Best Practices for Application Delivery Analysis

Best Practices for Application Delivery Analysis

Application Delivery Analysis monitors specific types of traffic. Filter the traffic to reduce volume as much as possible.

• Access-layer switches carry the application (TCP) data that Application Delivery Analysis monitors.
• Use port SPAN and source only from the ports that are directly connected to servers of interest.
• Use VACLs to allow only TCP traffic. If you are unsure which ports your applications run on, use server IP addresses. After Application Delivery Analysis identifies the application ports, modify the VACL to allow only the ports that Application Delivery Analysis monitors.
• Apply destination filtering or capture port filtering to specify which VLANs exit a destination or capture port. Use this type of filtering on a distributed Application Delivery Analysis system to send VLANs to different collection devices with a single session. One SPAN session can have multiple destination interfaces.
• For monitoring VLANS in a virtual environment:
  • If you have separate VLANs for front-end servers (traffic coming from outside the ESX) and back-end servers (internal traffic inside the ESX), mirror the front-end server traffic to a physical monitoring device.
  • If you do not have separate VLANs for front-end and back-end servers, mirror all the traffic in the ESX and mirror the external traffic coming to the ESX to a physical collector, then “pin” the front-end servers to the physical monitoring device.
• When you use two core switches to load-balance a server, assign the server to the two Application Delivery Analysis monitors mirrored off each switch. Application Delivery Analysis combines the metrics from both monitors when reporting the traffic. For information about assigning a server to more than one monitor feed, see the CA Application Delivery Analysis Administrator Guide or online help.
• Do not feed traffic that is captured on either side of a firewall to the same Application Delivery Analysis monitor. The firewall may disrupt the order of the TCP sequence numbers, making it impossible for Application Delivery Analysis to correlate associated sequences.

More information:

Configuring Multiple Ports to Capture Data