for a more clear image. The overall look of the application
is new as well, including reorganization of some of the menus to make functions
more easily accessible.
- RAMS 8.01 includes a new architecture for alerts which provides significantly
increased flexibility, granularity and scalability. Alerts can now be
delivered via email in addition to SNMP and syslog and be stored and viewed in
the GUI. Alerts are now configured in the RAMS GUI and not from the Web Admin
page. Note: since VNC display 1 is shared and authenticated separately from user
accounts, alerts cannot be configured using the GUI in VNC display 1.
As part of the new alert system change, the PD-ROUTE_EXPLORER MIB mib-tree
structure has been changed in order to provide a streamlined, smaller set of
well-understood, concise alerts. Consequently RAMS SNMP trap OIDs in this
release are not
compatible with previous versions of RAMS.This means that any custom
configurations done for the alerts in previous versions of RAMS will also have
to be manually migrated since they will not be compatible with the new alerts
- RAMS 8.01 has added support for user authentication and authorization via an
external TACACS+ or RADIUS server for those installations that use such servers.
When an external server is not available, the master unit in a multi-unit system
can provide the authentication service to the client units instead of managing
user accounts separately on each unit as in previous releases.
Other new and enhanced features in RAMS 8.01 are:
- In previous releases, the GUI modes were named Online, History and Design.
These are renamed to Monitoring, Analysis, and Planning respectively, to
more accurately reflect the activities and workflow of these modes.
release supports the ability to edit an IGP recorder configuration without
stopping the recorder. Physical interfaces and tunnels may be
added or removed, or in the case of tunnels, edited. 
- When loading an event list
spanning millions of BGP or VPN routing events, the processing may take a
long time and the process memory limit may be exceeded. This
operation now monitors the consumption of memory and terminates prematurely
if the memory
limit would be exceeded.
- For many networks that employ BGP, the high
density of BGP peering links on the map was not useful. In this
release, display of
these peering links can be controlled by an option setting. Note: The
default setting for the option is "off", which is a
change in behavior from previous releases. You must enable this option
in order to view BGP peering links in the GUI. 
- A second
Administration->Options->Miscellaneous option is added to support the
display of BGP NextHops as nodes on the map connected to the nodes
advertising those NextHops.
- A new option is added to support the display
of link metrics associated with links on
- Groups of network elements (routers, links, prefixes) can be
defined to serve as watchlists for alerts and can also be used in
filters on tables in the GUI. The routers in a container on the map also
constitute a router group that can be used for alerts or
- Planning mode now supports planning for VPNs to add customers, sites or
prefixes and to add or down a VRF on a PE.
- The router info panel includes a Prefixes button to display the list
of prefixes for that router. This table, in previous releases,
showed the routes from all routers announcing those prefixes to allow
comparison. The information was found to be confusing. In this release, the
table shows only the routes announced by the initial router. 
- Beginning with RAMS 8.01, only one User's Guide is published.
Annotations are added to indicate features that are only applicable to traffic analysis
add-on and VPN recording.
- A "remove licenses from this unit" button is added to Web Admin License
page. This will allow licenses to be cleared on a single unit if you
wish to start with fresh license keys again. Note that if you remove
licenses from a client unit which has inherited licenses from the master
unit, you must click on the "Re-apply license" on the master unit to
re-apply inherited licenses from the master unit.
- The "System Information" download from the Web Admin Support page now
includes the license keys that have been applied on the unit. Note
that for a client unit, the retrieved license keys may include ones
inherited from the master unit.
The following information is important for RAMS or the Traffic Analysis
Add-on installation and deployment:
- Since the 5.2 release, the appliance defaults to using static
addressing rather than DHCP on its administrative interface. The
static address must be configured, or DHCP enabled, using the serial
console. (See RAMS Appliance Setup Guide.) Configuration with a static
address is recommended because it is important that the address does not change after the
appliance is configured.
