HCO Study Guide for 1.2

Questions and Answers

What responsibility does an organization have when incorporating third-party content?

The organization is solely responsible for any risks involved. (correct)

The organization should share the content with its partners.

The organization must ensure that it complies with all industry standards.

The organization must obtain a license from the third-party provider.

What should an organization do before integrating custom scripts or recommendations?

Review and assess their possible incorporation. (correct)

Conduct a thorough external audit.

Automatically implement them to save time.

Consult with clients about the scripts.

What type of products does SolarWinds offer for free trials?

Only network management tools.

Security and compliance software only.

Only database monitoring tools.

All kinds of IT management products. (correct)

Which aspect of SolarWinds products is emphasized in their development?

They are built by engineers connected to the IT community.

What should an organization consider when choosing to use third-party scripts?

The potential implications and risks of integration.

Which field represents the source autonomous system number in BGP?

SourceAS

Which of the following fields must be included in the template for the packets group to avoid showing 0 in the packets column?

SourcePort

What does the ApplicationID field signify in the context provided?

Application detected in NBAR2 flow

If you want to specify the destination TCP port, which field should you refer to?

DestPort

In the context of BGP, what does the field PeerSrcAS represent?

Peer source autonomous system number

Which of the following fields indicates the destination TCP/UDP port?

DestPort

Which type of service is indicated by the ToS field?

Type of service

What is the minimum requirement for including source ports in the template?

At least one of the source port fields

What is the first step to enable NetFlow monitoring for selected nodes?

Click My Dashboards > NetFlow > Flow Sources

How often does the SolarWinds NPM polling engine collect network information for nodes after the initial data collection?

Every ten minutes

What occurs after SolarWinds NTA is installed and devices are added?

Baseline is established by collecting network statistics

What should you verify before leaving SolarWinds NTA to gather data?

The correct interface ports and applications are set for flow data

What is the purpose of enabling NetFlow and CBQoS monitoring?

To collect and analyze flow data

How does SolarWinds NTA detect and analyze flow data after a device is added?

Automatically if device interfaces are configured to send flow data

Which setting path is correct to disable flow sources in SolarWinds?

Settings > Product Specific Settings > NTA Settings

What signifies an increase in CPU usage after adding a device to the SolarWinds Platform database?

Initial data collection by SolarWinds NPM polling engine

What is the first step to filter network traffic by IP address groups?

Select the IP address groups involved

What action should you take to view network traffic using specific protocols?

Select the protocol to Include or Exclude

Which option allows you to add more filtering criteria for IP address groups?

Click Add Filter

What does the Local NetFlow Source provide information about?

Live NetFlow traffic data

Which feature is enabled by default when installing NTA version 4.6 and later?

Local NetFlow Source

What is necessary to save your custom filtered view in the Flow Navigator?

Click Submit and then Save Filtered View

What are the available functions provided by the Local NetFlow Source?

Navigation, drill-down, filters, and reporting

What happens when you expand the Types of Service section?

Select specific service types to include or exclude

What is the correct method to add multiple domains in the Flow Navigator?

Enter a domain name and click Add Filter after each entry.

Which notation can be used to specify a range of IP addresses when including or excluding traffic from a subnet?

CIDR notation, such as 192.168.1.0/24.

When entering an IP address group in Flow Navigator, what indicates that the group is inactive?

The name will have '_DISABLED' added to it.

What happens if a domain name is not resolved in NTA when trying to filter traffic?

NTA will prompt you for a valid domain name to use.

Which of the following is NOT a step for including or excluding traffic related to specific endpoints?

Select all endpoints for inclusion in one action.

Which action must be taken to exclude traffic from a specified subnet?

Enter the subnet range, select Exclude, and click Apply.

What should you do if you want to include additional endpoints after your first entry?

Click Add Filter to enter another endpoint's details.

To filter out specific IP address groups in Flow Navigator, which of the following is required?

Simply entering the group name and applying the filter.

