After several requests for Aruba NetFlow support dating back to as far as 2012, Aruba IPFIX support is coming soon. We tested their flow export and found no problems with several dozen reports we have written that support other vendors as well. IPFIX is the official standard for all flow technologies which includes NetFlow and sFlow.
According to Aruba, their Mobility-Defined Networks automate infrastructure-wide performance optimization and trigger security actions that use to require manual IT intervention. Mobility-Defined Networks ‘#GenMobile’ control the dynamic mobility environment by correlating real-time data about users, devices, apps and location. Self-healing and self-optimization functions dramatically reduce helpdesk tickets and protect enterprise data.
Their security is based on 802.11n and 802.11ac standards and their Mobility Controllers support a variety of ArubaOS software modules, including the Policy Enforcement Firewall™ with AppRF technology, RFProtect™ with Spectrum Analysis and Wireless Intrusion Protection, and Advanced Cryptography with military-grade Suite B encryption. Because they engineered in the processing power to handle deep packet inspection, we expected layer 7 details in the Aruba IPFIX support similar to Cisco’s NBAR technology but, it was absent. NBAR provides details on applications such as Skype, Linkedin, Webex, Citrix, Twitter, Facebook and over a thousand others. However, unlike Cisco, they do export the destination IP address which continues to be requested by Cisco customers.
Employees using corporate bandwidth with personal phones (BYOD Monitoring) can bring big concerns when it comes to network traffic monitoring:
- How much bandwidth are all these additional devices collectively using?
- What applications and web sites are users hitting and how often?
- What are the security implications introduced by allowing these devices onto the net?
Testing the new Aruba IPFIX support was a snap. We replayed the capture they gave us and everything worked without issue. We anticipate that their customer base with be very excited with these new details. Because they adhered to the standard, we can correlate the data with NetFlow, sFlow and IPFIX exports from other vendors and trace device connections end to end. We hope that as their export evolves, they will include more details such layer 7 application or possibly some of the advanced metrics that we have observed in Cisco AVC and Dell SonicWALL. Those details include round trip time, retransmitted packets, HTTP host and SSL certificate decryption to determine application. , VoIP details on packet loss, codec, caller ID, jitter, MOS, etc. would also be helpful. Contact Aruba to find out if this is on their road map. Here is an example of their new export that we tested.
Also, since users and devices are authenticated and assigned a unique role by the Aruba Mobility Controller, our NetFlow and IPFIX reporting system can correlate IP addresses to username in the reporting. This can be done with Microsoft Active directory and other 3rd party authentication systems including Cisco ISE. Give us a call and we’ll help you set up an evaluation.