Table Of ContentCascade® Profiler and Cascade® Express
Appliance User’s Guide
Version 10.5
October 2013
© 2013 Riverbed Technology. All rights reserved.
Accelerate®, AirPcap®, AppResponse Xpert®, BlockStream™, Cascade®, Cloud Steelhead®, Granite™, Interceptor®, RiOS®, Riverbed®,
Shark®, SkipWare®, Steelhead®, TrafficScript®, TurboCap®, Virtual Steelhead®, Whitewater®, WinPcap®, Wireshark®, and Stingray™
are trademarks or registered trademarks of Riverbed Technology, Inc. in the United States and other countries. Riverbed and any Riverbed
product or service name or logo used herein are trademarks of Riverbed Technology. All other trademarks used herein belong to their respective
owners. The trademarks and logos displayed herein cannot be used without the prior written consent of Riverbed Technology or their respective
owners.
F5, the F5 logo, iControl, iRules and BIG-IP are registered trademarks or trademarks of F5 Networks, Inc. in the U.S. and certain other
countries. Linux is a trademark of Linus Torvalds in the United States and in other countries. VMware, ESX, ESXi are trademarks or registered
trademarks of VMware, Incorporated in the United States and in other countries.
Portions of Cascade® products contain copyrighted information of third parties. Title thereto is retained, and all rights therein are reserved, by
the respective copyright owner. PostgreSQL is (1) Copyright © 1996-2009 The PostgreSQL Development Group, and (2) Copyright © 1994-
1996 the Regents of the University of California; PHP is Copyright © 1999-2009 The PHP Group; gnuplot is Copyright © 1986-1993, 1998,
2004 Thomas Williams, Colin Kelley; ChartDirector is Copyright © 2007 Advanced Software Engineering; Net-SNMP is (1) Copyright ©
1989, 1991, 1992 Carnegie Mellon University, Derivative Work 1996, 1998-2000 Copyright © 1996, 1998-2000 The Regents of The
University of California, (2) Copyright © 2001-2003 Network Associates Technology, Inc., (3) Copyright © 2001-2003 Cambridge Broadband
Ltd., (4) Copyright © 2003 Sun Microsystems, Inc., (5) Copyright © 2003-2008 Sparta, Inc. and (6) Copyright © 2004 Cisco, Inc. and
Information Network Center of Beijing University of Posts and Telecommunications, (7) Copyright © Fabasoft R&D Software; Apache is
Copyright © 1999-2005 by The Apache Software Foundation; Tom Sawyer Layout is Copyright © 1992 - 2007 Tom Sawyer Software; Click
is (1) Copyright © 1999-2007 Massachusetts Institute of Technology, (2) Copyright © 2000-2007 Riverbed Technology, Inc., (3) Copyright
© 2001-2007 International Computer Science Institute, and (4) Copyright © 2004-2007 Regents of the University of California; OpenSSL is
(1) Copyright © 1998-2005 The OpenSSL Project and (2) Copyright © 1995-1998 Eric Young ([email protected]); Netdisco is (1) Copyright
© 2003, 2004 Max Baker and (2) Copyright © 2002, 2003 The Regents of The University of California; SNMP::Info is (1) Copyright © 2003-
2008 Max Baker and (2) Copyright © 2002, 2003 The Regents of The University of California; mm is (1) Copyright © 1999-2006 Ralf S.
Engelschall and (2) Copyright © 1999-2006 The OSSP Project; ares is Copyright © 1998 Massachusetts Institute of Technology; libpq++ is
(1) Copyright © 1996-2004 The PostgreSQL Global Development Group, and (2) Copyright © 1994 the Regents of the University of
California; Yahoo is Copyright © 2006 Yahoo! Inc.; pd4ml is Copyright © 2004-2008 zefer.org; Rapid7 is Copyright © 2001-2008 Rapid7
LLC; CmdTool2 is Copyright © 2008 Intel Corporation; QLogic is Copyright © 2003-2006 QLogic Corporation; Tarari is Copyright © 2008
LSI Corporation; Crypt_CHAP is Copyright © 2002-2003, Michael Bretterklieber; Auth_SASL is Copyright © 2002-2003 Richard Heyes;
Net_SMTP is Copyright © 1997-2003 The PHP Group; XML_RPC is (1) Copyright © 1999-2001 Edd Dumbill, (2) Copyright © 2001-2006
The PHP Group; Crypt_HMAC is Copyright © 1997-2005 The PHP Group; Net_Socket is Copyright © 1997-2003 The PHP Group;
PEAR::Mail is Copyright © 1997-2003 The PHP Group; libradius is Copyright © 1998 Juniper Networks. This software is based in part on the
work of the Independent JPEG Group the work of the FreeType team.
