It’s great to see another company support IPFIX; the newest company is Citrix. IPFIX is the proposed standard for NetFlow and SonicWALL, nProbe and Plixer have all released products supporting IPFIX. I’m sure more are in the works as companies realize that network traffic monitoring is a key part in LAN/WAN administration.

AppFlowTM (IPFIX) exported by the NetScaler

Citrix® NetScaler® is a web application delivery solution that makes applications five times better by accelerating performance, ensuring that applications are always available and protected, and substantially lowering costs.

<<< Below is copied from the Citrix NetScaler Release Notes >>>

Enhanced Application Visibility Using AppFlow (nCore and nCore VPX only) The Citrix® NetScaler® appliance is a central point of control for all application traffic in the data center. It collects flow and user-session level information valuable for application performance monitoring, analytics, and business intelligence applications. AppFlow transmits this information by using the Internet Protocol Flow Information eXport (IPFIX) format, which is an open Internet Engineering Task Force (IETF) standard defined in RFC 5101. IPFIX (the standardized version of Cisco’s NetFlow) is widely used to monitor network flow information. AppFlow defines new “Information Elements” to represent application-level information.

Using UDP as the transport protocol, AppFlow transmits the collected data, called flow records, to one or more IPv4 collectors. The collectors aggregate the flow records and generate real-time or historical reports.

AppFlow provides visibility at the transaction level for HTTP, SSL, TCP, and SSL_TCP flows. You can sample and filter the flow types that you want to monitor.

To limit the types of flows to monitor, by sampling and filtering the application traffic, you can enable AppFlow for a virtual server. AppFlow can also provide statistics for the virtual server. You can also enable AppFlow for a specific service, representing an application server, and monitor the traffic to that application server.

<<< END COPY >>>

Don’t be confused by AppFlow.  This is a Citrix marketing term for IPFIX and the Information Elements offer greater insight beyond traditional NetFlow v5 exports. Juniper has JFlow and 3Com has NetStream, but it’s all NetFlow or IPFIX.

We have had a couple of customers test our IPFIX reporting software’s ability to collect and report on this new Citrix IPFIX export and it appears to work fine.  We are now studying their new Information Elements mentioned above and trying to determine what new reports we need to deliver.  More testing is needed.  Contact our team if your company needs IPFIX consulting or help with exporting NetFlow.

Mike Patterson author pic

Michael

Michael is one of the Co-founders and the former product manager for Scrutinizer. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer.

Related

Big Data

Sankey Flow Graph

One of the greatest benefits of NetFlow collection for traffic analysis, is we’re provided with the ability to visualize the…

Leave a Reply