Let’s talk about NetFlow observation point in Cisco NetFlow capable devices, particularly the octetDeltaCount collection. Ingress and egress Netflow  are probably notions we are the most familiar with. However, what exactly is Ingress or Egress NetFlow? At what point were  bandwidth utilization values in my NetFlow report metered?

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

I was talking with our newly appointed Pre-Sales Support Specialist, Scott, the other day when we realized that we don’t have a NetFlow Glossary blog, so I wanted to take this opportunity to consolidate some resources and highlight some of the key NetFlow terminology that we find ourselves talking about on a daily basis.

NetFlow Terminology:

Bidirectional Flows
Flexible NetFlow
Ingress vs. Egress
Interface 0
ip-flow timeout active 1
IPFIX
ip route-cache flow vs. ip flow ingress
NBAR
NetFlow Collector and Analyzer
NetFlow Exporters
NetFlow Options Templates
NetFlow Probe
NetFlow Replicator
NetFlow v5 vs. v9
NSEL
sFlow

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

The traditional NetFlow configuration on a Cisco router will only let you configure the export to two destinations.  Are you looking for a solution that will replicate NetFlow to more than two? Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Since the launch of our Systrax community website, we have written over three hundred blogs and generated two unique cases of Carpal Tunnel to bring you informative and sometimes quasi entertaining content.

I think its time though to lasso in some of the highlights over the year into one summary blog for quick and easy reference. This blog will link to others that have answered some of the more commonly asked questions. We hope you enjoy it.

Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

I saw some good news the other day from Riverbed that NetFlow v9 will be supported albeit in “the upcoming release of version 6.0″. The exact date is not specified.

I decided to investigate this and communicated with a developer over at Riverbed. He explained that egress is supported with v9 enabled by default. Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

NSEL (NetFlow Security Event Logging) is the type of NetFlow exported from an ASA Firewall. The purpose of NSEL is to track firewall events via NetFlow and to have a summary of all conversations associated with that event type.

The three most popular event types that trigger a NetFlow record are:

                                            * flow-create
* flow-denied
* flow-teardown

Read more »

This is part 4 of an 4-part series (so far 4 parts) on the ToS field (i.e. Differentiated Services Field) of IP frames. I finally get into how all this relates to NetFlow in 2009.  Make sure you have already read Part 1, Part 2 and Part 3 of this blog.

ToS and DSCP part 4
At the end of Part 3 of this blog series I digressed very briefly on how CBQoS can be used to modify DSCP values on packets which come into the router.  In other words, VoIP traffic that comes in on ports 4569 and 5060 could enter a router with one DSCP value 0×00 and leave with a completely different one e.g. 0xEF (i.e. 11101111).    Read more »

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!