Are you looking for an application that will do your RFC 5103 collecting?  Since Scrutinizer v8 we have supported RFC 5103 via IPFIX. Depending on how the RFC 5103 exporter delivers the IPFIX datagrams, you may need to call us.  Sometimes we have to tweak our IPFIX collector to understand different implementations of the bidirectional exports.  What is IPFIX?  It is the proposed standard for Cisco NetFlow.

In short, a RFC 5103 IPFIX export delivers the octetDeltaCount for a flow in both directions.  This means that a 2nd flow does not need to be generated and exported by the exporter.  See below:

rfc5103 bidirectional Netflow

The octetDeltaCount is the traffic from host A to host B.  The octetDeltaCount_rev is the traffic coming back from host B to host A.  This is very cool and ultimately leads to less exports, less traffic on the network and less overhead for the IPFIX collection server.

The above is very different from how the Cisco ASA exports what it calls bidirectional NetFlow which is not RFC 5103 compliant. We posted a video detailing the differences in the Cisco ASA NetFlow exports. When it comes to firewall exports of NetFlow, I’ll take it regardless of the short comings!

Contact our team if you need to learn more about this technology.  The early implementation of RFC 5103 is another reason why we are one of the leaders in NetFlow Analysis.

Mike Patterson author pic

Michael

Michael is one of the Co-founders and the former product manager for Scrutinizer. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer.

Related

Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply