Are you looking for an inexpensive solution to gain visibility on your network? Traffic-Flow is a feature available on RouterOS by MikroTik. Traffic-Flow is comparable to Cisco’s NetFlow technology, providing statistical information about packets passing through the router. Traffic-Flow supports NetFlow formats: v1 (not recommend) , v5 (BGP, AS, and flow sequence support), and v9 (extend-able field and record type support); therefore, most NetFlow collectors, including Scrutinizer and similar, will listen for these flows.

RouterOS can be purchased by itself to run on a PC with two network interfaces, or you can purchase a RouterBoard, as I did, which will come with RouterOS loaded. You can run RouterOS in transparent bridge mode or as a router. If you run in bridge mode, all traffic exported will show as coming through one interface (the pass-through bridge), whereas, if run in router mode, you will get the different source and destination interface indexes and descriptions.

I bought the RB433AH and configured it to send flows to a Scrutinizer demo box. I have configured our RouterBoard as a bridge exporting Traffic-Flow v5 and placed this in-line between our firewall and core switch. As you can see in the screen capture below, the bridge information allows me to see traffic to and from our network. We are looking at the top 10 conversations for the last 5 minutes.

If you are currently running a network with devices that don’t support Cisco NetFlow, a RouterBoard for $145 is an inexpensive solution to give you the visibility you’ve been looking for.

-Tom Pore
Follow me on Twitter Tags: MikroTik, monitoring network traffic, NetFlow, RouterBoard, RouterOS, Scrutinizer, traffic-flow

This entry was posted on Wednesday, June 10th, 2009 at 3:17 pm and is filed under NetFlow, NetFlow Analyzer, Network Traffic Analysis, Network Traffic Monitor, Scrutinizer, Third Party Integration. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.