What’s so Flexible about Flexible NetFlow?
Flexible NetFlow is basically an extension of NetFlow v9.   Cisco believes that Flexible NetFlow provides enhanced optimization, reduces costs and improves capacity planning and security detection beyond traditional flow technologies.  I understand this is pretty vague so, lets dig a little deeper.

Note:  You should read up on Successful ways to use NetFlow before reading this blog series.

The Key Advantages of using Flexible NetFlow:

  • A) User configurable ability to monitor a wider range of packet information which produces new information about network behavior: In other words, we can specify exactly what we want to capture in data link layer packets.  Imagine any offset in the IP traffic can be monitored, captured and exported to the collector.  This is useful if you are trouble shooting and looking for very specific information that isn’t exported in traditional NetFlow.
  • B) Enhanced network anomaly and security detection: Basically, Flexible NetFlow can monitor more deeply inside packets.   Cisco may even have plans to place IDS like capabilities inside each router and then export the packets to the collector or even take action at the router based on a pattern match.  This supports our white paper “Network Behavior Analysis: Best Approached at the Switch?
  • C) Convergence of multiple accounting technologies into a single mechanism: This is basically reinforcing the above feature of collecting on any specific information but, using it for different purposes.  For example, maybe the NetFlow volume is so high that you have to use sampling.  This could throw a wrench into your accounting and billing plans as they likely won’t be accurate without 100% traditional NetFlow capture. Flexible NetFlow allows you to have a sampling export as well as other exports specific to traffic type occurring simultaneously.

It is ‘Flexible’ NetFlow because you can match on just about anything and export it on demand.   In the next blog “Flexible NetFlow Generates Cash?” I will discuss the 3 different Flexible NetFlow cache configurations.

Michael

Michael

Michael is the Co-Founder and the product manager for Scrutinizer Incident Response System. He can be reached most hours of the day between work and home. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer. Feel free to email him.

Related