First of all, Net Flow is spelled NetFlow, and today, we’re going to talk about an IT Monitoring Service that provides Network Traffic Monitoring. Specifically, we want to monitor BYOD Traffic. The modern workplace is often being assaulted by these devices. Why? Androids and iPhones are constantly searching for a Network to connect to. Once attached, some employees are so ‘connected’ with friends that these smart phones start flooding the network and pestering the user to participate in Facebook, Farmville or even Scrabble. How can you find out when, what and where they are doing?
While doing a demonstration of the reporting capabilities of Scrutinizer last week, I had a customer ask, “How can I monitor Netflix traffic?”
There are a couple of ways that this can be done.
If you have Cisco routers, and are running IOS 15.1 or higher, there is an option to enable NBAR. Using Flexible NetFlow, we create a user defined flow template by adding the collect NBAR application option parameters to the flow record. Then it is just a matter of selecting the NBAR report filters available in Scrutinizer.
But I would like to show you a way to use a template option to capture and pass URL’s. We will be using nProbe to capture traffic from an interface on a device and export IPFIX templates to Scrutinizer.
The set up of nProbe is a simple process of using command line options to configure the template and create and start a nProbe service.
Once we see the device and interfaces in Scrutinizer, it is just a matter of adding filters to the report to isolate the Netflix traffic.
I was talking with our newly appointed Pre-Sales Support Specialist, Scott, the other day when we realized that we don’t have a NetFlow Glossary blog, so I wanted to take this opportunity to consolidate some resources and highlight some of the key NetFlow terminology that we find ourselves talking about on a daily basis.
For most of the last year I have been working as a member of the Technical Support Team here at Plixer International. But as of July 1st, I have moved from Technical Support to a Pre-Sales Support role on the Sales Team. In my new role I will be responsible for providing technical support for all pre-sales/evaluating customers.
I just want to say that it has been a pleasure working with the many customers that I’ve talked to over the last year. I wish you all much success in your Network Admin/IT endeavors.
If you are new to the NetFlow technology, I would welcome the opportunity to demonstrate the benefits of using NetFlow and our network analysis tool to open windows into what is going on over your network. The following information is made available via the flow packets: source IP address, destination IP address, source port number, destination port number, protocol type, type of services, and the router input interface.
Exporting flows to a NetFlow collector provides a deeper level of detail that was up to this point unavailable in network management. This type of information has proven invaluable in detecting worms, port scans, DDoS attacks, and other security threats and network misuse.
We are still recovering from CiscoLIVE 2010. We have lots of leads to pour through as well as a few new potential business partners to work with. One of our long distance partners dropped by our booth to say ‘hello’ and discuss Scrutinizer v8.
We work with the Cisco Japan team from time to time regarding NBAR and Flexible NetFlow . Here I am standing with the Manager of Solutions Systems Engineering and a Senior Systems Engineer. Read more »
At the support desk we often get asked questions about NetFlow technology and what, if any, performance impact enabling NetFlow will have on their routers or switches.
Cisco® NetFlow technology is an embedded feature within Cisco IOS routers and high end switches. NetFlow data records consist of information about source and destination addresses, along with the protocols and ports used in the end-to-end conversation. The NetFlow feature set allows for the tracking of individual IP flows as they are received at a Cisco router or switching device.
Network administrators can use the NetFlow flow records for a variety of purposes, including accounting, billing, network planning, traffic engineering and user or application monitoring.
Many customers who are new to NetFlow are naturally cautious about introducing it into their network. They need to understand the potential performance impact of enabling NetFlow before they are willing to deploy it. Cisco has released a NetFlow Performance Analysis paper that examines the CPU impact of enabling NetFlow services in various scenarios on several different Cisco hardware platforms.
Before you get too concerned about what the report is showing, look at those flow numbers. They represent a ”worst-case scenario” in terms of the traffic flows seen by the routers, and the results must be viewed in that context.
Now that you have decided to enable NetFlow on your routers and switching devices, it’s time to put that flow data to work for you.
Sitting down this morning with a much needed cup of coffee I was alerted to this startling post from a cNet news feed.