- When updating from a 5.x software version, the
databases are automatically renamed with a "Pre60X" prefix because the
database table structure has changed. The older databases can still
be viewed, but recording to them is not allowed.
- After updating from 5.x
to 6.x software version, requesting to revert to the alternate software and
OS will result in a warning that the appliance will
be reset to factory defaults. If the user still decides to go ahead, all
recording configuration, databases, user accounts, etc., will be deleted,
but licenses are retained. .
- A RAMS
Traffic system or a distributed RAMS system is comprised of multiple units.
One unit is designated as the master. All licenses MUST be
applied on the master, which will then distribute the licenses to the
- Before adding a client unit to the master unit using the
admin web interface, make sure that both units are configured to run NTP and
that time on the client unit is no more than a few seconds behind the time
on the master. Otherwise a warning will be issued and the client will not be
- Before shutting down or rebooting a unit that is recording routing
or traffic data, first stop recording and make sure that it has
stopped by verifying the status on the web page or using the status details
available by clicking on the status LED in the GUI.
This is to allow time for the recorder daemons to flush any data or reports
that may have been in progress.
- When updating to a new software release, update the master
unit first and let it finish coming up after the reboot before rebooting the
- Starting with this release, a RAMS client unit can no long
inherit protocol licenses from the master unit; only Route
Recorder client units can inherit protocols from the master unit. This
fixes a defect in previous versions.
- When updating the software from a pre-6.1 software version release, the existing accounts
configured on each unit will be transferred into the new
local authentication server running on that unit. To switch to a single
authentication server on the master unit, a common shared
secret must be configured on the master and each client unit.
- In systems
where a RAMS system is about to be made master or where master status is
about to be relinquished, recording must be
stopped because the databases will be renamed. Similarly, before adding a
unit as a client, recording must not be running on that
client because the databases will be renamed. If recording is not stopped, a
warning will be issued and the operation will not
- When a new system is first being brought up, it may be
necessary to exit the GUI and restart the GUI again, if the database has
not been created before the GUI was started.
The following information is important for RAMS Traffic Analysis
Add-on installation and deployment:
- The NetFlow
sampling ratio should be set appropriately for the traffic level. For a
small ISP, a ratio of 4 to 16 could be enough. For larger tier-1 ISP, a
sampling ratio of 1024 to 2048 is fine. It is recommended that the ratio
not be set higher than 8192 to avoid introducing too much inaccuracy.
Make sure that the NetFlow sampling ratio specified in the Flow Collector
configuration matches the sampling ratio that is configured on each
exporting router. The sampling rate may be set to different values for
each exporter if needed. If these settings do notmatch, RAMS Traffic
will over-report or under-report the traffic levels. RAMS Traffic does not
currently have any means to detect a mismatch on its own.
- It is
that the NetFlow active flow timeout which is used to detect long-lived
flows, be reduced from its default value to no more than to 15 minutes and
preferably to one minute. If the aggregation cache is used, its active
timeout must also be similarly set. Exceeding these times can cause NetFlow
data to be delivered to the Flow Collector too late for processing, in which
case it is dropped. For the inactive timeout, the
default value need not be changed.
- When opening a collection of topology
databases including traffic, the GUI will start in Analysis mode instead of
The selected time is also set to the ending time of the traffic data which
is typically 20-30 minutes earlier than the current time.
Before installing RAMS or Traffic Analysis, make sure that your system meets
the following minimum requirements:
- Supported Hardware Platform
in descending list of preference
- HP ProLiant DL 380 G5, DL 360 G5, DL 380 G4, DL 360 G4p, DL 360 G4, DL
NOTE: Starting with this release, the hardware
component requirements specified in the RAMS8.01 Support matrix must be
adhered. Problems related to inadequate hardware configuration which do not
follow the recommended guidelines will not be supported.
