Show me your dashboard…

Zenoss Core open source dashboard

network admin zenoss dashboard

We use zenoss core (open source) to monitor our devices. We have tried zabbix, nagios, and cacti, but Zenoss seems to be the easiest to manage and maintain. I can create custom snmp templates with thresholds that can overlay our rrd graphs. Zenoss also allows you to create email notification triggers based on the severity and threshold set on each graph template. You can see two of these custom graphs in the zenoss dashboard image above. I’m monitoring our wireless dhcp pools and each of the Enterasys Extreme N7 chassis slot CPU’s.

I also have weathermap installed on our linux server that’s also hosting zenoss and the link to the PNG file is placed on the zenoss dashboard. Weathermap is a nice open source network visualization tool. You can create a custom network map that will draw link speeds and colors based on rrd files. I set the weathermap config to point to the zenoss rrd files that can be located under each sub folder in the /opt/zenoss/perf/Devices main directory.

An Intro to the Allot NetEnforcer Bandwidth Management Device

Allot communications makes a very robust bandwidth traffic manager device which is also sometimes called a packet or traffic shaper. I had seen the Allot NetEnforcer in action before and was able to sway my current employer to purchase an ac-1440 in order to help shape and prioritize our WAN traffic. We typically have plenty of available bandwidth as we are working with a 1Gbps pipe. However, even a 1Gbps pipe can be saturated, especially when you start rolling out gigabit to the edge. The Allot NetEnforcer is a unique device, given that you can just place it directly in between your WAN edge device. With the device inline, no additional latency was detected. The Allot even comes with a bypass unit. If the NetEnforcer ac-1440 appliance decides it wants to choke, then the bypass unit takes over. This works great for when you decide to upgrade the firmware on the appliance as well. In my testing the bypass unit only dropped one or tow icmp packets when switched into bypass mode.

The first thing I did after installation was create rules to limit overall bandwidth being used on our dorm network subnets. I then created additional granular rules to limit how much bandwidth each IP in that subnet can be allotted. The Allot also does a great job in classifying different traffic types. P2P is almost always matched correctly. Even the pesky encrypted type too. You have to keep your protocol packs up to date, as signatures are constantly changing. Allot does a great job in getting classifications updated through their protocol pack updates. Blizzard WOW is even classified properly, which means as you throttle P2P, WOW will not be added in the P2P category. But hey we’re not here to make your P2P experience horrible; we just want to make sure everyone gets their fair share of bandwidth and the NetEnforcer allows you to do just that.

Here’s a picture of the top 15 protocols identified. The orange spike in the beginning are Apple Software updates. That was the spike we saw when around 500+ apple devices tried to download the new iOS version 7 all at the same time.