This documentation is furnished "AS IS" and is subject to change without notice and should not be construed as a commitment by Riverbed
Technology. This documentation may not be copied, modified or distributed without the express authorization of Riverbed Technology and
may be used only in connection with Riverbed products and services. Use, duplication, reproduction, release, modification, disclosure or
transfer of this documentation is restricted in accordance with the Federal Acquisition Regulations as applied to civilian agencies and the
Defense Federal Acquisition Regulation Supplement as applied to military agencies. This documentation qualifies as "commercial computer
software documentation" and any use by the government shall be governed solely by these terms. All other use is prohibited. Riverbed
Technology assumes no responsibility or liability for any errors or inaccuracies that may appear in this documentation.
Individual license agreements can be viewed at the following location: https://<appliance_name>/license.php
This manual is for informational purposes only. Addresses shown in screen captures were generated by simulation software and are for
illustrative purposes only. They are not intended to represent any real traffic or any registered IP or MAC addresses.
Riverbed Technology
199 Fremont Street
San Francisco, CA 94105
Phone: 415.247.8800
Fax: 415.247.8801 Part Number
Web: http://www.riverbed.com 712-00060-14
Contents
Introduction.................................................................................................................................................1
About This Guide.............................................................................................................................................1
Types of Users...........................................................................................................................................1
Organization of This Guide.......................................................................................................................2
Document Conventions.............................................................................................................................2
Product Dependencies and Compatibility........................................................................................................3
Hardware and Software Dependencies......................................................................................................3
Ethernet Network Compatibility...............................................................................................................3
SNMP-Based Management Compatibility................................................................................................4
Contacting Riverbed.........................................................................................................................................4
Internet.......................................................................................................................................................4
Technical Support......................................................................................................................................4
Professional Services.................................................................................................................................4
Documentation..........................................................................................................................................4
Chapter 1 - Overview..................................................................................................................................5
Overview of Profiler and Express appliances...................................................................................................5
Information sources..........................................................................................................................................6
NetFlow, sFlow, and IPFIX sources..........................................................................................................7
Behavior analysis..............................................................................................................................................8
Alerting and notification...................................................................................................................................9
Alerting......................................................................................................................................................9
Notification..............................................................................................................................................10
Traffic profiles................................................................................................................................................10
Host groups.....................................................................................................................................................10
Port groups......................................................................................................................................................11
Interface groups..............................................................................................................................................11
Applications....................................................................................................................................................12
Traffic reporting..............................................................................................................................................12
Shortcuts page.........................................................................................................................................12
Cascade Profiler and Cascade Express User’s Guide iii
Contents
Traffic Report pages................................................................................................................................12
Quick report box.............................................................................................................................................13
Left-clicking............................................................................................................................................13
Right-clicking..........................................................................................................................................13
User interface..................................................................................................................................................14
Home pages.............................................................................................................................................14
Other GUI pages......................................................................................................................................16
Getting help....................................................................................................................................................19
Chapter 2 - Configuration........................................................................................................................21
Accessing the user interface...........................................................................................................................21
Logging in and out...................................................................................................................................21
User interface preferences..............................................................................................................................22
Data section.............................................................................................................................................23
Autocomplete section..............................................................................................................................23
Date and Time Formatting section..........................................................................................................23
Miscellaneous section..............................................................................................................................24
Account Management.....................................................................................................................................24
User Accounts.........................................................................................................................................24
RADIUS Settings....................................................................................................................................28
ODBC DB Access...................................................................................................................................29
Passwords.......................................................................................................................................................30
Integration.......................................................................................................................................................31
Mitigation.......................................................................................................................................................31
Flow log..........................................................................................................................................................31
Flow log disk space balancing.................................................................................................................32
Reporting time frames.............................................................................................................................32
Packet capture (Express 460 only).................................................................................................................33
Adding a capture job...............................................................................................................................33
Managing capture jobs............................................................................................................................36
Exporting a packet capture file................................................................................................................36
Profiler Export (Express only)........................................................................................................................39
Profilers tab.............................................................................................................................................39
Exported Interfaces tab............................................................................................................................40
Licenses (except Profiler-VE)........................................................................................................................41
Pilot licensing..........................................................................................................................................41
Licenses (Profiler-VE only)............................................................................................................................42
General settings..............................................................................................................................................43
Management Interface Configuration......................................................................................................44
Name Resolution.....................................................................................................................................44
Aux Interface Configuration (Express only)...........................................................................................46
Static Routes (Express only)...................................................................................................................47
Monitor Interface Configuration (Express only).....................................................................................48
iv Cascade Profiler and Cascade Express User’s Guide
