If you are looking for a NetFlow generator, Cisco’s NGA offers NetFlow reporting with NBAR and more.
Next Generation NetFlow Probes
Next generation NetFlow probes allow for advanced traffic analysis from areas of your network that don’t have the required hardware to export NetFlow data, or the visibility that you need is limited because only sampled flow exports are available.
From a security standpoint, having probes exporting flows representing all of the conversations traversing devices on the network allows security administrators to gain visibility into traffic streams that they may not have otherwise had.
Report and filtering access into suspect conversations and odd behaviors allow security administrators to easily identify possible infections. Having access to all of the traffic data makes it so security professionals can forensically view any communication pattern. They are able to narrow in and find the flows that contain the traffic that they want to investigate.
Next generation NetFlow probes like Cisco’s NGA and Plixer’s FlowPro, have come a long way when it comes to the reporting they make available. It is no longer about reporting on just the top bandwidth hogs. Using deep packet inspection (DPI) the NetFlow export provides advanced traffic analysis by reporting on data such as Client latency, Server latency, Application latency and HTTP URLs.
Cisco NGA is a high-performance next generation NetFlow probe solution offering flow visibility in high throughput Gigabit Ethernet networks typical in most data centers and campus core deployments. The appliances can be deployed at key observation places such as the server access layer, fabric path domains, and Internet exchange points. The NGA NetFlow reporting visibility gained can be dramatically increased when the Cisco NGA is connected to multiple network devices to analyze flows hop by hop, and is essential for security, capacity planning, and troubleshooting.
The Cisco NGA next generation NetFlow probe uses NBAR to recognize applications on the basis of port, port ranges, and built-in heuristics. Using the NetFlow export of NBAR application data, enhanced application recognition and layer 7 application reporting is possible from points on the network that may have previously had limited or no visibility.
Another cool Cisco NGA reporting feature uses flow collection to do MPLS Label Stack reporting.
In an MPLS network, each packet is encapsulated with an MPLS header. When a router receives the packet, it copies the header as an index into a separate MPLS forwarding table. As each packet transits through the network, every router along the way performs a lookup on the MPLS label and forwards the packet accordingly.
Using the flow exports from the NGA, we are able to use the NGA Netflow reporting to gain visibility and report trending on the mpls label stack section, as well as the network encapsulation types.
The encapsulation types are listed below:
- encapsulation IP (standard IPv4 packet)
- IPv6 (standard IP v6 packet)
- IPIP4
- GREIP
- IPESP Part of IPSEC
- GTP
- IPIP6
Do you have blind spots in your network because the devices don’t support NetFlow or your only flow option is to sample? Let us show you how you can benefit from Cisco NGA NetFlow reporting.