Getting reporting on top talkers/listeners, bandwidth use, etc on Switch

  • 1
  • Question
  • Updated 5 years ago
  • Answered
I attended an intro webcast on the new switches, and was very impressed, so we ordered a demo unit immediately. Since we got it, I'm pretty much unable to get any usable statistics out of it. Nothing like what was shown in the video. What am I doing wrong? I've been through HMOL several times and I must just keep skipping the place I need to go. Can anyone help?
Photo of John Hoover

John Hoover

  • 6 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of Brian Powers

Brian Powers, Champ

  • 396 Posts
  • 92 Reply Likes
You were watching/attending a webinar on the new HiveOS 6.x code as well as the new product line (switches)?

The switch is mean to be a compliment to the wireless feature set. It does not, to my knowledge, have the same features that the access points have running the same code version (6.0r2). Meaning that I dont think it gives you the Application Layer Visibility (L7) to see what type of traffic is being used on your wired ports (regardless of the code version running as of now).

http://www.aerohive.com/pdfs/Aerohive...

Enhancements to the robust enforcement capabilities on Aerohive access points brings application visibility and control for traffic shaping as well as stateful firewall policies, which adds the ability to optimize user experience for nearly 1000 applications.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
The switch would have to copy each flow to the CPU, which would then have to be processed, in order to get full L7 visibility. At that point, it would likely be a significant performance bottleneck, so it is typically not done today in any switching hardware. (Can Aerohive do it, who knows? They might have something smart up their sleeves, perhaps a hybrid model where only the start of a flow is copied limiting impact.)

The usual compromise is NetFlow / sFlow, neither of which are, are far as I am aware, supported by Aerohive's switching today. Hopefully the hardware is also capable of this but I have been unable to determine this.

Additionally, I am under the impression that the hardware being used is wirespeed at L2 only and does not implement TCAM based L3 IP routing at wirespeed today. At present, it appears that routing is implemented by copying the packets to the CPU so that it can be performed in software. If the hardware has the potential to support this, it is certainly not documented, but hopefully it can.
Photo of John Hoover

John Hoover

  • 6 Posts
  • 0 Reply Likes
We're on 6.0r1 on both HMOL and the switch.

If the data isn't actually available, that's unfortunate. I was really hoping that info could be displayed as it appeared to be in the webinar and the blog entry announcing the switch, here: http://blogs.aerohive.com/blog/the-wi....

I was considering making the switch the "core" of each of my 100+ branch offices, which also have AP330s, but I'd really want to have app visibility on both wired and wireless clients, or Netflow/sFlow as an absolute minimum. If I don't have that, I have far less of a business case to replace the existing switches in these office that also don't support any L7 visibility. (POE+ and Gigabit aren't probably enough to justify it, sadly).

I guess I'm glad to see that I'm not just missing things or crazy, but I wish the functionality was there. Is the CPU in the AP330 that much more powerful than the one in the switch? If not, why does it have L7 visibility and QOS while the switch doesn't?

My internet connection, which is the one I'm really worried about getting L7 info on, won't be anywhere near wirespeed on a GigE switch, most of our branches are on 10Mbps internet connections. The vast majority of internal communication will be to printers.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Is the CPU in the AP330 that much more powerful than the one in the switch? If not, why does it have L7 visibility and QOS while the switch doesn't?

You need to look at the potential maximum aggregate throughput which is significantly higher on a switch than an AP which is what makes me sceptical that this can be achieved. It may be that this is a feature that is coming down the line though.

My internet connection, which is the one I'm really worried about getting L7 info on, won't be anywhere near wirespeed on a GigE switch, most of our branches are on 10Mbps internet connections. The vast majority of internal communication will be to printers.

It might be coming, there might well be the potential for a 'nominated port' type solution here or something where the Aerohive switch acts as the default gateway or intercepts and inspects traffic to/from the default gateway.
Photo of Chris Ellis

Chris Ellis

  • 8 Posts
  • 2 Reply Likes
I'm by no means an Aerohive expert, but have the following general points which may be of interest to you.

You ask: "Is the CPU in the AP330 that much more powerful than the one in the switch? If not, why does it have L7 visibility and QOS while the switch doesn't?"

Here it is important to consider the total throughput which needs to be processed by the CPU. In an access point this is actually negligible in comparison to a switch.

Wireless communications are by nature a broadcast medium, only one device can utilise the 'air' at a time.

As such the maximum amount of data processed by an access point is 0.9Gb/s: that is 3x 150Mb/s streams at 2.4GHz and 5GHz.

Lets compare this with a 24 port Gigabit Ethernet switch. Here the CPU has to deal with 48Gb/s: that is 24 ports at 1Gb/s in full duplex.

