Are you thinking about deploying a NetFlow Analyzer for network traffic analysis? Here are some of the top reasons to collect NetFlow.  If you are in the market for a NetFlow or sFlow reporting tool, this list of 10 reasons should help you with your decision.

1. NetFlow provides amazing network insight on network connections without deploying new hardware.  It leverages existing routers and switches. All you have to do is turn it on and point the flows to the NetFlow or sFlow collector.  Once the interfaces start showing up, you can click away and display high level information such as Top Hosts and Applications or dig in and filter for specific data with packet analyzer like details.

2. High level reports keep big problems obvious, but don’t limit yourself to the top X.  Make sure the NetFlow reporting tool can list all the flows including the raw flows as exported by the hardware.  What’s more, make sure the NetFlow and sFlow Analysis interface provides enough reports so that you can dig into problems and display the data the way you need to.

3. Flow technology provides some of the fastest trouble shooting available in the industry today. Because the architecture generally focuses on centralized collection, access to the data is fast.  It doesn’t involve RDP connections to remote probes.  All the connections in the network are on one page ordered by your preference.

4. Custom filters allow you to narrow in on selected data fast.  Either click to keep narrowing on the data you want or specify filters like you would with a packet analyzer like wireshark. You can also use it for NetFlow billing applications or focusing on traffic from a certain business department or subnet.

5. You can setup threshold alarming based on nearly any configurable traffic pattern.  Once you have the custom filters in place, save it as a report and set a threshold for either too much or too little traffic that matches the filter.

6. Scheduled reports via email keep you in the know.  Does the boss need a particular report every day, week or month?  Setup the report, add any necessary filters and schedule it to get emailed to you and the boss.

7. SFlow and NetFlow Analysis allows IT professionals to clean up and optimize the network infrastructure.  Before you clean up the network there was excessive HTTP traffic, odd traffic patterns and abuse.

8. Do you have VoIP on your network?  Confirm DiffServ domain configurations and QoS policies by displaying DSCP values.  Compare the reports with CBQoS and IP SLA reports. Drill in on a ToS value to see the hosts involved.

9. NetFlow Data storage that allows you to go as far back in time as needed.  If company policies or industry regulations require that you keep the data for a certain amount of time, don’t limit yourself to saving the raw flows for 30 days.  Rather, save them for years if necessary so that you can go back in time and retrieve all of the juicy details.

10. Distributed network monitoring of threats:    While we are collecting all of these flows from thousands of interfaces, it make sense to constantly look for network scans, DDoS attacks, internet threats, etc.  Alarms can trigger events that make access list changes or firewall policy modifications.

So there you have it.  On ten reasons that can help you decide or convince your boss to take sFlow and NetFlow traffic analysis into serious consideration. We hope you choose our NetFlow Analyzer.

Mike Patterson author pic


Michael is one of the Co-founders and the former product manager for Scrutinizer. He enjoys many outdoor winter sports and often takes videos when he is snowmobiling, ice fishing or sledding with his kids. Cold weather and lots of snow make the best winters as far as he is concerned. Prior to starting Somix and Plixer, Mike worked in technical support at Cabletron Systems, acquired his Novell CNE and then moved to the training department for a few years. While in training he finished his Masters in Computer Information Systems from Southern New Hampshire University and then left technical training to pursue a new skill set in Professional Services. In 1998 he left the 'Tron' to start Somix which later became Plixer.


Leave a Reply