What could cause the 'Last Received Netflow' to show 'Never' or a past date?

The device is not configured for Netflow.

Which of the following best describes a likely situation where Netflow data might not be received?

There is a misconfiguration on the Netflow sender.

What aspect of Netflow Sources does the issue primarily affect?

The last date data was received.

If a Netflow device is working properly, what should the 'Last Received Netflow' indicate?

A current date and time.

Which action might help resolve the issue of displaying 'Never' in the Last Received Netflow?

Rebooting the Netflow source device.

What is a common sign that the Netflow source is not sending data?

Last Received Netflow shows 'Never'.

What troubleshooting step is NOT relevant when addressing the Netflow reception issue?

Changing the color scheme of the monitoring dashboard.

Which scenario would NOT likely cause the Last Received Netflow to show a past date?

The Netflow source has been operational.

Study Notes

NTA Flow Requirements

• SolarWinds NTA supports various flow protocols, including NetFlow, sFlow, J-Flow, and IPFIX.
• NetFlow versions 1, 5, and 9 are supported. NetFlow v9 requires a template with all necessary fields.
• sFlow versions 2, 4, and 5 are supported.
• J-Flow versions 2, 4, and 5 are supported.
• IPFIX is supported for IPv4 traffic generated by ESX 5.1 and later, and by VMware vSwitches.
• NetStream versions 5 and 9 are supported.
• NetFlow Lite is supported on Cisco Catalyst 2960-X, 2960-XR, 3560-CX, and 2960-CX devices.
• Some devices export flows without specifying sampled status; SolarWinds NTA treats these flows as unsampled.

Cisco Flexible NetFlow Configuration

• Exporting flows on some Cisco devices (like the 4500 series with Supervisor 7) requires Flexible NetFlow.
• Scripts and documentation are not guaranteed and carry no warranty.
• The example provided demonstrates a proper configuration for a Cisco 4507 with Supervisor 7 to successfully export flows.

Difference Between Polling Engine and Collector in NTA

• Flow collectors gather flow records from devices that have flow-enabled.
• Collectors process and analyze the gathered flow data, and present the data in a web-based interface.
• Polling engines ping devices to request data.
• SolarWinds NTA is a collector, not a polling engine.

How NTA Works

• SolarWinds NTA collects CBQoS and flow data, processes it, and presents it in reports.
• NTA analyzes bandwidth consumption based on user, applications, protocols, and IP address groups
• NTA tracks conversations (internal and external)
• NTA provides detailed traffic analysis over time intervals (minutes, days, or months).
• Data travels from flow-enabled devices to the NTA collector which stores data in the NTA Flow Storage database.
• CBQoS implementations function similarly to flow-enabled implementations, except NetFlow collector polls each device.

NTA Supported Protocols

• Supported flow protocols in NTA include NetFlow, sFlow, J-Flow, and IPFIX.
• Sampled flow data collection collects a sample of the data.
• Non-sampled flow data collection collects all the data.
• NetFlow v9 configuration is the same as version 5 but uses a predefined template that is exported in separate flows.
• sFlow v2, v4, and v5 are supported.
• J-Flow is supported.
• IPFIX is supported for IPv4 traffic from ESX 5.1 and later. NetStream v5 and v9 are supported.

Setting Up Network Devices to Export NTA Data

• Configure your devices to send flow data to NTA on port 2055 (default).
• Each device must be configured to export data to NTA and monitored by NPM.
• Interfaces exporting data to NTA must be monitored in NPM.
• Interface index numbers must match in the collected flow data.

Flow Environment Best Practices

• Determine where to enable NetFlow for optimal data visibility and performance. Prioritize core or distribution layers over access layers.
• Be mindful to ensure traffic data collection is not unnecessarily duplicating data.