Disk Configuration of RAMS appliance
IMPORTANT: Consider your disk space requirements and fault tolerance
needs and ensure that all available physical drives are installed before
powering up the HP ProLiant server for the first time.
Starting with this release, the Flow Collector is only supported on a
DL 380 G5 hardware platform. RAMS will require two logical drives
be configured for a Flow Collector unit - the first logical drive must be set at
RAID 1 + 0, the second logical drive set at RAID 0. If you have an
existing Flow Collector unit running a pre-6.1 software version, you must
re-configure the server with two logical volumes and install the 6.1 software
version from a CD image. Failing to do so can cause unexpected behavior.
Cases reported as such will not be supported.
For all non-Flow Collector units, RAMS will only utilize a single logical drive as configured on the ProLiant
DL380/360 hardware; this means any extra physical disks configured in a second
logical drive will be not be recognized by RAMS.
For detailed steps to configure a RAMS 8.01 Flow
Collector, it is recommended that you use a HP Proliant SmartStart CD (shipped
with the server). The SmartStart CD provides a more comprehensive Array
Configuration Utility interface. Please refer to instructions in the
RAMS Appliance Setup Guide.
The following describes a quick way to configure a
single logical drive.
During the initial power-up of a new server, an
auto-configuration process uses all of the physical drives on the HP Smart Array
controller to set up a single logical drive. The default RAID (fault tolerance)
level used for the logical drive depends on the number of physical drives as
- 1 drive = RAID 0
- 2 drives = RAID 1 +0 (Mirrored set, total disk space* is the size of
- 3 or more drives = RAID 5 (Striped set with 1 drive used for parity,
parity drive is not included in total disk space*)
*The available disk space is ~5% less than the disk's reported size.
Every physical drive in an array will have the usable capacity of the smallest
drive in the array.
NOTE: Multiple drives configured as a RAID 0 striped set will provide maximum
disk space but will NOT provide any fault tolerance. If you install more than
one drive intended for maximum disk space usage, i.e., not for fault tolerance,
you MUST configure to use RAID 0 or the hardware will default to RAID 1 +0.
During the initial hardware boot sequence, you have the opportunity to accept
the default logical drive configuration as shown above, or you can create the
logical drive based on your drive space and fault tolerance needs. Watch for the
following message during the boot process:
Slot 0 HP Smart Array Controller
Press <F8> to run the Option ROM Configuration for
Press <F7> to Accept the default configuration - 2
drives in RAID 1 +0
Refer to the HP Smart Array Controller Reference Guide for configuration
options and details.
IMPORTANT: Make sure the logical drive is configured as needed before
installing RAMS. Any changes to the logical drive configuration, e.g., adding
drives or changing the RAID level, will require a reload of the RAMS software
and a restore (from backup) of the RAMS configuration and databases.
Upgrading to RAMS 8.01
- RAMS 8.01 uses a new licensing version. For this reason, supported
migrations of previous
versions of RAMS (5.x) license keys must be migrated (http://webware.hp.com/) for use in RAMS
- A software update from 5.x version of a Flow Collector to the 6.1 software version
in RAMS 8.01 without reconfiguring the hardware minimally with two logical
drives is not supported . See text in the above "Hardware
Requirements" section for more information.
- When you update from a 5.x software release, the databases is
automatically renamed with a "Pre60X" prefix because the database table
structure is changed. The older databases can still be viewed, but recording
to them is not allowed.
- After you update from 5.x to 8.01, if you ask to revert to the alternate
software and OS, you will receive a warning that the appliance is reset
to factory defaults. If you choose to go ahead, all recording configuration,
databases, user accounts, etc., are deleted.
- When updating to a new software release, update the master unit first, and
let it finish coming up after the reboot before rebooting the client units.
