Blog :: Network Operations :: Security Operations

Ixia IPFIX Reporting and Analysis


Recently, we decided to deploy an Ixia CloudLens instance in our lab to see what we could report on using Ixia’s IPFIX. Once I had Ixia running and sending flows to a lab environment, I was blown away by the level of reporting.

Apps, Devices, and Source Cities, Oh My!

On its own, the Ixia dashboard is quite impressive. Not only is it visually appealing, but it’s quite easy to use. I have to admit, it was fun to click on the world map and be able to see the top countries and the top applications being used. On top of that, you’re able to see top devices by OS such as iPhone, Android, or Windows, and the top browsers being used.

Ixia IPFIX - Dashboard

This is all great information, but what if we could drill into spikes, view a historic trend, and look up destination or source by username and associate it with all of this great information? Well, lucky for us, we have Scrutinizer. Before we jump in to that, however, if you’re interested in checking out Ixia’s CloudLens application you can view that information here.

Ixia and Scrutinizer Powers Combine!

Once I had verified that Scrutinizer was picking up the flows from my Ixia CloudLens install, I jumped in to see what reports we could get. First, I noticed that we have Ixia-specific reports and second, there was more than just what I had seen on the Ixia dashboard. Awesome!

Ixia Layer 7 Reports

I began to play with the different reports and found that I could run a report on an Ixia metric such as source city, filter on a specific city and then run a Scrutinizer destination > username by IP report to see who was reaching out to the city in question. This creates an incredibly powerful network monitor.

Why is this important? This helps us track down any security concerns that may arise quickly and effectively reducing your meantime to know. By being able to view information such as OS Device Name we are able to track BYOD issues then drill in to find the type of device, where it’s located, and possibly who the user is.

One of the reports that I found most fascinating was the L7 Application report. We do some layer 7 application reporting on our own, depending on the device and configuration you’re using, but Ixia was able to identify a whole new library of applications as well as provide latency metrics. While a lot of Ixia’s reports can be seen as security focused, the L7 Application report as well as the App with Latency report can assist in ensuring that your bandwidth is not being over utilized by use of non-business critical applications such as Pandora, Spotify, and Apple Updates.

L7 Application Report

If you already have Ixia and want to download a trial of Scrutinizer you can follow this link to give it a try.