What is Flexible NetFlow part 1 of 3
Posted in General on December 26th, 2008 by mike@plixer.com
What’s so Flexible about Flexible NetFlow?
Flexible NetFlow is basically an extension of NetFlow v9. Cisco believes that Flexible NetFlow provides enhanced optimization, reduces costs and improves capacity planning and security detection beyond traditional flow technologies. I understand this is pretty vague so, lets dig a little deeper.
Note: You should read up on Successful ways to use NetFlow before reading this blog series.
The Key Advantages of using Flexible NetFlow:
- A) User configurable ability to monitor a wider range of packet information which produces new information about network behavior: In other words, we can specify exactly what we want to capture in data link layer packets. Imagine any offset in the IP traffic can be monitored, captured and exported to the collector. This is useful if you are trouble shooting and looking for very specific information that isn’t exported in traditional NetFlow.
- B) Enhanced network anomaly and security detection: Basically, Flexible NetFlow can monitor more deeply inside packets. Cisco may even have plans to place IDS like capabilities inside each router and then export the packets to the collector or even take action at the router based on a pattern match. This supports our white paper “Network Behavior Analysis: Best Approached at the Switch?”
- C) Convergence of multiple accounting technologies into a single mechanism: This is basically reinforcing the above feature of collecting on any specific information but, using it for different purposes. For example, maybe the NetFlow volume is so high that you have to use sampling. This could throw a wrench into your accounting and billing plans as they likely won’t be accurate without 100% traditional NetFlow capture. Flexible NetFlow allows you to have a sampling export as well as other exports specific to traffic type occurring simultaneously.
It is ‘Flexible’ NetFlow because you can match on just about anything and export it on demand. In the next blog “Flexible NetFlow Generates Cash?” I will discuss the 3 different Flexible NetFlow cache configurations.
Michael PattersonScrutinizer Product Manager
Follow Me on Twitter
[...] v9 on the other hand supports Flexible NetFlow which arguably is equally as flexible as IPFIX. More on this [...]
[...] be Flexible, so that many more different exports are possible (e.g. CPU utilization). Ever heard of Flexible NetFlow? Michael Patterson Scrutinizer Product Manager Follow Me on Twitter Share and [...]
[...] Has It Covered Scrutinizer v7 supports Flexible NetFlow and is able to receive and store Cisco NSEL (i.e. NetFlow Security Event Logs) and PSAMP, etc. [...]
[...] Datacenter Customers should Invest in Flexible NetFlow on the [...]
[...] you enable NBAR exports with NetFlow you will notice that since it supports Flexible NetFlow, a few different templates get kicked [...]
[...] love demonstrating how Flexible NetFlow can really be appreciated when the software is designed to take advantage of it. If you are [...]
[...] you already know, we’ll all be using SNMP, NetFlow and sFlow for the foreseeable future. As Flexible NetFlow matures, expect it to assume more and more of the responsibilities currently addressed with SNMP [...]
[...] ya saben, todos estaremos usando SNMP, NetFlow y sFlow para el futuro previsible. Mientra que Netflow Flexible se madura, esperamos que asuma cada vez más de las responsabilidades que se abordan actualmente [...]