Introduction
I spent some time ago comparing packet traces to Cisco NetFlow using our network bandwidth monitoring tool ‘Scrutinizer’.  I setup 3 scenarios where I captured the actual packets with Wireshark and captured the NetFlow datagrams with our NetFlow collector.  In this 3 part series, the details from these three labs will be explained:

Read more »

Okay, back to the basics. We’ve been working with Cisco NetFlow technology for many years now, but what is NetFlow?

NetFlow is a traffic profile monitoring technology developed by Darren Kerr and Barry Bruins at Cisco Systems, back in 1996. At that time, network monitoring mostly consisted of seeing how much traffic was traversing your network, but did not include what that traffic was.
Read more »

At the support desk we often get asked questions about NetFlow technology and what, if any, performance impact enabling NetFlow will have on their routers or switches.

Cisco® NetFlow technology is an embedded feature within Cisco IOS routers and high end switches. NetFlow data records consist of information about source and destination addresses, along with the protocols and ports used in the end-to-end conversation. The NetFlow feature set allows for the tracking of individual IP flows as they are received at a Cisco router or switching device.

Network administrators can use the NetFlow flow records for a variety of purposes, including accounting, billing, network planning, traffic engineering and user or application monitoring.

Many customers who are new to NetFlow are naturally cautious about introducing it into their network. They need to understand the potential performance impact of enabling NetFlow before they are willing to deploy it. Cisco has released a NetFlow Performance Analysis paper that examines the CPU impact of enabling NetFlow services in various scenarios on several different Cisco hardware platforms.

Before you get too concerned about what the report is showing, look at those flow numbers. They represent a ”worst-case scenario” in terms of the traffic flows seen by the routers, and the results must be viewed in that context.

Now that you have decided to enable NetFlow on your routers and switching devices, it’s time to put that flow data to work for you.

Let us show you how our NetFlow and sFlow Analysis Tool provides the best custom reporting engine on the market today, supporting leading edge technologies like Cisco ASA, Flexible NetFlow, IPFIX, and NBAR.

Give me a call – (207)324-8805

-Scott

Come see Plixer International (Booth #960) at Cisco Live at Mandalay Bay Resort in Las Vegas June 27 – July 1, 2010.

What a great opportunity to meet several of the Plixer Team members, including:

• MMM (Mix Master Mitch), our renowned NetFlow Rapper
• Michael Patterson, Product Manager
• Jon Mills, Marketing Manager
• Nathan Halverson, blogger extraordinaire!

3 NEW features will be highlighted with live demos of our NetFlow Analyzer.  Maybe we’ll show off our IPFIX and NetFlow Probe abilities?

Come see why our sFlow and NetFlow Collector are different from the rest for network traffic monitoring.

- Joanne

A customer called the other day regarding NetFlow collection and interface descriptions not matching the correct interface instance numbers.  I’d seen this issue before and knew it was not related to the NetFlow configuration, but rather that the device in question was exporting the wrong interface information in the NetFlow packets.

Michael Patterson addressed this issue in his blog, “Messed Up Interface names in Scrutinizer” in February.

To summarize Michael’s blog, the device in question was including interface instance numbers from enterprise mibs in the NetFlow packets, and most NetFlow Traffic Analyzers get the interface descriptions from the standard MIB-2 ifIndex tables.
Read more »

What does Cisco’s Flexible NetFlow (FNF) have to do with LEGO blocks?

Well, if you’ve been struggling with configuring Flexible NetFlow on your Cisco routers, using LEGO blocks as an analogy for creating the data export record can simplify the process of the FNF configuration, bringing you closer to the end goal of managing your network traffic flow.

In Brad Reese’s article “How to setup Cisco’s Flexible NetFlow (FNF) with LEGO Blocks“, LEGO blocks are used to visually display the assembly of an FNF record.

Read more »

Looking for a reliable bandwidth utilization NetFlow billing system?  If you are already using Cisco NetFlow technology for network monitoring and management, then it’s just one more simple step to extending that to bandwidth billing.

Using the Service Provider Module for Scrutinizer NetFlow & sFlow Analyzer and a customized Billing Module, you can monitor the bandwidth usage of your customers and also provide  a data export to your current billing application.

The Service Provider Module allows you to restrict your customers to view specific devices and/or interfaces in Scrutinizer. The “Scrutinizer v7 NetFlow and sFlow Analyzer: Using the Service Provider Module” blog has more information on this module’s features.
Read more »

Scrutinizer v7.6 has been released.  One of my favorite features is the ability to rename NetFlow v9 templates, IPFIX templates and Flexible NetFlow Templates. We had to provide this feature since Cisco NetFlow does not export the template name.  Do you know why this is such a cool feature? Read more »

SUNY Geneseo Network Manager Rick Coloccia found that analyzing Cisco NetFlow packets was the key to network traffic management and monitoring internet use and abuse.

Using Scrutinizer NetFlow Analyzer, he was able to respond to the RIAA’s (Recording Industry Association of America) allegations of students illegally downloading or sharing of music.
Read more »