“Thursday is the deadline for colleges and universities that receive Title IV federal aid to have implemented antipiracy procedures on their campuses as part of the Higher Education Opportunity Act (HEOA) of 2008.” – cnet
I was speechless, which for me is quite an astounding feat. So many thoughts ran around in my head but in the end only one thing came out of my mouth, “theres an app for that!”. Scrutinizer and NetFlow can easily help schools monitor for this type of traffic. Heck! It was one of the things Scrutinizer was built for. Understanding how users consume your networks bandwidth is important in todays world. Laws like this make monitoring your traffic a requirement. Matter of fact, it can be quite costly if you don’t.
As I mentioned Scrutinizer is well suited to assist in this task. NetFlow gives you the flexibility to monitor all of your network traffic from one central location. Scrutinizer allows you to filter your data into meaningful, easy to swallow reports that tell you who was doing what, where and when. It doesn’t stop there.
Scrutinizers filtering engine allows you to customize how you view your data . Scrutinizer then gives you the ability to add a threshold to that report . Now you have a customized monitoring tool. I created a quick video that explain . . . .
But that report only looks for high bandwidth consumption, file sharing traffic can be small and and almost undetectable. In applications that don’t store all of the NetFlow traffic this is true. Scrutinizer stores all of your NetFlow data which gives our Flow Analytics engine the ability to monitor all of your network traffic and alert you on suspicious traffic patterns. You guessed it, one of the monitoring algorithms is P2P. How fitting! . Flow Analytics also allows you to easily identify Top Applications, Conversations, Flows, Protocols, Domains, Countries, Subnets, etc. across dozens of routers and switches.
Do you have NetFlowV9 and NBAR? We are one of the only vendors that support this technology completely. NBAR stands for ”Network Based Application Recognition” and is the mechanism used by some Cisco routers and switches to recognize a dataflow by inspecting some packets sent. With NBAR you are going to be able to get a definitive answer on what applications are being used on your network. Scrutinizer supports it, reports on it and most importantly alerts on it!
I’ve shown you a few of the ways Scrutinizer can help you meet the needs of this new law. There are quite a few other important features so make sure to download a copy of Scrutinizer and kick the tires for 30 days.
Jimmy D the Netflow Detective
For a free 30 day trial of Scrutinizer, Download Now!
My daughter recently started a temporary Marketing position here at Plixer. And as with most people when they get their first job, she was very nervous about the new environment she would be coming into.
Adding to her nervous tension was the opportunity to see and meet Mix Master Mitch in person.
While I would not lump her in with the usual NetFlow maniacs that follow Mitch from town to town, I am sure she was aware of his superstar status and had seen the Mix Master’s videos (who hasn’t?). For the first few days, she would try to avoid the famous artist for fear of embarrassment. It wasn’t until Mitch left an autographed 8×10 on her desk that she finally was able to relax around the Rap legend.
Don’t miss your chance to see Mitch and his NetFlow posse live as the tour heads out to sunny Las Vegas next week for Cisco Live!
Why do you want to know what is going on in the traffic flow of a network?
What’s the point?
Why doesn’t utilization alone cut it?
Network Administrators don’t typically have a lot of time on a day-to-day basis. There is always some fire to fight, some network or user issue that comes up. Most times your juggling more than one issue at a time. So you find yourself spending most of your time trying to keep the network running and the users happy.
A Network Administrator’s abilities are only as good as his awareness of what happens on his network.
Monitoring and maintaining your network traffic and bandwidth utilization used to be an overlooked aspect of your job. But evolution of technology has changed the makeup of networks everywhere and has forced network managers to include Flow analysis and monitoring in their network management strategies.
Network Flow Analysis is the art of studying the traffic on a computer network. It is the industry-standard method of collecting and recording network traffic. Flow analysis lets you see what types of traffic passed between hosts, without having to reproduce the problem.
Plixer International can help you put a number of these services to work for you by providing the best network analysis and reporting tools available on the market today.
We have talked for a long time about the benefits of using Cisco IPSLA as a proactive method of reliably measuring network performance. Raul Duran wrote a series of blogs talking about the use of IPSLA operations, and believes that IPSLA should be a part of every Network Administrator’s toolbox. Using our SNMP Performance and Trending tool, data can be retrieved and trended, enabling users to graph performance over time.
