Last week, I put together a list of Network Management Tools that I use on a daily basis and find helpful. Now, I want to spotlight each of those tools. First up on the list: Solarwinds Orion.

Orion is an awesome tool and is the heart of our network management system. It allows me to create visual maps of the network and drill down from the network overview, to a physical location, to device, and then to an individual interface. We can see at a glance any locations, devices, or interfaces with problems.  If any network device goes down or sees packet loss, I immediately get an email.

Orion has really allowed us to be a lot more proactive at managing the network.  In the past, we didn’t know there was a problem until a user called and said they couldn’t access the network.  Then, we had to identify which device had the issue.  With Orion, we can often identify and begin working on a network issue before the end user even knows.

Below are a few screenshots of our environment.

Main page - we can see the entire network at a glance (any location with a problem will have a red exclamation point) as well as a list of current and recent problems:

Individual location - this is out East Cobb location.  A similar map exists for each physical location.  Here, we have every network device located at this location.  The list below the map gives a quick status of each devices and the links between them.  All devices are currently up, which is good, but any device that’s down will have a red exclamation point on it.

Now, let’s look at a device.  Here, we’re looking at our core switch/router.  We get some nice general stats, such as CPU and memory utilization and response time, as well as a lot more detail in the left column: IP address, Device type, host name, IOS version, and last boot time.

Further down the page, we get a list of all of the monitored interfaces on this device, along with their status (up or down), description, and current utilization.  As you can see, the network isn’t very busy today.

From here, we can drill down into an actual interface and see a lot of information about current conditions on that interface, as well as generate custom charts showing historical data.

As you can probably tell, I am really happy with Orion.  There are definitely cheaper products out there, but I haven’t found another product that’s as easy to navigate while giving me this much information about the network.  Once you get more than a couple of switches and servers, a network monitoring tool like this is essential to keep the network up and running at peak performance.

I often get asked “How do you guys handle this?” or “How do you manage that?” Unfortunately, I haven’t found a single tool with a reasonable price that handles every aspect of network management. There are just so many different requirements: Outage reporting, performance monitoring, traffic analysis, device tracking, configuration file management, and IP address management are a few of them.

I’ve implemented a suite of tools that I feel does a really good job. I’m going to start with a list, and follow up every day or two with a spotlight on each product.

• Solarwinds Orion - Orion is the heart of our network management tools. It monitors key interfaces on all of our network devices and provides detailed performance metrics as well as outage notification emails. Everything is presented on nice graphical maps depicting the physical layout of our network.
• Scrutinizer - Scrutinizer is a netflow traffic analyzer. It takes a stream of netlow data from various router interfaces and breaks down traffic by source and destination as well as protocol. I monitor all of our uplinks from each IDF to the core router as well as the point to point circuits to remote sites with scrutinizer.
• Nedi - Nedi is a really cool tool. It goes out and polls every network device every few minutes and retrieves the ARP and CAM tables as well as various other data. It allows me to do some really neat and useful things. For example, if I identify and IP address or MAC address that’s doing something bad, I can search in Nedi and identify exactly which building, switch, and port number that machine is located on.
• Rancid - Rancid manages backing up the configuration of all of our network devices as well as tracking changes. Every switch and router gets polled every hour and, if the configuration has changes, the new configuration is committed to a CVS repository. A web-based viewer allows me to view all of the versions as well as do diffs to determine what changed.
• Infrastructure Search - This is a search utility developed by a friend. It integrates with Rancid and allows me to search every configuration file on every network device for a specific string. This tool is awesome if you’re trying to find, for example, every switch a specific VLAN exists on.
• IPPLan - IPPLan is a IP address management system. It allows me to view each subnet and see what device each IP is assigned for. At last count between all of our internal and external blocks and remote sites, etc., we have 31 different subnets. A tool like IPPLan is essential for keeping up with all of that.
• Future: Snort - I haven’t actually implemented Snort yet, but it’s on my list. Snort is an open source Intrusion Detection and Prevention system.

Over the next few days, I’ll be making a separate post with more details and screenshots of how I’m using each of the above tools.