If you’re a faithful follower of our blogs, then you are familiar with the “samplicator” described in Michael Patterson’s “Free NetFlow Forwarder or NetFlow Duplicator” blog from May 29th, 2010.

If you’re not familiar with this NetFlow Forwarder application and you have the need for exporting NetFlow packets to multiple (unlimited!) collectors, then you must read his blog.

With switches or routers that do not support NetFlow export to more than one NetFlow collector, or if you have the need to export to more than the typical two collectors, the samplicator is an ideal solution.

Configuration is quick and easy and, if using the config file to list source (exporters) and destinations (collectors), extremely scalable.

Read more »

There is no doubt that flow technology is revolutionizing network monitoring. In this  NetFlow/J-Flow/IPFIX/sFlow era, there is no need to settle with only knowing utilizations on the network. Besides, little analysis can be done in monitoring bandwidth only anyways.

Scott wrote a blog earlier that made a valid point: “A Network Administrator’s abilities are only as good as his awareness of what happens on his network.” In harmony with that statement, it’s beneficial to have useful tools to be able to collect that traffic information.

Recently, I learned that J-Flow is supported for the Juniper SRX series Gateways. I thought this might be good information for people who want to start monitoring flows on this type of device, especially our NetFlow and sFlow Analyzer users, since it can also process J-Flow packets. Below are some sample commands taken from Juniper’s Knowledge Base which walks you through your J-Flow configuration. Read more »

Daniel Senga
Tech Support
Follow me on Twitter

Today I will discuss the command “ip flow ingress infer-fields”, mostly used in the NetFlow configuration of NetFlow switches. Being the newest member of the Plixer International Tech Support team I am discovering how amazingly large certain networks can get. This is when an outstanding network monitoring and diagnosis capability come in handy. Read more »

Daniel Senga
Tech Support
Follow me on Twitter

I was talking with our newly appointed Pre-Sales Support Specialist, Scott, the other day when we realized that we don’t have a NetFlow Glossary blog, so I wanted to take this opportunity to consolidate some resources and highlight some of the key NetFlow terminology that we find ourselves talking about on a daily basis.

NetFlow Terminology:

Bidirectional Flows
Flexible NetFlow
Ingress vs. Egress
Interface 0
ip-flow timeout active 1
IPFIX
ip route-cache flow vs. ip flow ingress
NBAR
NetFlow Collector and Analyzer
NetFlow Exporters
NetFlow Options Templates
NetFlow Probe
NetFlow Replicator
NetFlow v5 vs. v9
NSEL
sFlow

Read more »

Paul Dube
Technical Support
Follow me on Twitter

A couple weeks ago a customer reported an issue where, apparently, our NetFlow and sFlow Analyzer was not seeing traffic from Vyatta Core 6. This being the second time the issue is reported to us, I was encouraged to talk about it.

In general, whether it is a collector issue or an exporter issue, from a tech support view point, I would say that the Scrutinizer web interface does a great job signaling what might be preventing proper network traffic analysis. This customer’s Scrutinizer web  interface seemed to be saying: “There are flows coming from Vyatta, but there is nothing to report on”. Whenever he restarted the Netflow collector, everything would work well for a short period of time, then in the Scrutinizer web interface, while the Vyatta widget would  still be green, indicating that it is eventually sending netflow, its interfaces would turn yellow (no data to report for this interface) for a few hours before the collector completely stops.

What we found

His Vyatta was sending NetFlow packets that were not properly constructed. Looking at their content, we found that they did not contain flow information, but packet headers only, which gives Scrutinizer nothing to report on.

Recommendations

Unfortunately I am not a Vyatta expert. If you are experiencing a similar issue, I recommend consulting the Vyatta community, or try other software base routing/firewall systems such as nProbe, pfsense, Quagga,etc. I can’t tell you much about pfsense or Quagga; however, once in a while we get calls from nProbe users, it supports NetFlow and seems to work well for them.

Daniel Senga
Tech Support
Follow me on Twitter

I spent last week at SHARKFEST in Palo Alto, California.  The folks at Cace Technologies did a great job organizing the event.  The kick off presenter was Van Jacobson who was the creator of spiffy utilities like traceroute and tcpdump.  Read more »

Michael Patterson
Scrutinizer Product Manager

Why do you want to know what is going on in the traffic flow of a network?

What’s the point?

Why doesn’t utilization alone cut it?

Network Administrators don’t typically have a lot of time on a day-to-day basis. There is always some fire to fight, some network or user issue that comes up. Most times your juggling more than one issue at a time. So you find yourself spending most of your time trying to keep the network running and the users happy.

A Network Administrator’s abilities are only as good as his awareness of what happens on his network.

Monitoring and maintaining your network traffic and bandwidth utilization used to be an overlooked aspect of your job. But evolution of technology has changed the makeup of networks everywhere and has forced network managers to include Flow analysis and monitoring in their network management strategies.

Network Flow Analysis is the art of studying the traffic on a computer network. It is the  industry-standard method of collecting and recording network traffic. Flow analysis lets you see what types of traffic passed between hosts, without having to reproduce the problem.

Read more »

For those of you that missed Plixer’s recent series of webinars, aimed at getting the most out of NetFlow using their latest and greatest NetFlow and sFlow analyzer, there is still hope. A recording of the webinar has been made available online for your viewing pleasure. Just click the image below to watch this 40 minute presentation.

Michael Patterson, Scrutinizer Product Manager, covered a range of topics in this traffic monitoring centric presentation.

Read more »

Jon Mills
Marketing & Public Relations Manager
Follow Me On Twitter

I wonder how many firewalls (IP Security Appliances) have been sold to date.  Since we have been in business, we have purchased 4. I can’t imagine a company being attached to the internet without one.  

Currently we have both a SonicWALL and a Cisco ASA.   It is great to see that some firewalls such as the Cisco ASA, Fortinet  and Checkpoint are now supporting NetFlow.  Read more »

Michael Patterson
Scrutinizer Product Manager

When you work in the field that I do, sometimes you celebrate events that leave other people scratching their heads wondering what the hype is all about.

A customer of mine and I were recently having a discussion on various devices that supported NetFlow. His Fortinet firewall became part of the discussion, and at the time, I didn’t think it supported any kind of flow export. However, after finishing the conversation and hanging up the phone, he sent me an e-mail with a nice link documenting sFlow configs for the Fortinet firewall. (Special shout out to Steve for the link)

With the release of FortiOS 4.0MR2, you now have the option of enabling sFlow to monitor your traffic stream. If you’d like to know more about sFlow, please refer to the indepth blog entitled:

“What is sFlow? How do I understand it?”.

To setup sFlow:

Read more »