Known Issues in this software release version (6.1.11-R):
- Software update to software version 6.1 is only supported from 5.2 and 5.5
releases; updating from pre-5.x requires updating to 5.5
- When updating from a 5.x release, the Peer
configuration information for a BGP recorder instance for MPLS/VPN is not
fully retained. Specifically, after the update to 8.01 release, the "BGP ext for
MPLS VPNs" check box in the configuration page for BGP peer(s) becomes
unchecked. You must check the box for each peer that should record VPN
routes before you start recording in order to restore the MPLS/VPN recording
- If the VNC server was not stopped prior to updating from a
5.x version, the VNC "started" state is retained after the update to 6.1
version. If the RAMS GUI is opened via VNC display 1 soon after the
update completes, the RAMS GUI will display a " No valid GUI and
router count license" error message. The fix is to stop and restart the VNC
server. Note: VNC displays 2 and higher do not exhibit this behavior.
this software version of 6.1, the Recorder Configuration allows only
a single top-level administrative domain to be created. Users who need
domains to configure different portions of their network should create one
top-level domain with subdomains under it. With existing
configurations that already contain more than one top-level administrative
domain, you can only configure alerts on the first lexicographically-ordered named
domain. In general, alerts do not work correctly for all
administrative domains when more than one top-level domains are configured. In the case when a recorder client with
an existing administrative domain configuration is added, that configuration
will be pulled up to the master which may create a new top-level domain.
If you want alerts to work correctly across all recording topologies, you
must move the client's existing recorder configuration hierarchy from
the client administrative domain(s) to the master's administrative top level
domain or to its subdomains. It is strongly recommended that before
the move is performed, you should stop the client's recording, save
the client's recorder configuration information needed for re-construction
at the master, as well as renaming or saving the client databases first.
You can then proceed to delete the client's administrative domain and re-add
the client's recording configuration to the master's top-level domain.
new feature in the 5.5 release was to write an event in the
database for each OSPF or ISIS protocol packet received. These
events allow monitoring protocol activity separately from the link
state change events that are extracted from the packets. In this
release, the protocol packet activity is still available as a
graph in the History Navigator, but the events are not being
written to the database. This change was made to avoid scaling limits
for database replication with very large OSPF networks. In the next software
version release, recording of the protocol packet events will be an option
in the configuration for each protocol recorder. 
- If a client unit fails and must be
replaced, before adding the replacement unit as a client of the master unit,
you must stop
replication on the master unit. Then after adding the client, start
replication again. This will rename the replicated database
on the master and start replicating anew from the database on the
- The last TCP ACK packet sent in response to an XML RPC API query sometimes
may have a malformed TCP header, causing your client to retransmit
FIN/ACK packets until giving up. All the data is transferred
successfully before this. 
- The latest version (8.2) of the StarNet
X-Win32 X Window Server for MS Windows causes progress register dialogs to
be left on the screen. As a workaround, the link provided on the RAMS web
server Support page will access the 8.0 version. 
Following are selected fixes and enhancements since RAMS 5.5.18-R.
- A bug that prevented viewing the User's Guide from the GUI Help menu on
VNC displays 2-10 has been fixed. 
- The binary log files that are
used to replicate databases between units were consuming too much disk
space. They are now being trimmed more aggressively. 
topology exploration using SSH protocol will now work with routers having
host keys as short as 512 bits. 
- A TrueType font for Japanese is
installed so that router names in Japanese can be properly displayed. [Part
- The IGP recorder configuration page now displays the status of
all active interfaces or GRE tunnels that are multiplely monitoring the same
area of topology. 
- Links that have been down longer than the timeout period that
the user has configured will no longer be shown in the List Links table nor
counted in the Network Summary. 
- Path highlighting to a BGP
NextHop node for destinations outside the network now works. 
new feature was added to display protocol packet pseudo-events (OSPF LSAs
and IS-IS LSPs) in the Events table. An option has been added to
enable/disable display of those events. The display is disabled by
- If protocol packet events are enabled for display (see above item
10471), an option is available to prefilter these events when the events
table is opened. 
