I have recently had a number of customers ask me about Procera’s IPFIX support, and how to get flow monitoring configured so that they can get visibility into the traffic traversing their Procera Packetlogic systems.
Procera’s PacketLogic identification engine uses Deep Flow Inspection (DFI) to learn and identify a number of different network traffic properties. A network administrator who uses NetFlow/IPFIX to monitor the network benefits greatly from this inspection process because the network conversations seen by the Packetlogic, and the applications contained within that traffic, are managed as flows. So any PacketLogic system capable of storing flow statistics can also be configured to export those same flows as IPFIX records to a collector.
Based on information provided by the identification engine and the subsequent IPFIX export to an advanced collector, an administrator can analyze network traffic in many ways to achieve their monitoring objectives:
- Network Threat detection – Identify traffic patterns that may point out possible cyber attacks and bandwidth hogs
- Filter hazardous and unwanted traffic based on Layer 7 properties
- Gain visibility into and limit non-prioritized traffic, e.g. P2P, to guarantee quality (QoS) for crucial applications
- Report bandwidth utilization and traffic trends to balance traffic workload between users
- Network forensics and incident response
Below is a partial list of the extensive reporting we now have support for when receiving their export:
Having accurate traffic information is necessary to make decisions on how to manage your traffic as well as network threat detection and incident response. Using IPFIX flow exports, traffic can be disseminated and presented at various levels of detail. By taking advantage of the IPFIX flow exports, PacketLogic completes the puzzle you have concerning your entire network.
Efficient traffic management requires usable and relevant information. The IPFIX flow export enables you to look back in time and follow-up on trends. With IPFIX, the flow information is collected all of the time, and the report visibility and traffic filtering is a few mouse clicks away.
Collecting IPFIX provides an efficient means to identify inappropriate behavior, problems and discrepancies. The ability to drill down to specifics makes incident response using IPFIX an invaluable tool for charting the health of your network.
The Procera system where the IPFIX daemon is configured will connect to the configured PacketLogic systems to receive flow connection data. From this the IPFIX daemon builds IPFIX records which are exported (sent) to the configured collector(s).
Configuration is done in the CLI.
From the Configuration Menu select option (4) System Administration
From the System Administration Menu select option (10) Statistics
From the Statistics Menu select option (2) – IPFIX Daemon
From within the IPFIX daemon menu we will configure any gatherers (the IPFIX daemon component that connects to PacketLogic systems), and the collectors that you are going to export IPFIX flows to.
As mentioned above, network traffic monitoring using flow technologies to monitor communication behaviors, maintaining baselines, and detecting advanced persistent threats is becoming more relevant.
Flow data is incredibly efficient to transmit and store. Network flows can be enabled anywhere you have a router, switch, or firewall, and the best part is that you don’t need to deploy hardware via a SPAN or tap. NetFlow and IPFIX are built in. It’s already there just waiting for you to turn it on.
As a network forensics and incident response system, IPFIX flow exports give administrators access to all of the conversations traversing the network. When security professionals need to go back in time and view a communication pattern, they can find the flows that contain the conversations that they want to investigate.
Are you ready to add this type of network application visibility and reporting to your monitoring solution? Give us a call and we’ll help you get IPFIX configured on your Procera Packetlogic devices.