Apparently the Cisco ASA is becoming a popular appliance for securing today’s businesses from the uglies that plague the Internet.  More specifically, the ASA running v8.2.1 or newer exports Flexible NetFlow (a variant of NetFlow v9). Why is this so cool?

The Key Advantages of using Flexible NetFlow on Routers:

A) User configurable ability to monitor a wider range of packet information which produces new information about network behavior: In other words, we can specify exactly what we want.  This is useful if you are trouble shooting and looking for very specific information that isn’t exported in traditional NetFlow (e.g. MAC addresses, VLAN IDs, NBAR, etc.).

B) Enhanced network anomaly and security detection: Basically, Flexible NetFlow can monitor more deeply inside packets.  What could these mean to the market for NBAD solutions?

C) Convergence of multiple accounting technologies into a single mechanism: This is basically reinforcing the above feature of collecting on any specific information but, using it for different purposes.  For example, maybe the NetFlow volume is so high that you have to use sampling.  This could throw a wrench into your accounting and billing plans as they likely won’t be accurate without 100% traditional NetFlow capture. Flexible NetFlow allows you to have a sampling export as well as other exports specific to traffic type (e.g. IP subnet) occurring simultaneously.

Using a free tool like Scrutinizer NetFlow Analyzer you can see the NetFlow coming in as well as the different templates shown below:

asdmNetflow4

In the above screen capture, clicking on the interfaces at the top provides reports across all templates.

fnfBlog

“The ASA exports bidirectional NetFlow which basically means that the data in both directions of a flow is summarized in a single flow export. This makes it interesting when trying to determine which direction the most data was transmitted.”  Marc Bilodeau – CTO of Plixer International

“The most popular question to date related to this topic has been How to setup NetFlow on the Cisco ASA. Thankfully, the GUI makes configuration of Flexible NetFlow on the appliance fairly easy. Now we are working with new features available via Flexible NetFlow and setting this up via the CLI takes a much deeper understanding than NetFlow v5.”

What do you think
Are you looking to take advantage of Flexible NetFlow?

Scott Robertson author pic

Scott

Scott provides Pre Sales Technical Support to the Sales team at Plixer. Scott comes from a technical support background, having years of experience doing everything from customer account management to system programming. Some of his interests include coaching youth sports programs here in Sanford, playing drums and guitar in local jam bands, and playing in neighborhood lawn dart tournaments.

Related

Leave a Reply