Contents
Packet Deduplication (Express only)......................................................................................................48
Time Configuration.................................................................................................................................48
Data Sources (Cascade Express only).....................................................................................................49
SNMP MIB Configuration......................................................................................................................50
Outgoing Mail Server (SMTP) Settings..................................................................................................50
Inside Address Configuration..................................................................................................................51
Security Module Configuration...............................................................................................................51
Report Data Management........................................................................................................................52
Service Management...............................................................................................................................52
Chapter 3 - Monitoring Services.............................................................................................................53
Overview........................................................................................................................................................53
Service dashboard...........................................................................................................................................53
Service Health widget..............................................................................................................................55
Service Health by Location widget.........................................................................................................56
Service Map widget.................................................................................................................................57
Service reports................................................................................................................................................57
Overall Performance Report....................................................................................................................58
Service Performance Report....................................................................................................................59
Service Incident Report...........................................................................................................................62
Location Performance Report..................................................................................................................64
Location Incident Report.........................................................................................................................66
Managing services..........................................................................................................................................69
Chapter 4 - Definitions.............................................................................................................................71
Applications....................................................................................................................................................71
Layer 7 Fingerprints................................................................................................................................71
Layer 4 Mappings....................................................................................................................................72
Host groups.....................................................................................................................................................73
Host grouping pages................................................................................................................................73
Defining host groups...............................................................................................................................75
Managing host group types.....................................................................................................................77
Interface groups..............................................................................................................................................78
Port names......................................................................................................................................................79
Port groups......................................................................................................................................................79
DSCP..............................................................................................................................................................80
Sensors/Sharks and Steelheads.......................................................................................................................81
WAN...............................................................................................................................................................82
Chapter 5 - Enterprise Integration..........................................................................................................83
Steelhead QoS Shaping...................................................................................................................................83
Export Steelhead statistics to Profiler or Express....................................................................................84
Grant access to the Steelhead REST API................................................................................................85
Cascade Profiler and Cascade Express User’s Guide v
Contents
Poll the Steelhead....................................................................................................................................87
Verify configuration information.............................................................................................................88
Vulnerability scanning....................................................................................................................................88
Types of vulnerability scans....................................................................................................................89
Configuring automatic scans...................................................................................................................89
Manually initiating a vulnerability scan..................................................................................................91
External links..................................................................................................................................................91
Host switch port discovery.............................................................................................................................92
API access.......................................................................................................................................................92
Identity sources...............................................................................................................................................93
Load balancers................................................................................................................................................93
DHCP integration...........................................................................................................................................94
Lease data file format..............................................................................................................................94
Transfer mechanism................................................................................................................................95
Update intervals.......................................................................................................................................96
Chapter 6 - System Verification...............................................................................................................97
System information.........................................................................................................................................97
Storage status...........................................................................................................................................98
Data sources....................................................................................................................................................99
Device/Interface Tree tab......................................................................................................................100
Interfaces tab.........................................................................................................................................101
Devices tab............................................................................................................................................102
Synchronization tab...............................................................................................................................103
Audit trail......................................................................................................................................................105
Report Criteria.......................................................................................................................................105
Report results.........................................................................................................................................108
Activity Types and Subtypes.................................................................................................................113
Shutdown/Reboot.........................................................................................................................................120
Update...........................................................................................................................................................120
Backup..........................................................................................................................................................121
Backup Status........................................................................................................................................122
Excluded file types................................................................................................................................122
Backup location.....................................................................................................................................122
Notification............................................................................................................................................122
Running the backup operation...............................................................................................................122
Manual Backup and Restore..................................................................................................................123
Chapter 7 - Service Policies..................................................................................................................125
Overview......................................................................................................................................................125
The Services Policies page...........................................................................................................................126
Configured Policies section...................................................................................................................126
Tune Policies section.............................................................................................................................128
vi Cascade Profiler and Cascade Express User’s Guide