- The user option to disable showing EBGP NextHop nodes on
the map now works for VPN topologies in addition to BGP topologies. The EBGP
NextHop nodes can also be assigned names in the Router Name Repository.
- The Add VPN Customer wizard used in Planning mode will now
create different RDs for each VRF. 
- Intermediate Traffic Reports
databases are now renamed or deleted in conjunction with the corresponding
Traffic databases. 
- When updating from 5.x to 6.1, the 5.5
databases are now renamed with a prefix of just "Pre60X" and no timestamp in
addition. This is to avoid inconsistent prefixes across multiple recorders
in a distributed system, which resulted in two traffic tabs in the
History Navigator. 
- Various functions highlight a router icon on
the map by flashing it yellow. Now the highlight alternates between yellow
and black to be more visible. 
- The "Columns" button at the top of
the Traffic Reports dialog has been replaced with an icon at the right edge
of the same line. This makes its appearance consistent with the other
controls for the report. 
- To be compatible with IS-IS protocol as
implemented on Alcatel routers, the TE Router ID TLV, if available, is
used as the source of the router ID, rather than the IP Interface Address
- If a second Modeling Engine is added to a distributed system, it will now
inherit license capabilities for protocols and router counts from the master
unit and from any Route Explorer or Route Recorder units in the
configuration. Thus the second Modeling
Engine will have the same capabilities as the master Modeling Engine, as was
originally intended. 
- For EIGRP topology exploration, the
CLI parser was enhanced to accept a repeated AS number as in the example
"Redistributing: static, eigrp 120 120, bgp 65533". This limitation was
causing external prefixes to be ignored. 
- Filters were added for
the columns of the Topology Errors table displayed for EIGRP topologies.
- In an EIGRP network, if the two ends of a link have different
prefix mask lengths, the mask lengths are highlighted in red on the link
info panel. 
- When configuring a new BGP protocol instance in the
Recorder Configuration, the BGP ID now defaults to the highest interface IP
address of the recorder unit rather than being blank. 
names can now be longer than 64 chars. This was a problem when long
administrative domain names or multiple levels of domains were used in the
recorder configuration. 
- Opaque BGP extended communities are now
properly excluded when creating VPN Summary piecharts if the "Show RT
communities only" option is checked. 
- Tables are now automatically
sorted on the first column when initially displayed for the Router Name
Repository, AS Name Repository, Saved Filters, and VPN Customer-RT Mapping.
Similarly, the Router Group List is sorted. [10321, 10651]
- When opening a
table of events, the option to prefilter protocol packet events is now
Visit the HP Software web site at:
This web site provides contact information and details about the products,
services, and support that HP OpenView offers.
You can also go directly to the HP Software Support web site at:
HP Software Support Online provides customer self-solve capabilities. It
provides a fast and efficient way to access interactive technical support tools
needed to manage your business. As a valuable support customer, you can benefit
by being able to:
- Search for knowledge documents of interest
- Submit and track progress on support cases
- Manage a support contract
- Look up HP support contacts
- Review information about available services
- Enter discussions with other software customers
- Research and register for software training
To view release notes and other documentation, go to the following URL:
NOTE: To view files in PDF format (*.pdf), Adobe Acrobat Reader must
be installed on your system. To download Adobe Acrobat Reader, go to the
ęCopyright 2008 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice.
The only warranties for HP products and services are set forth in the express
warranty statements accompanying such products and services. Nothing herein
should be construed as constituting an additional warranty. HP shall not be
liable for technical or editorial errors or omissions contained herein.
Open Source Software Acknowledgement
The full acknowledgement for open source software components included in the RAMS
and Traffic Analysis-Add on product can be obtained by opening the "About HP
Route Analytics Management System" link under the Help menu in the RAMS GUI.
The "Click Here" link from the "About HP Route Analytics Management System" page
also provides information and agreement on the
provision of source code for the mentioned software components.