Talari NetFlow Support has been available since their APN 2.5 release through their current release of APN 4.0 (May 2014).  Recently, a customer I was working with had questions on the Talari device and how well it supported NetFlow.  This peaked my interest as this was the first time seeing Talari NetFlow in the field!  In this blog I will take a look at how you configure the Talari NetFlow export and the differences from other WAN Optimization NetFlow Exports!

Talari Networks
Figure 1: Talari Networks Appliances [Source]

First, a little background on Talari before we get started on the NetFlow!  They provide appliances, as seen in Figure 1, that improve WAN connections by both load balancing and providing redundancy controllers.  They also have an interface that allows the monitoring of both the network and application performance on the links they connect.

Talari NetFlow Configuration

The configuration process is available in Talari’s Adaptive Private Networking Appliance Operation Guide for APNware Release 2.5.  The first step for setting up NetFlow, after logging into the Talari Appliance, is to click the “Integrate” tab as shown in Figure 2.

Talari Netflow Configuration
Figure 2: Integrate NetFlow [Source]
Once you have the dropdown menu, click “NetFlow Host Settings.”  The following options will become available:

Tarlari NetFlow Support
Figure 3: Configuring NetFlow Host Settings [Source]
It is a very straight forward configuration.  Check off the “Enable NetFlow” checkbox, type in the IP address of the NetFlow collector, and finally the UDP port the flows will be sent on.  You do not have to configure any interfaces – the options are just on/off.

Talari NetFlow Export

When NetFlow is that easy to configure, in my experience and to give it a Cisco twist, it is not very flexible.  In figure 4, you can see a portion of the flow export from the Talari Device.  The column that I wanted to point out is TCP Control Bits.

Talari Netflow Export
Figure 4: Data from Talari NetFlow Export

This means they are not following the internet standard for NetFlow exports based on RFC 7011 which has element ID 6 for tcpControlBits (IANA).  Without TCP Flags, calculating round trip time (RTT), latency, jitter, and other performance metrics in the flow data will not be possible.  Vendors like Riverbed, Exinda, Bluecoat, and others are exporting this type of information.  From the security side, without TCP flags, the NetFlow collector cannot determine if there are FIN, ACK/RST, or SYN scans occurring.  With that being said, it doesn’t hurt to have another metering location on the network if it’s available.  Just do not expect to see detailed information that you would see from other NetFlow/IPFIX exporting vendors.

What is next for Talari NetFlow Support?

It is great to see vendors exporting NetFlow, even if it is basic NetFlow v5.  Hopefully in the future they will export IPFIX.  If you were looking for more than the basics in your NetFlow exports, check out both this page on performance metering with NetFlow and this whitepaper on Measuring Latency Using NetFlow.  If you have any questions on setting up your NetFlow exports or the information that is being collected, feel free to comment below or reach out to the Plixer Support Team at 207-324-8805 x4

Austin Brooks

Austin Brooks

Austin is a QA Engineer in the R&D department at Plixer. He works on new report types and aids the front end team with changes to the user interface of Scrutinizer. He has worked in Tech Support as well as a Solutions Engineer for the sales team at Plixer before his move to Development. Austin graduated from UNH’s WSBE with a degree in International Business and speaks a bit of German. Outside of work, Austin spends his time honing his coding skills and does website design for friends and family. He enjoys skiing, hockey, playing and writing music as well as traveling to different countries.

Related