Required Fields in SolarWinds NTA

• NTA uses templates with mandatory and optional fields to structure flow data.
• Failure to include required fields will result in the flow data being ignored.
• The required fields are determined by the device exporting the flows,
• Several field types are detailed, including Protocol, Source Address, Destination Address, InterfaceRx, Bytes, InitiatorOctets, ResponderOctets, and optional fields.

Add Flow-Enabled Devices and Interfaces to the Database

• Specify the NTA server as the destination for flow data exports.

• Only devices with discovered interfaces by NPM can be added as flow sources.

• Flow-enabled devices in the NTA database must be designated as flow sources.

• Separately add devices to NPM and designate them as flow sources in NTA.

Disable Flow Sources and Enable/Disable CBQoS-Enabled Devices

• Disable NetFlow and CBQoS monitoring through the NTA settings in the SolarWinds Platform Web Console.

NTA Charts

• NTA charts summarize widget-related data, displaying different types, including stack area, stack spline area, stack line, line, spline, and bar charts.
• Pie charts in NTA show the Top 5 Endpoints widget with absolute percentages.
• Charts offer features for zooming, disabling data series, and interactive exploration for detailed view.

Create Custom Views with NTA

• Use the Flow Navigator to create custom traffic views.
• These views can contain multiple conditions on devices, applications, time periods, or other criteria.
• Configure filters by selecting particular application types or particular IP addresses or hostnames.

Local NetFlow Source

• The Local NetFlow Source in SolarWinds NTA can present live traffic data from the main polling engine, providing a basic insight.
• When installing NTA 4.6 or later, and upgrading a previous version, the Local NetFlow Source requires manual enablement.
• Managing the Local NetFlow Source occurs through operations in the SolarWinds Platform Web Console.

NBAR Applications

• SolarWinds NTA monitors NBAR2 application traffic, using application classification.
• Displays unknown or unclassified applications based on available classifications.

Monitor Applications and Service Ports

• To monitor ports or applications in NTA, configure them in the NTA Settings -> Application and Service Ports section.

IP Address Groups Unification with IPAM

• NTA 2020.2 can unify IP address groups with SolarWinds IPAM.
• Import IPAM IP address groups to use the same way as standard NTA IP address groups.
• Use IP address groups in Flow Navigator or NTA searches.

NTA Settings Page

• Contains settings for NetFlow management, applications and service ports, or autonomous systems.
• Provides options for managing these settings.

Top Talker Optimization in NTA

• Top Talker Optimization reduces processing load by filtering less bandwidth-intensive flows.
• Configure the maximum percentage of traffic to collect.

NetFlow Collector Services

• Monitor NetFlow collector services to view their status.
• The status and ports that collectors are listening to for NetFlow data are provided.

Edit or Add Collection Ports in NTA

• Allows modification of listening ports for flow packets.

DNS Resolution Options in NTA

• NTA supports options for DNS resolution of IP addresses to hostnames.
• There are options for immediate resolving (default) and on-demand resolving.

How Default DNS Resolution Works in NTA

• Hostnames are stored directly in individual flows.
• NTA waits for DNS server responses, then uses the resolved hostname for flows from the IP address for the next 7 days.
• If there's no DNS resolution after a minute, querying is repeated.
• Unresolved hostnames are stored based on their IP addresses.

Troubleshoot Collector Services in NTA

• Troubleshoot issues by checking the status of the SolarWinds NetFlow Services.
• Ensure the database connection, CPU, and memory are sufficient and working correctly.

Configure Flow Alerts

• Configure alerts based on custom SWQL queries, not just default thresholds.

Configure the Alert Application Present in Top Applications/Application Not Present

• Application, or NBAR2 application in Top Applications and NBAR2 Applications lists; missing in the applicable widgets.

Configure the Alert NetFlow source not receiving any data.

• Alert when a node or interface does not send data over a defined time period.

Description

Test your knowledge on the responsibilities of organizations when incorporating third-party content and the essentials of managing network products like those from SolarWinds. This quiz covers various aspects of network management, including BGP fields and packet templates. Enhance your understanding of best practices in network management.