Talari NetFlow Support has been available since their APN 2.5 release through their current release of APN 4.0 (May 2014). Recently, a customer I was working with had questions on the Talari device and how well it supported NetFlow. This peaked my interest as this was the first time seeing Talari NetFlow in the field! In this blog I will take a look at how you configure the Talari NetFlow export and the differences from other WAN Optimization NetFlow Exports!
First, a little background on Talari before we get started on the NetFlow! They provide appliances, as seen in Figure 1, that improve WAN connections by both load balancing and providing redundancy controllers. They also have an interface that allows the monitoring of both the network and application performance on the links they connect.
Talari NetFlow Configuration
The configuration process is available in Talari’s Adaptive Private Networking Appliance Operation Guide for APNware Release 2.5. The first step for setting up NetFlow, after logging into the Talari Appliance, is to click the “Integrate” tab as shown in Figure 2.Once you have the dropdown menu, click “NetFlow Host Settings.” The following options will become available:It is a very straight forward configuration. Check off the “Enable NetFlow” checkbox, type in the IP address of the NetFlow collector, and finally the UDP port the flows will be sent on. You do not have to configure any interfaces – the options are just on/off.
Talari NetFlow Export
When NetFlow is that easy to configure, in my experience and to give it a Cisco twist, it is not very flexible. In figure 4, you can see a portion of the flow export from the Talari Device. The column that I wanted to point out is TCP Control Bits.
This means they are not following the internet standard for NetFlow exports based on RFC 7011 which has element ID 6 for tcpControlBits (IANA). Without TCP Flags, calculating round trip time (RTT), latency, jitter, and other performance metrics in the flow data will not be possible. Vendors like Riverbed, Exinda, Bluecoat, and others are exporting this type of information. From the security side, without TCP flags, the NetFlow collector cannot determine if there are FIN, ACK/RST, or SYN scans occurring. With that being said, it doesn’t hurt to have another metering location on the network if it’s available. Just do not expect to see detailed information that you would see from other NetFlow/IPFIX exporting vendors.
What is next for Talari NetFlow Support?
It is great to see vendors exporting NetFlow, even if it is basic NetFlow v5. Hopefully in the future they will export IPFIX. If you were looking for more than the basics in your NetFlow exports, check out both this page on performance metering with NetFlow and this whitepaper on Measuring Latency Using NetFlow. If you have any questions on setting up your NetFlow exports or the information that is being collected, feel free to comment below or reach out to the Plixer Support Team at 207-324-8805 x4