I was talking with our newly appointed Pre-Sales Support Specialist, Scott, the other day when we realized that we don’t have a NetFlow Glossary blog, so I wanted to take this opportunity to consolidate some resources and highlight some of the key NetFlow terminology that we find ourselves talking about on a daily basis.
For most of the last year I have been working as a member of the Technical Support Team here at Plixer International. But as of July 1st, I have moved from Technical Support to a Pre-Sales Support role on the Sales Team. In my new role I will be responsible for providing technical support for all pre-sales/evaluating customers.
I just want to say that it has been a pleasure working with the many customers that I’ve talked to over the last year. I wish you all much success in your Network Admin/IT endeavors.
If you are new to the NetFlow technology, I would welcome the opportunity to demonstrate the benefits of using NetFlow and our network analysis tool to open windows into what is going on over your network. The following information is made available via the flow packets: source IP address, destination IP address, source port number, destination port number, protocol type, type of services, and the router input interface.
Exporting flows to a NetFlow collector provides a deeper level of detail that was up to this point unavailable in network management. This type of information has proven invaluable in detecting worms, port scans, DDoS attacks, and other security threats and network misuse.
We are still recovering from CiscoLIVE 2010. We have lots of leads to pour through as well as a few new potential business partners to work with. One of our long distance partners dropped by our booth to say ‘hello’ and discuss Scrutinizer v8.
We work with the Cisco Japan team from time to time regarding NBAR and Flexible NetFlow . Here I am standing with the Manager of Solutions Systems Engineering and a Senior Systems Engineer. Read more »
At the support desk we often get asked questions about NetFlow technology and what, if any, performance impact enabling NetFlow will have on their routers or switches.
Cisco® NetFlow technology is an embedded feature within Cisco IOS routers and high end switches. NetFlow data records consist of information about source and destination addresses, along with the protocols and ports used in the end-to-end conversation. The NetFlow feature set allows for the tracking of individual IP flows as they are received at a Cisco router or switching device.
Network administrators can use the NetFlow flow records for a variety of purposes, including accounting, billing, network planning, traffic engineering and user or application monitoring.
Many customers who are new to NetFlow are naturally cautious about introducing it into their network. They need to understand the potential performance impact of enabling NetFlow before they are willing to deploy it. Cisco has released a NetFlow Performance Analysis paper that examines the CPU impact of enabling NetFlow services in various scenarios on several different Cisco hardware platforms.
Before you get too concerned about what the report is showing, look at those flow numbers. They represent a ”worst-case scenario” in terms of the traffic flows seen by the routers, and the results must be viewed in that context.
Now that you have decided to enable NetFlow on your routers and switching devices, it’s time to put that flow data to work for you.
Sitting down this morning with a much needed cup of coffee I was alerted to this startling post from a cNet news feed.
“Thursday is the deadline for colleges and universities that receive Title IV federal aid to have implemented antipiracy procedures on their campuses as part of the Higher Education Opportunity Act (HEOA) of 2008.” – cnet
I was speechless, which for me is quite an astounding feat. So many thoughts ran around in my head but in the end only one thing came out of my mouth, “theres an app for that!”. Scrutinizer and NetFlow can easily help schools monitor for this type of traffic. Heck! It was one of the things Scrutinizer was built for. Understanding how users consume your networks bandwidth is important in todays world. Laws like this make monitoring your traffic a requirement. Matter of fact, it can be quite costly if you don’t.
As I mentioned Scrutinizer is well suited to assist in this task. NetFlow gives you the flexibility to monitor all of your network traffic from one central location. Scrutinizer allows you to filter your data into meaningful, easy to swallow reports that tell you who was doing what, where and when. It doesn’t stop there.
Scrutinizers filtering engine allows you to customize how you view your data . Scrutinizer then gives you the ability to add a threshold to that report . Now you have a customized monitoring tool. I created a quick video that explain . . . .
But that report only looks for high bandwidth consumption, file sharing traffic can be small and and almost undetectable. In applications that don’t store all of the NetFlow traffic this is true. Scrutinizer stores all of your NetFlow data which gives our Flow Analytics engine the ability to monitor all of your network traffic and alert you on suspicious traffic patterns. You guessed it, one of the monitoring algorithms is P2P. How fitting! . Flow Analytics also allows you to easily identify Top Applications, Conversations, Flows, Protocols, Domains, Countries, Subnets, etc. across dozens of routers and switches.
