This is part 3 of a 3 part series. Part 1 and part 2 covered other topics. In the third NetFlow lab we studied the traffic from a VoIP connection.
Michael Patterson
Okay, back to the basics. We’ve been working with Cisco NetFlow technology for many years now, but what is NetFlow?
NetFlow is a traffic profile monitoring technology developed by Darren Kerr and Barry Bruins at Cisco Systems, back in 1996. At that time, network monitoring mostly consisted of seeing how much traffic was traversing your network, but did not include what that traffic was.
Read more »
At the support desk we often get asked questions about NetFlow technology and what, if any, performance impact enabling NetFlow will have on their routers or switches.
Cisco® NetFlow technology is an embedded feature within Cisco IOS routers and high end switches. NetFlow data records consist of information about source and destination addresses, along with the protocols and ports used in the end-to-end conversation. The NetFlow feature set allows for the tracking of individual IP flows as they are received at a Cisco router or switching device.
Network administrators can use the NetFlow flow records for a variety of purposes, including accounting, billing, network planning, traffic engineering and user or application monitoring.
Many customers who are new to NetFlow are naturally cautious about introducing it into their network. They need to understand the potential performance impact of enabling NetFlow before they are willing to deploy it. Cisco has released a NetFlow Performance Analysis paper that examines the CPU impact of enabling NetFlow services in various scenarios on several different Cisco hardware platforms.
Before you get too concerned about what the report is showing, look at those flow numbers. They represent a ”worst-case scenario” in terms of the traffic flows seen by the routers, and the results must be viewed in that context.
Now that you have decided to enable NetFlow on your routers and switching devices, it’s time to put that flow data to work for you.
Let us show you how our NetFlow and sFlow Analysis Tool provides the best custom reporting engine on the market today, supporting leading edge technologies like Cisco ASA, Flexible NetFlow, IPFIX, and NBAR.
Give me a call – (207)324-8805
-Scott
Lately, I’ve been getting more familiar with different backup procedures and it made me want to update everyone on our current recommended Scrutinizer backup procedure. Read more »
Lawrence Technological University is among Michigan’s largest independent colleges and also Michigan’s first completely wireless laptop campuses, as well as one of the largest wireless networks in the Midwest.
This recently published case study demonstrates how successful network traffic analysis can be performed using NetFlow reporting with Scrutinizer NetFlow Analyzer. Monitoring NetFlow exported from devices such as Cisco ASA’s, routers, switches, and numerous other NetFlow compatible devices simplifies the task of managing your network, whether wired or, in LTU’s case, fully wireless.
The other day I took an interesting call from a customer who was concerned because he was suddenly seeing his flows per second count almost double. He had just upgraded his Scrutinizer NetFlow and sFlow traffic analysis application to the latest version and he thought that maybe something had changed to cause this to happen.
I assured him that nothing in the Scrutinizer upgrade would have caused him to see his flow count increase. And after talking with him, I learned that he had also just upgraded the IOS on his routers.
Were we looking at some kind of a ”perfect storm“ scenario?
Of course not!
Recently Mark Leary, wrote a blog about the “Top Ten IOS Services You Should Be Using Now!” In the blog he talks about some of the key high-value IOS services that can go unnoticed and unused by network operators.
Plixer International can help you put a number of these services to work for you by providing the best network analysis and reporting tools available on the market today.
We have talked for a long time about the benefits of using Cisco IPSLA as a proactive method of reliably measuring network performance. Raul Duran wrote a series of blogs talking about the use of IPSLA operations, and believes that IPSLA should be a part of every Network Administrator’s toolbox. Using our SNMP Performance and Trending tool, data can be retrieved and trended, enabling users to graph performance over time.
I’m in the Rochester NY airport headed back to Boston MA. I spent the day at the White Hat Security Day conference hosted by Mercury Networks.
What I thought was going to be a small conference ended up being attended by several hundred people. Read more »
Michael PattersonI was recently inspired by a post on “5 best router and switch features you never use.” It seems like I often show customers a few best at NetFlow and sFlow reporting features that they never knew about. In this blog, I will outline some of my favorite features that I think many of you will appreciate. Read more »
Michael PattersonWe have all seen a number of blogs over the past few months talking about Flexible NetFlow. And with customers moving to the Cisco Nexus model switches, which run on Cisco’s NX-OS operating system, we are now assisting in an increasing number of Flexible NetFlow configurations.
A big advantage of the Flexible NetFlow concept is that the user can define the flow. The user-defined flow records and the component structure of Flexible NetFlow make it easy for you to create various configurations for traffic analysis and data export on a networking device with a minimum number of configuration commands.
Don’t be intimidated by the move to Flexible NetFlow.
Flexible NetFlow includes several predefined records that you can use right away to start monitoring traffic in your network.
These predefined records are available to help you quickly deploy Flexible NetFlow. And they help ensure backward compatibility with your existing NetFlow collector configurations for the data that is exported.
Each of the predefined records are based on the original NetFlow ingress and egress caches and the aggregation caches, and each has a unique combination of key and non-key fields that offer you the built-in ability to monitor various types of traffic in your network without customizing Flexible NetFlow on your router.
Many users will find that the pre-existing Flexible NetFlow records are suitable for the majority of their traffic analysis requirements.
