Do you know how to define your own Cisco NBAR applications?

In today’s networks, application recognition is no longer one of those ‘nice to have’ options when it comes to traffic monitoring, it is a necessity.

Many vendors are now exporting application definitions in their flow exports.

Using NBAR,  applications like H.323, Telnet, RTP, Exchange and Skype can all be identified. Additionally, if you are running IOS release 15.1 or higher, can be exported in NetFlow exports.

On a call last week, a customer was looking at various NBAR reports, and seeing a significant amount of traffic showing up as “unknown”, and was wondering what this traffic was and what was the best approach for handling it.

The best way to reduce the amount of “unknown” traffic is twofold.

1. Read more »

Visit our website to download a 30 day trial of Scrutinizer

Join the NetFlow Developments group on LinkedIn.

The other day we solved a unique customer problem when we figured out that we could monitor IP SLA with Flexible NetFlow instead of SNMP.

What was the problem?

The customer wanted to monitor latency using Cisco Medianet Performance Monitoring but, because the round trip time (RTT) is only calculated during the initial TCP hand shake and then stays up all day, a continuous latency reading could not be obtained.

Read more »

Visit our website to download a 30 day trial of Scrutinizer

Join the NetFlow Developments group on LinkedIn.

I have taken many calls regarding NetFlow traffic monitoring as it relates to the Cisco Catalyst 6500 switch.

This device even became the subject of a Mix Master Mitch video.

We have been talking a great deal lately about the introduction of Flexible NetFlow, and how it has allowed for the flow technology to move toward more advanced NetFlow analysis and reporting.

Good News!

Read more »

Visit our website to download a 30 day trial of Scrutinizer

Join the NetFlow Developments group on LinkedIn.

What do network performance analysis and snowmobiling have in common?

Nothing, unless you are attending FlowFest™ 2012.

You know about NetFlow. But do you need to know more? Do you need to get a NetFlow solution in place? Could you better serve your company with advanced knowledge of NetFlow from the industry leader in NetFlow collecting and reporting?

FlowFest™ 2012 – Advanced NetFlow Training course, is a 2-day conference to learn what is possible with the NetFlow technology.

Read more »

Visit our website to download a 30 day trial of Scrutinizer

Join the NetFlow Developments group on LinkedIn.

Are you looking to setup Cisco TrustSec NetFlow exports (CTS) or to report on them? This blog covers how to enable CTS NetFlow exports on the Catalyst 6500 series switch.

Read more »

Visit our website to download a 30 day trial of Scrutinizer

Join the NetFlow Developments group on LinkedIn.

While doing a demonstration of the reporting capabilities of Scrutinizer last week, I had a customer ask, “How can I monitor Netflix traffic?”

There are a couple of ways that this can be done.

If you have Cisco routers, and are running IOS 15.1 or higher, there is an option to enable NBAR. Using Flexible NetFlow, we create a user defined flow template by adding the collect NBAR application option parameters to the flow record. Then it is just a matter of selecting the NBAR report filters available in Scrutinizer.

But I would like to show you a way to use a template option to capture and pass URL’s. We will be using nProbe to capture traffic from an interface on a device and export IPFIX templates to Scrutinizer.

The set up of nProbe is a simple process of using command line options to configure the template and create and start a nProbe service.

Once we see the device and interfaces in Scrutinizer, it is just a matter of adding filters to the report to isolate the Netflix traffic.

Read more »

Visit our website to download a 30 day trial of Scrutinizer

Join the NetFlow Developments group on LinkedIn.

At the support desk we often help customers set up configurations to enable NetFlow and sFlow on a number of different device types. The device types always seem to come in waves, or what I call, “the flavor of the week.” Last week I set up a number of Cisco ASA firewalls. This week I have been setting up a bunch of Cisco 6500 Catalyst Series Switches.

Often customers initially set these Cisco switches up with the traditional NetFlow commands and then see traffic under reported when looking at details from our NetFlow reporting tool. Read more »

Using Flexible NetFlow (FnF) to configure user defined templates, you have the ability to export layer 2 information such as MAC address, fragment identification and VLAN ID’s.

Using the right NetFlow and sFlow Analysis tool, gives you the ability to fully report on those user defined fields set up in the Flexible NetFlow templates.

Included in the reporting engine in Scrutinizer v8 is an advanced filter that lets you filter any report on any field found in the exported NetFlow template. 

Scrutinizer is currently the only product on the market that lets you do this.

Using the Advanced Filter, lets see how we can use those layer 2 user defined fields to filter a Conversation report on a MAC address and then exclude an interface from the report.

Read more »

One of the cool new features added to the reporting engine in the latest release of our NetFlow and sFlow Analysis tool is the Advanced Filter option. This filter lets you filter the data in any report on any field that is present in the exported template. So filtering reports on things like MAC addresses and Vlan ID’s are all possible.

Let’s take a look at a cool use of the MAC address filter.

We have our Cisco wireless access point plugged into our Enterasys N series NetFlow capable switch.  This allows us to look at the volume of traffic coming from the wireless devices.

The above is useful, but I wanted to narrow in on the hand held devices.  Specifically, I wanted to find out how much traffic is placed on the network when a person streams a NetFlix movie to their hand held.

Read more »

Why is my NetFlow Analyzer reporting interface use over 100%?

This is a question that comes across the tech support desk all the time.

Let’s take a look at how this can happen.

I am going to start with some of the simple causes first.

Is the bandwidth on the interface burstable?

If it is, the over-utilization could be real.

Is the port speed set on the interface correct? 

Our NetFlow Analysis tool uses SNMP to get the device/interface names and the port speeds of all interfaces. If the port speed is not correct, you can go to Admin Tab/Definitions/Device Details to set a custom port speed.

Read more »