Contents
Chapter 8 - Performance and Availability Policies..............................................................................133
Overview......................................................................................................................................................133
Types of policies...........................................................................................................................................133
Application Availability policies...........................................................................................................134
Application Performance policies.........................................................................................................135
Link Congestion policies.......................................................................................................................135
Link Outage policies..............................................................................................................................137
Managing policies.........................................................................................................................................138
Managing configured policies...............................................................................................................138
Creating or Editing Performance and Availability policies...................................................................140
Creating new performance and availability policies....................................................................................143
Tuning a policy.............................................................................................................................................144
Chapter 9 - User-defined Policies.........................................................................................................145
Overview......................................................................................................................................................145
Pre-defined policies......................................................................................................................................146
Defining policies...........................................................................................................................................147
Setting alerting thresholds............................................................................................................................149
Chapter 10 - Security Policies...............................................................................................................151
Overview......................................................................................................................................................151
Security event detection................................................................................................................................152
Security profiles............................................................................................................................................153
Types of security profiles......................................................................................................................154
Changing security profiles.....................................................................................................................154
Tuning alerting..............................................................................................................................................155
Alerting thresholds.......................................................................................................................................155
Specifying alerting thresholds...............................................................................................................155
Requirements for matching an alerting rule..........................................................................................156
Precedence of alerting threshold rules...................................................................................................157
Tools for managing alerts.............................................................................................................................157
Notifications of security events....................................................................................................................157
Chapter 11 - Health Policies..................................................................................................................159
Sensor Problem.............................................................................................................................................159
Storage Problem............................................................................................................................................160
Chapter 12 - Notifications......................................................................................................................161
Overview......................................................................................................................................................161
Adding recipients..........................................................................................................................................162
Cascade Profiler and Cascade Express User’s Guide vii
Contents
Assigning notifications to recipients............................................................................................................163
Chapter 13 - Reporting...........................................................................................................................165
Overview......................................................................................................................................................166
Quick reports................................................................................................................................................167
Shortcuts to reports.......................................................................................................................................168
Built-in reports.......................................................................................................................................169
Custom reports.......................................................................................................................................169
Service reports..............................................................................................................................................171
Traffic reports..............................................................................................................................................171
Report Criteria section...........................................................................................................................172
“Report by” options...............................................................................................................................173
Traffic report section.............................................................................................................................175
WAN Optimization reports...........................................................................................................................175
Site reports.............................................................................................................................................177
Intersite reports......................................................................................................................................177
Overall reports.......................................................................................................................................178
Top Talkers reports.......................................................................................................................................179
Report Criteria section...........................................................................................................................180
Traffic Report section............................................................................................................................180
Event reports.................................................................................................................................................181
Report Criteria section...........................................................................................................................182
Event Report section..............................................................................................................................183
Event Details reports....................................................................................................................................185
Viewing with an Event Viewer account................................................................................................187
Steelhead QoS shaping policy reports..........................................................................................................187
Running a report....................................................................................................................................188
Steelhead QoS Summary reports...........................................................................................................188
Steelhead QoS Shaping reports.............................................................................................................193
Steelhead QoS Shaping report for an aggregated class.........................................................................194
Steelhead QoS Shaping report for a site................................................................................................200
Steelhead QoS Shaping report for a class at a specified site.................................................................206
Active Directory Users reports.....................................................................................................................212
Report Criteria section...........................................................................................................................213
Report section........................................................................................................................................213
Saved reports................................................................................................................................................214
Reports section......................................................................................................................................215
Templates section..................................................................................................................................215
General Information reports.........................................................................................................................216
Application Information reports............................................................................................................216
Interface Information reports.................................................................................................................219
Device Information reports....................................................................................................................221
Interface Group Information reports.....................................................................................................222
Host Information reports.......................................................................................................................223
viii Cascade Profiler and Cascade Express User’s Guide
Contents
Host Group Information reports............................................................................................................224
Server Information reports....................................................................................................................225
Network Segment Information reports..................................................................................................227
