In Part 6 of our NetFlow V9 overview series, I will be talking about the Cisco routers that support NetFlow and the IOS releases that you need to be deployed on to get NetFlow configured.

In this blog series we have seen how the NetFlow packets are delivered to the collector and what is contained within each packet. Now let’s take a look at the devices that we can export flows from. While the focus has been on Cisco devices, many new vendors have come on board with new template exports using NetFlow v9 or IPFIX that drastically enhance what was seen with NetFlow v5.

Here is a list of some Cisco devices that support NetFlow and whether they can be configured with traditional, Flexible NetFlow, or both.

Read more »

Scott Robertson
Sr. Solutions Engineer

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Syslogd is often used to turn machine messages or syslogs into events for further processing. Ultimately, alarms are generated which can trigger some type of notification.  The problem with the messages created by syslogd, is their nonstandard and loosely structured data format.  This post is about the end of Syslog and the evolution of IPFIX due largely to the fact that the data exported in IPFIX is highly structured.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Last week, Joanne started a series of blogs aimed at providing an overview of some NetFlow basics. I am going to continue this series and take a look at what can be found in the NetFlow Packet header.

Built by a device (for example, a router) with NetFlow services enabled, the NetFlow export packet is addressed to a NetFlow collector. The collector processes the packet and stores the information found in the IP flow records.

The NetFlow record format consists of a packet header followed by at least one or more template or data FlowSets.

Read more »

Scott Robertson
Sr. Solutions Engineer

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Welcome to the first installment of our NetFlow v9 Overview, beginning (of course!) with NetFlow basics.

What is NetFlow?

A network flow is defined as a unidirectional sequence of packets between given source and destination endpoints.  Traditional NetFlow uses a 7-tuple of source and destination IP address, transport layer port numbers, IP Protocol, Type of Service (ToS), and the input interface port to uniquely identify flows. Flexible NetFlow (FNF) is a ground-up rewrite of NetFlow which allows the user to customize the NetFlow tuple to include (or exclude) a nearly infinite amount of different fields.

Read more »

Joanne Ghidoni
Sr. Solutions Engineer

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

OpenFlow and NetFlow are two completely different concepts. OpenFlow controls how packets are forwarded through network switches, and Netflow collects IP traffic information. It’s easy to think of the two as being related because both words contain the suffix “flow”.  This post should provide some clarity on the nature of each one of these two protocols. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

The other day a customer called in asking about Ericsson SmartEdge NetFlow support; I had never heard of it.  I opened another browser tab and started searching on Ericsson NetFlow Support.  I found that back in July of 2009, Glen Hunt of Current Analysis did a study comparing the Ericsson NetFlow switch to Cisco, Juniper and other vendors.
Read more »

Ellen

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Continued from NetFlow Generators: Enabling NetFlow Without NetFlow Support (Part #1)…

Last week we covered NetFlow Generator basics including many of the more common deployment options. Now let’s take a look at some of the NetFlow generators available and what characteristics to look for in a best-of-breed NetFlow generator.

Read more »

Adam Powers
@adampowers22

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

The Zero Trust model is a relatively new network security design model that requires network segmentation and segregation of employees from critical internal resources. The basic idea is that the internal network is no longer explicitly ”trusted.” BYOD policies and the mobile workforce have brought new threats to the internal network that just weren’t there five years ago. It’s no longer practical to assume “bad guys outside, good guys inside.” Let’s take a look at exactly what this means…

Read more »

Adam Powers
@adampowers22

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

At least two or three times each week we’re asked how NetFlow relates to PCI compliance. Our answer is crisp and simple. No fancy requirement references or complicated legal speak, just practical advice that’s actually useful for those concerned with the PCI audit process. There are three key areas NetFlow and IPFIX analysis can aid the enterprise as it relates to PCI:

Read more »

IT professionals have been looking for better ways to monitor and store firewall logs for years. Properly handled, firewall events can give insight into APTs, DoS attacks, firewall rule planning and misconfigurations, policy violations, and much more. To date, Syslog has been the go-to mechanism for access to firewall log info. It’s universally supported by the firewall community, easy to understand, and it’s quick to implement on both the firewall as well as the syslog analyzer.

Unfortunately syslog is resource intensive on both the firewall and the log analyzer. It’s largely unstructured, requires string pattern matching, and the exact format and fields vary from one firewall to the next. How often do you turn on full “Accept” and “Deny” logging for every rule? Sure you can and yes it’s valuable but the amount of syslog created is tremendous.

Enter NetFlow and IPFIX…

Read more »