Blog :: General

2014 and 2015 NetFlow and IPFIX Predictions

One of the most fun yet scariest parts of being an entrepreneur is making predictions.  If your forecast is correct, hopefully it will be good for your company.  If you are wrong, you hope no one notices.  In 2009 I posted a blog titled OMG, the Internet is overloaded! where I discussed application recognition and its importance in the role of prioritizing traffic.  In the post I stated “Due to the fact that many applications use the same ports, application recognition is no simple process (e.g. Skype ‘VoIP’ looks like BitTorrent ‘data’).  My guess is that accurate application awareness is a highly dynamic problem necessitating frequent updates.”  Today, several vendors now perform Deep Packet Inspection (DPI) to monitor a series of packets to identify layer 7 applications. Cisco Application Visibility and Control uses NBAR to serve just this purpose. Below I’ve listed a few companies that utilize DPI to identify layer 3 applications:

  • Dell SonicWALL
  • Palo Alto Networks
  • nBox

DPIs role in NetFlow and IPFIX will continue to grow.  According to the Cisco® Visual Networking Index Global Mobile Data Traffic Forecast for 2012 to 2017, worldwide mobile data traffic will increase 13-fold over the next four years.  Voice, video, gaming, and cloud computing are some of the big drivers and the hardware platform of choice is the mobile phone.  NetFlow and especially IPFIX will continue to be utilized to export metrics that help companies properly identify and troubleshoot applications that deliver these services. We continue to see more vendors export layer 7 details related to round trip time, jitter, packet loss, retransmits, URLs.  These new metrics deliver details on just about any TCP or UDP application regardless of hardware.

Mobile phone users like Network Administrators are concerned about two things when it comes to end user experience:

  • the amount of bandwidth consumed
  • the performance, speed or latency of the application which depends on ample bandwidth

Today, both of the above can be monitored with the nBox or the new Cisco Application Visibility and Control Flexible NetFlow exports.  Below is an nBox example:

nBox Reporting

In 2011 I wrote a follow up blog to the 2009 post titled OMG, the Internet isn’t overloaded yet! and in it I stated “I think DSCP is how many of us will see our connections to the internet improve.” I think everyone saw this coming however, today it is more true than ever.  Watch layer 7 recognition of applications and prioritization based on DSCP become more enforced by hardware in the next two years.  I know of three major vendors that already support it.

My second prediction back in 2011 was “I’m placing my bet on the idea that consumption behaviors will change and the key reason is cost.”  I still believe this will happen but, it has been slow to take hold in the USA.  In other countries, homes and businesses are being billed based on bandwidth consumed.  10/13/2013 update: This has been slow to occur in the USA with most cable companies but, the Dish network has implemented it.

Dish Network pay for bandwidth used

In December of 2011, Plixer went on the record and made three predictions for leveraging NetFlow and IPFIX:

  1. Application-Aware NetFlow and IPFIX Hardware Catches On
  2. BYOD Spells “Trouble”
  3. Internal Corporate Network Threats Will Grow

The above are certainly still major concerns today and NetFlow and IPFIX are the ideal technologies for monitoring and investigating all three.  Being a leader in NetFlow and IPFIX means that we will continue stay focused and deliver the best NetFlow solution on the market.

Since, I only post this blog every two years, I decided to work with my team to try and make a prediction about Software Defined Networks. Although we agree with Nav Chander from IDC that Software Defined Networks are going to be implemented, we think deployment of them will be slow.

IDC believes that the rapid global growth of data and video traffic across all networks, the increasing use of public and private cloud services, and the desire from consumers and enterprises for faster, more agile service and application delivery are driving the telecom markets toward an inevitable era of network virtualization,” said Nav Chander, Research Manager, Telecom Services and Network Infrastructure, IDC.

Software Defined Networks

SDN and large-scale network virtualization will become a game shifter, providing important building blocks for delivering future enterprise and hybrid, private, and public cloud services.

How flow technology will play a role in SDNs probably won’t change much.  I do however anticipate that they will export richer contextual details that allow us to improve overall enterprise situational awareness.  Expect more vendors to follow the nBox and Cisco lead.  Network Administrators want layer 7 details in their flow exports and they also want the username.