DSCP Information reports.....................................................................................................................228
Investigation reports.....................................................................................................................................228
Service Level Objective reports............................................................................................................229
Performance Investigation reports.........................................................................................................232
95th Percentile report............................................................................................................................234
SDN (Software-defined Networks) Reports.................................................................................................235
VXLAN technology..............................................................................................................................236
VXLAN Summary Report.....................................................................................................................236
Virtual Network Information Report.....................................................................................................240
Tunnel Endpoint Information Report....................................................................................................242
VoIP reports..................................................................................................................................................246
VoIP Performance report.......................................................................................................................246
VoIP Dependencies - Signaling report..................................................................................................251
VoIP Dependencies - Calls report..........................................................................................................254
Audit Trail reports........................................................................................................................................254
Analyzing packet information with Cascade Pilot.......................................................................................256
Prerequisites..........................................................................................................................................256
Analyzing Cascade Shark or Express 460 packet information.............................................................257
Exporting Cascade Shark packet information.......................................................................................258
Packet reporting and export with Cascade Sensor........................................................................................260
Viewing Sensor packet information......................................................................................................260
Exporting Sensor packet information....................................................................................................261
Chapter 14 - Mitigation...........................................................................................................................263
Introduction..................................................................................................................................................263
Switch Mitigation..................................................................................................................................264
Router Mitigation..................................................................................................................................264
Using the mitigation feature..................................................................................................................266
Trusted hosts setup........................................................................................................................................266
Switch mitigation setup................................................................................................................................267
Field descriptions...................................................................................................................................268
Modifying switch setups........................................................................................................................268
Router mitigation setup................................................................................................................................269
Field descriptions...................................................................................................................................269
Modifying and testing router setups......................................................................................................270
Enabling mitigation plan generation.............................................................................................................270
Managing mitigation actions........................................................................................................................271
Activating mitigation actions................................................................................................................272
Deactivating mitigation actions.............................................................................................................273
Managing mitigation plans...........................................................................................................................273
Working with Plans and Actions...........................................................................................................275
Cascade Profiler and Cascade Express User’s Guide ix
Contents
Chapter 15 - Appliance Security...........................................................................................................277
Overview......................................................................................................................................................277
Password Security.........................................................................................................................................278
Security Compliance.....................................................................................................................................279
Operational modes.................................................................................................................................279
Accounts................................................................................................................................................283
Access....................................................................................................................................................284
Encryption Key Management.......................................................................................................................285
Displays and controls on the page.........................................................................................................285
Replacing Keys and Certificates...........................................................................................................287
Replacing SSH keys.....................................................................................................................................288
Regenerating an SSH key pair...............................................................................................................288
Changing SSH key pair.........................................................................................................................288
Replacing SSL certificates............................................................................................................................289
Replacing the MNMP SSL certificate...................................................................................................289
Replacing the Identityd SSL certificate.................................................................................................296
Replacing the Apache SSL certificate...................................................................................................302
SSL certificate requirements.................................................................................................................305
Appendix A - SNMP Support.................................................................................................................307
Trap summary...............................................................................................................................................307
Variables common to all Cascade Profiler and Cascade Express traps........................................................308
Additional trap variables..............................................................................................................................310
Denial of Service/Bandwidth Surge trap variables...............................................................................310
Suspicious Connection trap variables....................................................................................................310
New Server Port trap variables..............................................................................................................311
Performance, Availability, and User-defined trap variables..................................................................311
Service trap variables............................................................................................................................311
Storage Problem trap variables..............................................................................................................311
Cascade Profiler and Cascade Express appliance MIB................................................................................312
Versions 1 and 2c...................................................................................................................................312
Version 3................................................................................................................................................312
Examples...............................................................................................................................................312
Appendix B - Backup and Restore........................................................................................................315
Overview......................................................................................................................................................315
Profiler and Profiler-VE...............................................................................................................................315
Backup requirements.............................................................................................................................315
Restore requirements.............................................................................................................................316
Backing up a Standard Profiler or a Profiler-VE...................................................................................317
Restoring a Standard Profiler or a Profiler-VE.....................................................................................318
Backing up an Enterprise Profiler.........................................................................................................319
Restoring an Enterprise Profiler............................................................................................................320
Express and Express 460..............................................................................................................................321
x Cascade Profiler and Cascade Express User’s Guide
Description:Portions of Cascade® products contain copyrighted information of third parties. Copyright © 1999-2005 by The Apache Software Foundation; Tom Sawyer Cascade Profiler and Cascade Express User's Guide Pilot licensing .