In overly simplistic terms we can assume that for the switch to achieve everything in software, it would need a CPU which is 54 times as powerful.

In reality, this is not achievable, most switches instead offload the bulk processing into hardware. Where decisions (in comparative terms to CPU) can be made instantaneously.

May I also suggest, that if you are only interested in the activity of your Internet connection. Then that job is the responsibility of the router you are using. I personally favour a Linux box for this kind of task, highly configurable if you want to invest your time.

If you don't care about inter-machine traffic on the local network, then throw in a cheap unmanaged switch. However be aware of the consequences of doing this.
Photo of John Hoover

John Hoover

  • 6 Posts
  • 0 Reply Likes
I understand the aggregate throughput being much larger for a switch. My use case is probably abnormal, but I don't have any control or visibility on the routers. We are part of State Government, and all WAN connectivity is handled by a different agency.

We have some central monitoring and QOS in the main office, but that requires tunneling all traffic back to the main office and running it through the L7 inspection and QOS box, which was plenty large enough when we had 56K frame relay or even T1 lines to each of the 100+ branch offices, but now that we have 10Mb to most locations, it's both much more difficult, and extremely expensive to find a single box that can handle all traffic for the entire state. I could put smaller boxes at each location, but that doesn't really solve anything from a managment or cost perspective.

As far as not caring about the inter-machine traffic on the local network, that's not really the case. But if I can only have visibility into what's going happening on one port at each office, that'd be the port I'd choose. Each of these branch offices consists of anywhere from 2 PCs and a small network printer, to 100+ PCs and dozens of printers. Majority of the local inter-machine traffic that should be going on is between those PCs and printers.

I care far more about the traffic back to the main office via the WAN, because that's where the internet connection and the servers that host all the applications the users access are. It's also the connection that's the most constrained, typically being 1/10 to 1/100th of the bandwidth of the LAN connections. Putting in unmanaged switches is as ridiculous a suggestion as just removing the network all together.

I was confused when I looked at the blog posting and watched the introductory webinar. I thought that the switches could do something that they apparently can't. I got excited when I heard the price point was only slightly more than what we paid for switches with far less functionality right now. I'd love to see something that offers the monitoring and QOS from the APs in the switches, or, failing that, Netflow/sFlow functionality at a minimum.
Thanks!
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Well, good news, apparently... I was wrong to be so sceptical and the switches have the hardware to do this, albeit with some performance hit (surprisingly small). It is obviously not implemented in the public releases of HiveOS today but it is likely to be coming because of the hardware used. (Hopefully soon!)
Photo of Brian Powers

Brian Powers, Champ

  • 396 Posts
  • 92 Reply Likes
John,

Did a little digging and after talking with my local Aerohive SE, it'd seem the BR200 has the capabilities of the AVC on the 4 GigE ports as well as the wireless side. I'm not sure if this would help with all of your offices, but the smaller ones (where you said 2 PCs and a printer) might could benefit from this...

I havent been able to produce any dashboard data from the ethernet ports on the BR200 yet, but I just got one setup to test with.

Anyways I figured I'd let you know and I'd discuss it more with your local Aerohive SE to confirm our findings from this end.
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
Just to clarify Brian's last note, the BR200 platform offers application visibility in 6.0r2. QoS and firewall controls for the router platform is planned for a future release.
Photo of John Hoover

John Hoover

  • 6 Posts
  • 0 Reply Likes
Thanks for all the replies so far! I'm hoping that this can come to fruition.

Andy, can you comment at all on Nick's post above that says this functionality is coming in a future version of HiveOS for the switching platform?

I'd still need to test whatever it ends up being, but if I could even get sFlow (or sFlow type) functionality, it would probably be enough for me to pull the trigger on a hundred or more of the switches.

I'll look into the BR200 as well, as the smaller offices could probably be serviced by something like that.
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
I think you should expect that they will not comment on their future plans, which is fair enough. (I have been told this more than once before, and I should take the hint!)
Photo of Daniel

Daniel

  • 14 Posts
  • 4 Reply Likes
But please do reach out directly to us. Unfortunately that route can’t bring the information back here. :)
Photo of Daniel

Daniel

  • 14 Posts
  • 4 Reply Likes
Unfortunately we can't share future product direction on this Forum, so I have to stay within very vague terms. Please reach out to us thru the traditional means so we can discuss hardware capabilities not yet exposed and other upcoming functionality.

The Switches already provide a lot of information around users but it’s quite clear that AVC is very interesting. Please help us understand what your use cases look like so we can make sure what we are working on will address your needs.
Photo of John Hoover

John Hoover

  • 6 Posts
  • 0 Reply Likes
Thanks a lot for your replies. I've reached out to our rep and look forward to discussing this.