Do you have NetFlowV9 and NBAR? We are one of the only vendors that support this technology completely. NBAR stands for ”Network Based Application Recognition” and is the mechanism used by some Cisco routers and switches to recognize a dataflow by inspecting some packets sent. With NBAR you are going to be able to get a definitive answer on what applications are being used on your network. Scrutinizer supports it, reports on it and most importantly alerts on it!
I’ve shown you a few of the ways Scrutinizer can help you meet the needs of this new law. There are quite a few other important features so make sure to download a copy of Scrutinizer and kick the tires for 30 days.
____________________________________ Jim Dougherty aka "Jimmy D"
International Sales Channel Manager and
Netflow Evangelist for Plixer International!
My daughter recently started a temporary Marketing position here at Plixer. And as with most people when they get their first job, she was very nervous about the new environment she would be coming into.
Adding to her nervous tension was the opportunity to see and meet Mix Master Mitch in person.
While I would not lump her in with the usual NetFlow maniacs that follow Mitch from town to town, I am sure she was aware of his superstar status and had seen the Mix Master’s videos (who hasn’t?). For the first few days, she would try to avoid the famous artist for fear of embarrassment. It wasn’t until Mitch left an autographed 8×10 on her desk that she finally was able to relax around the Rap legend.
Don’t miss your chance to see Mitch and his NetFlow posse live as the tour heads out to sunny Las Vegas next week for Cisco Live!
Why do you want to know what is going on in the traffic flow of a network?
What’s the point?
Why doesn’t utilization alone cut it?
Network Administrators don’t typically have a lot of time on a day-to-day basis. There is always some fire to fight, some network or user issue that comes up. Most times your juggling more than one issue at a time. So you find yourself spending most of your time trying to keep the network running and the users happy.
A Network Administrator’s abilities are only as good as his awareness of what happens on his network.
Monitoring and maintaining your network traffic and bandwidth utilization used to be an overlooked aspect of your job. But evolution of technology has changed the makeup of networks everywhere and has forced network managers to include Flow analysis and monitoring in their network management strategies.
Network Flow Analysis is the art of studying the traffic on a computer network. It is the industry-standard method of collecting and recording network traffic. Flow analysis lets you see what types of traffic passed between hosts, without having to reproduce the problem.
Plixer International can help you put a number of these services to work for you by providing the best network analysis and reporting tools available on the market today.
We have talked for a long time about the benefits of using Cisco IPSLA as a proactive method of reliably measuring network performance. Raul Duran wrote a series of blogs talking about the use of IPSLA operations, and believes that IPSLA should be a part of every Network Administrator’s toolbox. Using our SNMP Performance and Trending tool, data can be retrieved and trended, enabling users to graph performance over time.
The traditional NetFlow configuration on a Cisco router will only let you configure the export to two destinations. Are you looking for a solution that will replicate NetFlow to more than two? Read more »
We have all seen a number of blogs over the past few months talking about Flexible NetFlow. And with customers moving to the Cisco Nexus model switches, which run on Cisco’s NX-OS operating system, we are now assisting in an increasing number of Flexible NetFlow configurations.
A big advantage of the Flexible NetFlow concept is that the user can define the flow. The user-defined flow records and the component structure of Flexible NetFlow make it easy for you to create various configurations for traffic analysis and data export on a networking device with a minimum number of configuration commands.
Don’t be intimidated by the move to Flexible NetFlow.
Flexible NetFlow includes several predefined records that you can use right away to start monitoring traffic in your network.
These predefined records are available to help you quickly deploy Flexible NetFlow. And they help ensure backward compatibility with your existing NetFlow collector configurations for the data that is exported.
Each of the predefined records are based on the original NetFlow ingress and egress caches and the aggregation caches, and each has a unique combination of key and non-key fields that offer you the built-in ability to monitor various types of traffic in your network without customizing Flexible NetFlow on your router.
Many users will find that the pre-existing Flexible NetFlow records are suitable for the majority of their traffic analysis requirements.