Emulex has announced a new data capture appliance: the EndaceFlow 3040. This NetFlow generator appliance boasts an impressive array of features and supports all major versions of NetFlow: v5, v9, and IPFIX. This is great news for administrators looking to incorporate a NetFlow Generator into their environment as having this sort of monitoring power provides security teams with greater, more detailed insight and the ability to serve up faster incident response times. Combining the Endace Neflow Generator with our Incident Response System provides a reliable solution when investigating suspicious traffic patterns.
NetFlow Hardware
The EndaceFlow 3040 NetFlow Generator has four 10 Gigabit Ethernet ports, 160GB of local storage, 650W redundant power supplies, and a Max throughput of 30 Gbps. Using a Network Packet Broker, multiple network links can be aggregated and fed into the monitoring ports. The EndaceFlow 3040 NetFlow Generator can also be configured to forward NetFlow records over the management LAN or over the standard network as a UDP feed.
All this power and network insight is contained in a single rack unit. Not only are you adding unsurpassed Emulex IPFIX monitoring to your network, you’re not taking up valuable space in your server racks to get it.
Advanced Hash Load Balancing
The Emulex NetFlow generator uses Advanced Hash Load Balancing or HLB to prevent collector overflow. This eases the burden on collectors in a high flow volume environment by rotating the NetFlow exports through a distributed network of collectors. Think of it as a “round robin” flow export ensuring that no single collector becomes overloaded.
Template-based Flow records
NetFlow v5 only supports IPv4. In order to support IPv6, Endace NetFlow generators were engineered to support NetFlow v9 and Internet Protocol Flow Information Export (IPFIX). IPFIX is the standards-based approach for IP Flow information and translates monitored traffic into template-based flow records.Templates describe the information elements contained in an IP Flow record and Endace NetFlow Generators assign a unique ID to each template. This appliance supports a broad range of fields with 46 in NetFlow v9 and 133 in IPFIX. All of which can be reported on by our Incident Response System.
Autonomous System Support
The EndaceFlow 3040 also features Autonomous System (AS) support. This feature allows for reporting on geographical location data and other information about IP addresses.
Combine these features with the already substantial information found in traditional flow data and you’ve got near packet-level analytics across your network by simply adding one device.
Software Vs. Hardware Flow Support
Hardware based NetFlow probes have come a long way in recent years. Traditionally, software probes were thought to provide greater detail than their hardware counterparts. With support for over 133 IPFIX fields, the Emulex EndaceFlow 3040 shatters this misconception and provides an export that rivals many software based flow exports. So if you’re looking to shorten your incident-response time and bring your network monitoring capabilities to the next level without taking a hit on hardware performance, consider an Emulex NetFlow generator.
If you have questions on incorporating the EndaceFlow or any other NetFlow generator into our system, please contact us.