Best Practices in Egress NetFlow Reporting

Posted in NetFlow, NetFlow Analyzer, Network Traffic Monitor, Scrutinizer on January 27th, 2010 by mike@plixer.com
best-practices-in-egress-netflow-reporting

Have you heard about exporting egress NetFlow? Do you want to know why it is different from ingress NetFlow or more importantly, when to implement it for network traffic monitoring? I’ll cover this topic in today’s blog. Read more »

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter
Tags: , , , , , , , , , ,

Leave A Comment »

BEWARE: Cisco Egress NetFlow with Flexible NetFlow

Posted in NetFlow, NetFlow Analyzer on January 25th, 2010 by Jon Mills

Most people collecting NetFlow use it in a very traditional fashion (i.e. NetFlow v5 with ingress flows). Ingress flow means that only inbound (i.e. received) traffic is collected and exported in NetFlow datagrams. This may sound like you won’t know what is going ‘out’ an interface, but have no fear. There is any easy way to calculate outbound traffic using ingress NetFlow.

determining OutBound using Ingress

Above, out bound utilization on interface 1 is determined by looking at the flows from interfaces 2,3 & 4 that are destined for interface 1. Since an ingress flow contains the source and destination interface (i.e. port of the router). Out bound traffic is determined by using ingress flows from the other interfaces. For this reason, it is important to enable NetFlow on all interfaces of the switch or router. This trick is common practice in all NetFlow reporting tools. But, what about NetFlow v9 and its support for ‘Egress’ NetFlow (i.e. traffic going out an interface)?

Read more »


Jon Mills
Marketing & Public Relations Manager
Follow Me On Twitter
Tags: , , , , , , , , , , , ,

4 Comments »

WAN Optimization Sizing

Posted in NetFlow on November 21st, 2009 by mike@plixer.com
wan-optimization-sizing

Apparently, many WAN Optimization companies price their appliances based on Flow Volume.  What does Flow Volume mean?  Flow Volume is the number of concurrent flows on a specific interface or all interfaces at any given time.  For example, if you download a web page, this could create several flows.  If you ping something, this would create a flow as well.  In fact, syslogs, SNMP traps, etc. all create flows.  TCP tends to create flows that linger longer than ICMP or UDP flows. Read more »

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter
Tags: , , , , , , ,

Leave A Comment »

Best Practices when enabling Ingress and or Egress NetFlow

Posted in NetFlow, NetFlow Analyzer, Network Traffic Analysis on November 7th, 2009 by mike@plixer.com
best-practices-when-enabling-ingress-and-or-egress-netflow

A user of a NetFlow reporting tool shouldn’t concern him or herself with whether or not the router or switch is exporting ingress, egress or both on a specific interface. Proper design of the NetFlow Analysis program should take this into account for the end user. Many NetFlow Analyzers exaggerate traffic if both ingress and egress is enabled. This can cause duplication of data and ultimately lead to trends that exaggerate the truth! Read more »

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter
Tags: , , , , , , ,

1 Comment »

Scrutinizer v7.2 Released with Migration from v6

Posted in NetFlow Analyzer on October 29th, 2009 by mike@plixer.com
scrutinizer-v7-2-released-with-migration-from-v6

Scrutinizer v7.2 NetFlow and sFlow Analyzer has been released.  A complete log on the updates is on our web site.  The migration from v6.X to v7.2 is also done. Please contact plixer +1 (207) 324-8805 for assistance on the migration. 

We are offering 2 webcasts to cover many of the new features for Network Traffic Analysis. Read more »

Michael Patterson
Scrutinizer Product Manager
Follow Me on Twitter
Tags: , , , , , , , , ,

1 Comment »