Meraki

AndyWettersten · ‎Oct 12 2021

So I had an interesting situation today and was wondering what more could be done.

I have an MX 100 and a 200/200 fiber connection coming in.

I noticed our Internet lagging, so I started a continuous ping to 8.8.8.8 and was getting maybe 30% loss. I checked the dashboard and there was a spike in the "Live data" section of the appliance. I ran a speed test and my downloads were testing around 10-15MB but my uploads were still l180-190. It lasted maybe 15 minutes and then subsided and all went back to normal.

What I'm wondering is this - how can you detect a client with high usage in real time? I can check the client list, filter by usage, and set it to the last two hours, but this isn't helpful with a real-time problem. Furthermore, we have a lot of devices on network that view security cameras, so total usage for many clients is always excessively high, thus making identifying a new additions somewhat problematic.

Thoughts?

BrandonS · ‎Oct 12 2021

To get closer to real time or live analysis I think you will need to employ netflow and/or send network flows to a syslog server for further analysis with another tool. I have not done it myself, but understand generally it should be possible and maybe someone else can chime in with preferred tools for the analysis and monitoring.

- Ex community all-star (⌐⊙_⊙)

PhilipDAth · ‎Oct 12 2021

I do a packet capture of the Internet port for a couple of minutes. Then load it into Wireshark. Then go Analyse/Conversations and click on TCP. Sort by the bytes column.

AndyWettersten · ‎Oct 13 2021

Oooooh, good idea. But won't capturing the WAN port just give you destinations of the traffic, not the client that's originating it? Would it be better to packet capture the LAN port instead?

PhilipDAth · ‎Oct 13 2021

Capturing on the LAN port works well as long as most of your traffic is going to the Internet. If you do a lot of inter-vlan routing then it gets swamped by that traffic.

AndyWettersten · ‎Oct 14 2021

Most traffic is headed out. If you're capturing on the WAN port, how can you identify an individual LAN client though? All I was seeing in the packet capture was the Internet destination, but not the client that initiated the traffic.

lpopejoy · ‎Dec 28 2023

I agree, this is one of the biggest weaknesses of the MX. A better real time view of conversations (without a packet capture) would be extremely helpful.

CptnCrnch · ‎Jan 2 2024

NetFlow to the rescue! I know it's only a workaround, but MX is able to export NetFlow and you could have (even Open Source) systems that will do that job just perfectly for you.

lpopejoy · ‎Jan 2 2024

But then we are left with a requirement of being able to setup some type of infrastructure to consume the netflows inside the network. There are so many edge cases, branch sites, etc - Netflow doesn't really help me.

I have over 150 networks - I need a scalable solution to quickly and effectively answer the question: "Where is bandwidth going RIGHT NOW". It would be dead simple for Meraki to have better real time visibility, but they have chosen not to fix this for reasons that escape me.

Meraki

Community

Real time high usage

Real time high usage